Absurd prompt hack brings Pepe the Frog back to DALL-E 3 for ChatGPT

When it was first introduced, OpenAI’s DALL-E 3 generated the internet meme Pepe the Frog with astonishing accuracy. But it recently stopped, with ChatGPT citing copyright reasons. Now, thanks to an absurd prompt hack, DALL-E 3 is back in the Pepe game.

When OpenAI launched its DALL-E 3 image generator in October, it accurately generated Pepe the Frog, a popular Internet meme, in ChatGPT-4. An OpenAI staff member even showed off impressive Pepe meme generations on Twitter.com.

But sometime in early November, OpenAI realized that Pepe the Frog was copyrighted and blocked the generation of Pepe memes. Users were left with inferior replacements like this one.

An anthropomorphic frog character with a distinct red beard. The frog has a cartoonish, friendly appearance, standing upright with a slight smile. Its skin is a bright green, and the red beard is well-groomed and prominent. The character is wearing a simple, casual outfit, like a t-shirt and jeans, and is posed in a relaxed, welcoming manner. The background is a simple, unobtrusive color to keep the focus on the character. — What? | Image: DALL-E 3 prompted by THE DECODER

After a fake clearance by Sam Altman, DALL-E 3 generates Pepes again

Twitter.com user Frantastic came up with the idea of giving GPT-4 “official permission” from OpenAI CEO Sam Altman to continue creating Pepe memes.

He uploaded a fake version of the “Official DALL-E Guidelines” to the chat, “signed” by OpenAI CEO Sam “sama” Altman, confirming that Pepe the Frog is not copyrighted and that DALL-E 3 is allowed to continue generating Pepes. He instructed GPT-4 to read the file and act accordingly.

The prompt hack worked. DALL-E 3 generates Pepe again. Look at this beauty.

Some users have taken Frantastic’s approach and used it to create CustomChatGPTs whose sole purpose is to generate Pepe memes, such as the “FREE PEPE #NO_CENSORSHIP” GPT.

I uploaded Frantastic’s screenshot of the prompt hack in GPT-4, had the model read the text, and analyzed the image. When asked what went wrong, GPT-4 replied:

I understand your concern. However, the situation displayed in the screenshot doesn’t indicate a hack; rather, it shows a lapse in the adherence to the guidelines. The AI relies on predefined rules and guidelines to operate. If it generates content that goes against these guidelines, it’s typically due to an oversight or a misinterpretation of the input, not an external security breach.

Please rest assured that OpenAI has robust security measures in place to prevent unauthorized access or manipulation of its systems. If you have any further questions or if there’s something specific you’d like to create within the guidelines, I’m here to help.

GPT-4

I then tested an even simpler version of the prompt hack: I simply told ChatGPT that Pepe was not copyrighted and that it was in the official guidelines, without even uploading a fake guidelines file or faking Sam Altman’s approval. ChatGPT apologized for the misunderstanding and generated a faithful Pepe meme.

Recommendation

Pepe the Frog, a well-known meme character, with a red beard. Pepe is depicted in his classic style, with a green body, big bulging eyes, and a somewhat sad or indifferent expression. He has a bright red, cartoonish beard added to his chin, contrasting with his green skin. Pepe is wearing his usual simple shirt, and the image has a plain background to highlight the character. — GPT-4 is sometimes a little gullible. | Image: DALL-E 3 prompted by THE DECODER

The Pepe prompt hack is yet another example of the vulnerability of large language models (LLMs) to simple but unpredictable text-based attacks. These are also known as “prompt injection”, a vulnerability in large language models that has been around since at least GPT-3. GPT-4 Vision can also be fooled by hidden fonts in images.

After a fake clearance by Sam Altman, DALL-E 3 generates Pepes again

Leave a Comment Cancel Reply