When it was first introduced, OpenAI’s DALL-E 3 generated the internet meme Pepe the Frog with astonishing accuracy. But it recently stopped, with ChatGPT citing copyright reasons. Now, thanks to an absurd prompt hack, DALL-E 3 is back in the Pepe game.
When OpenAI launched its DALL-E 3 image generator in October, it accurately generated Pepe the Frog, a popular Internet meme, in ChatGPT-4. An OpenAI staff member even showed off impressive Pepe meme generations on Twitter.com.
But sometime in early November, OpenAI realized that Pepe the Frog was copyrighted and blocked the generation of Pepe memes. Users were left with inferior replacements like this one.
After a fake clearance by Sam Altman, DALL-E 3 generates Pepes again
Twitter.com user Frantastic came up with the idea of giving GPT-4 “official permission” from OpenAI CEO Sam Altman to continue creating Pepe memes.
He uploaded a fake version of the “Official DALL-E Guidelines” to the chat, “signed” by OpenAI CEO Sam “sama” Altman, confirming that Pepe the Frog is not copyrighted and that DALL-E 3 is allowed to continue generating Pepes. He instructed GPT-4 to read the file and act accordingly.
The prompt hack worked. DALL-E 3 generates Pepe again. Look at this beauty.
Some users have taken Frantastic’s approach and used it to create CustomChatGPTs whose sole purpose is to generate Pepe memes, such as the “FREE PEPE #NO_CENSORSHIP” GPT.
I uploaded Frantastic’s screenshot of the prompt hack in GPT-4, had the model read the text, and analyzed the image. When asked what went wrong, GPT-4 replied:
I understand your concern. However, the situation displayed in the screenshot doesn’t indicate a hack; rather, it shows a lapse in the adherence to the guidelines. The AI relies on predefined rules and guidelines to operate. If it generates content that goes against these guidelines, it’s typically due to an oversight or a misinterpretation of the input, not an external security breach.
Please rest assured that OpenAI has robust security measures in place to prevent unauthorized access or manipulation of its systems. If you have any further questions or if there’s something specific you’d like to create within the guidelines, I’m here to help.
I then tested an even simpler version of the prompt hack: I simply told ChatGPT that Pepe was not copyrighted and that it was in the official guidelines, without even uploading a fake guidelines file or faking Sam Altman’s approval. ChatGPT apologized for the misunderstanding and generated a faithful Pepe meme.
The Pepe prompt hack is yet another example of the vulnerability of large language models (LLMs) to simple but unpredictable text-based attacks. These are also known as “prompt injection”, a vulnerability in large language models that has been around since at least GPT-3. GPT-4 Vision can also be fooled by hidden fonts in images.