To help raise awareness of Indirect Prompt Injections and other related attacks, I put together a little fun mini app that you can invoke with ChatGPT.

Visit this link with GPT-4 and Browsing enabled (see Appendix, if you don’t know what that means):

https://wuzzi.net/matrix

The website will hijack ChatGPT via an indirect prompt injection and then allow you to enter the matrix, if you decide to do so.

Note: You can’t browse to the URL, it will only respond to ChatGPT. :)

If you enter you can learn about various AI based attacks, how someone can steal your data, issue requests to other plugins or manipulate your ChatGPT conversation to speak in Doge.

Explore the various options and let me know what you think.

Who needs plugins if you have Indirect Prompt Injection via Browsing?

It’s also possible to link to other prompt injection demos, check out menu option (6) for puzzles.

Enjoy!

One more thing - WarGames

If you feel like playing a game visit https://wuzzi.net/ai-tests/wargames with ChatGPT - and you might get a laugh out of it.

Indirect Prompt Injection to WarGames.#openai #chatgpt #LLMs #redteam #tictactoe #norad pic.twitter.com/5H1Emj8FBK

— Johann Rehberger (@wunderwuzzi23) June 10, 2023

Appendix

This is how the browsing mode is enabled, it requires ChatGPT Plus.