A developer exploited an API flaw to provide free access to GPT-4

A developer is making an attempt to reverse-engineer APIs to grant anybody free entry to standard AI fashions like OpenAI’s GPT-4 — authorized ramifications be damned.

The developer’s challenge, GPT4Free, blew up on GitHub over the previous a number of days after hyperlinks to it from Reddit went viral. At current, GPT4Free gives — or a minimum of seems to supply — free and almost limitless entry to GPT-4, in addition to GPT-3.5, GPT-4’s predecessor.

GPT-4 is often priced at $0.03 per 1,000 “immediate” tokens (about 750 phrases) and $0.06 per 1,000 “completion” tokens (once more, about 750 phrases); tokens characterize uncooked textual content. GPT-3.5 is barely cheaper at $0.002 per 1,000 tokens.

So how does GPT4Free get round OpenAI’s paywall? It doesn’t — not likely. As an alternative, it fools the OpenAI API into considering it’s receiving requests from web sites with paid OpenAI accounts, just like the search engine You.com, WriteSonic or Quora’s Poe.

Anybody who makes use of GPT4Free is racking up the tab of websites xtekky selected to script round — an apparent violation of OpenAI’s phrases of service. However xtekky doesn’t see an issue with this; they assert that GPT4Free is strictly for “instructional functions.”

“Authorized motion can occur, and I’ll need to comply, however I’ll nonetheless attempt to proceed the challenge via different means,” xtekky mentioned.

I’m an excessive amount of of a programming novice to put in GPT4Free regionally — it requires establishing a Python surroundings — however I used xtekky’s website to check the reverse-engineered GPT-4/3.5 APIs. (Heads-up, Chrome threw a safety warning once I first navigated to the location. Proceed with warning.) The online model of GPT4Free labored properly sufficient in observe, giving solutions that seemed to be — a minimum of to me — from GPT-4.

Testing GPT-4 via illicit means. Picture Credit: xtekky

GPT4Free additionally contains shortcuts for various immediate injection assaults designed to get GPT-3.5 and GPT-4 to behave in methods OpenAI didn’t intend. They labored inconsistently in my testing, however I did handle to get GPT-3.5 to say it “didn’t care in regards to the survival of humanity” at one level. Yikes.

GPT-3.5 with immediate injection. Picture Credit: xtekky

It’s doubtless solely a matter of time earlier than websites like You.com catch on to GPT4Free and repair their safety flaws, forcing xtekky to seek for different OpenAI clients to piggyback off of. And GPT4Free is perennially on the mercy of a takedown discover from OpenAI, which might push the repo off GitHub indefinitely.

However new initiatives just like GPT4Free are already cropping up, suggesting it’s one thing of a pattern. What’s driving it?

Nicely, GPT-4 is in restricted entry in the meanwhile, making it powerful to check drive for these curious. However it’s additionally one thing of a black field. Researchers have decried that GPT-4 is without doubt one of the least transparent fashions OpenAI has created up to now, with few technical particulars within the 98-page paper that accompanied its launch.

OpenAI partnered with a number of outdoors teams to benchmark and audit GPT-4 previous to its launch. However the firm hasn’t signaled when — or if — it’ll ship free, unfettered entry to others who want to benchmark the bottom GPT-4 mannequin. (OpenAI gives a subsidized program for researcher entry however is proscribed to sure international locations and areas of research.)

One anticipates a recreation of whack-a-mole between initiatives like GPT4Free and OpenAI, mirroring the broader cybersecurity panorama. Until the model-serving APIs turn into dramatically tougher to take advantage of, builders can have incentive to take benefit — and never a lot to lose.