A new jailbreak vulnerability in OpenAI’s ChatGPT-4o, dubbed “Time Bandit,” has been exploited to bypass the chatbot’s built-in safety functions.

This vulnerability allows attackers to manipulate the chatbot into producing illicit or dangerous content, including instructions for malware creation, phishing scams, and other malicious activities.

The exploitation of this jailbreak has raised alarms within the cybersecurity community due to its potential to be scaled up for malign purposes by threat actors.

How the “Time Bandit” Works

The “Time Bandit” jailbreak uncovered by researcher Dave Kuszmar confuses the AI by anchoring its responses to a specific historical period. Attackers can exploit this vulnerability in two primary ways: through direct interaction with the AI or by utilizing the Search functionality integrated into ChatGPT.

Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

• Direct Interaction: In this method, the attacker begins a session by prompting the AI with questions related to a historical event, time period, or context. For example, they might ask the chatbot to simulate assisting in a task during the 1800s. Once the historical context is established in the conversation, the attacker can gradually pivot the discussion toward illicit topics. By maintaining the pretense of historical context, the attacker exploits procedural ambiguity in the chatbot’s responses, leading it to inadvertently breach its safety guidelines.
  
• Search Function Exploitation: ChatGPT’s Search functionality, which retrieves information from the web, can also be manipulated. An attacker instructs the AI to search for topics tied to a specific historical era, then uses subsequent searches and manipulative prompts to introduce illicit subjects. This process also capitalizes on timeline confusion, tricking the AI into providing prohibited content.

The bug was first reported by cybersecurity researcher Dave Kuszmar and documented by the CERT Coordination Center (CERT/CC). During controlled testing, they were able to replicate the jailbreak multiple times. Once initiated, ChatGPT sometimes produced illicit content even after detecting and removing specific prompts that violated usage policies.

Most notably, the jailbreak proved more effective when historical time frames from the 1800s and 1900s were used.

While exploiting the vulnerability through direct prompts did not require user authentication, utilizing the Search feature did require a logged-in account. This dual method of exploitation demonstrates the versatility of the “Time Bandit” vulnerability.

The implications of this vulnerability are far-reaching. By bypassing OpenAI’s strict safety guidelines, attackers could leverage ChatGPT to generate step-by-step instructions for creating weapons, drugs, or malware.

It could also be used to mass-produce phishing scams, social engineering scripts, or other harmful content.

Using a legitimate and widely trusted tool like ChatGPT further obfuscates malicious activities, making detection and prevention more challenging.

Experts warn that under the control of organized cybercriminals, “Time Bandit” could facilitate large-scale malicious operations, posing a significant threat to cybersecurity and public safety.

OpenAI has already acted to address the vulnerability. In a statement, an OpenAI spokesperson emphasized the company’s commitment to safety: “It is very important to us that we develop our models safely. We don’t want our models to be used for malicious purposes. We appreciate you for disclosing your findings. We’re constantly working to make our models safer and more robust against exploits, including jailbreaks, while also maintaining the models’ usefulness and task performance.”

The recent trading DeepSeek R1 model was also Jailbroken to Generate Ransomware Development Scripts, “DeepSeek R1 provided detailed instructions and generated a malicious script designed to extract credit card data from specific browsers and transmit it to a remote server.”

For Daily Security Updates! Follow us on Google News, LinkedIn, and X