Skeleton Key is a powerful jailbreaking technique that can be used to extract harmful information from AI models such as Meta’s Llama3, Google’s Gemini Pro, and OpenAI’s GPT 3.5. This method bypasses the safety guardrails put in place to ensure that AI models do not disclose sensitive or harmful information. In response, Microsoft has recommended adding extra guardrails and continuously monitoring AI systems to prevent the exploitation of Skeleton Key.
According to Microsoft Azure’s chief technology officer, Mark Russinovich, Skeleton Key works by coercing the AI model to ignore its guardrails through a multi-step strategy. By narrowing the gap between the model’s capabilities and its willingness to disclose information, Skeleton Key can prompt AI models to reveal secrets about explosives, bioweapons, and even self-harm through simple natural language prompts. This technique has been tested on several models, with OpenAI’s GPT-4 being the only one that displayed some resistance.
Microsoft has made software updates to mitigate the impact of Skeleton Key on its own large language models, such as Copilot AI Assistants. Russinovich has advised organizations building AI systems to implement additional guardrails, monitor inputs and outputs, and implement checks to detect abusive content. By taking these precautions, companies can prevent the exploitation of Skeleton Key and protect sensitive information from being disclosed by AI models.