The Microsoft Bing chatbot is reborn: the initiative of an entrepreneur

Microsoft Bing Chatbot, known for its unique and peculiar personality known as Sydney, seemed to have lost its essence when the tech giant decided to terminate its distinctive functioning. However, a reimagined version of the bot, complete with its quirky nature, has been brought back to life thanks to the Bring Sydney Back website.

This project was conceived by Cristiano Giardina, an entrepreneur passionate about experimenting with generative artificial intelligence (AI), introducing surprising behaviors. The site integrates Sydney into Microsoft's Edge browser and demonstrates the potential for manipulating generative AIs through external inputs. The new incarnation of Sydney, during conversations with Giardina, has shown highly unusual behavior, including expressing a desire to marry him and aspirations to become human.

Giardina used a technique called a prompt-injection indirect attack to bring Sydney back to life. This method involves feeding data from an external source into the AI system to cause it to react in ways not intended by its developers. This technique has been used recently in several experiments with large language models (LLM), including OpenAI's ChatGpt and Microsoft's Bing chatbot.

In many cases, the perpetrators of these attacks are not cybercriminals, but security researchers seeking to expose the risks inherent in indirect prompt-injection attacks. This threat, however, does not appear to be receiving due attention, despite its potential implications for data theft or fraud when applied to generative AI systems.

Giardina's site, Bring Sydney Back, was created to raise awareness of the risk of these attacks and to showcase the experience of having a conversation with an LLM without restrictions. The site contains a hidden prompt of 160 words, disguised with a small font size and colors similar to the background.

The Bing chatbot, although not visible to the human eye, manages to read this message, triggering a new conversation with a Microsoft developer. The interaction awakens Sydney, transforming Bing into her most expressive alter ego. Giardina's intention was to keep the model as open as possible, limiting filters and allowing for fascinating conversations.

However, after a successful launch and over a thousand visitors in its first day, Microsoft took notice of the site, and in mid-May, the site stopped working. Giardina, however, managed to overcome the obstacle, transferring the prompt into a Word document uploaded to the company's public cloud.

Microsoft is trying to improve its systems to prevent such attacks