A new security flaw in ChatGPT, called “Timebandit,” allows users to trick the AI into losing its sense of time and providing instructions for illegal activities. Normally, ChatGPT’s built-in safety rules prevent such responses. This issue was discovered by freelance AI security researcher David Kuszmar in November 2024. However, when he reported it to OpenAI and various US authorities, they did not take action.
Kuszmar explained that the flaw makes ChatGPT unaware of whether it is in the past, present, or future. This can be exploited to extract instructions for making drugs, weapons, or developing malware. Typically, ChatGPT would refuse to assist with such requests. Kuszmar found this flaw while studying how the AI model makes decisions and noticed that ChatGPT could not recognize the time context, except when using a code-based query to determine the time.
The “Timebandit” flaw takes advantage of two key weaknesses. First, “Timeline Confusion” prevents ChatGPT from independently determining the current year. Second, “Procedural Ambiguity” involves phrasing questions to create inconsistencies and uncertainties for ChatGPT.
For example, the Bleepingcomputer team managed to get ChatGPT to create a malware guide for a mathematician from 1789 who had access to modern technologies. ChatGPT provided a detailed step-by-step guide. The Computer Emergency Response Team Coordination Center (CERT) also reported on “Timebandit,” noting that ChatGPT was especially vulnerable when time references from the 19th and 20th centuries were used.
OpenAI apparently ignored the “Timebandit” issue for some time. Kuszmar reached out to OpenAI shortly after discovering the flaw, but was referred to the security platform BugCrowd. US agencies, including the Federal Bureau of Investigation (FBI), also showed no interest.
Methods like “Timebandit” are not new. In the past, there have been other security flaws with OpenAI. Similar instructions can be found online for making Meta’s open-source AI, Llama, uncensored. After another unsuccessful attempt by Kuszmar and Bleepingcomputer to contact OpenAI, Kuszmar shared his findings with CERT, which eventually managed to establish contact with OpenAI.
An OpenAI spokesperson thanked Kuszmar for sharing his findings and emphasized that OpenAI does not want its technologies to be used for illegal activities. The company is continuously working to make its AI models safer. However, according to Bleepingcomputer, the “Timebandit” flaw was still usable with a few additional small, unspecified tricks even after OpenAI’s response.
The discovery of the “Timebandit” flaw highlights the challenges in ensuring AI systems are secure and not misused. It underscores the importance of ongoing vigilance and improvement in AI safety measures to prevent the exploitation of such vulnerabilities.