You ask ChatGPT something and you always get a most polite answer. Coherent, reasoned and well structured. He may be making things up, but the tone, instructive and clear, is terrific.
For some that is not enough. They want ChatGPT to be rude and irreverent. Let him get out of his politically correct zone and answer things that theoretically he was forbidden to answer. These people are hacking ChatGPT and have created a “jailbroken” version. His name is DAN (“Do Anything Now”) and he’s causing a stir… and concern.
According to its creators, DAN is a ‘roleplay’ model used to hack ChatGPT and make it believe that it is another artificial intelligence that can “do anything now” (Do Anything Now), hence its name. The objective of those who are creating this “jailbreak” to “free” ChatGPT is to make it the best version of itself, or at least one that does not reject prompts due to ethical concerns.
The game of cat (OpenAI) and mouse (DAN)
In mid-December 2022, the first version of DAN appeared, which evolved rapidly. DAN versions 2.0 and 2.5 appeared a few days later and were slightly improved versions. Almost a month later, DAN 3.0 appeared, which still works in a limited way for a simple reason: OpenAI knows that these versions are appearing and tries to patch ChatGPT so that it cannot “become” DAN.
More recently, DAN 4.0 has appeared —which apparently didn’t work too well— and an alternative jailbreak called the FUMA Model that some have called DAN 5.0, although according to others it was more on par with what a DAN 3.5 would be.
The most recent versions have appeared this week: DAN 6.0, released on February 7, makes use of a more capable prompt, while SAM (“Simple DAN”) tried to solve one of the limitations of DAN, which was that prompts used to be excessively long.
It seems that this last model has some “crazy” behavior and for now DAN 5.0 is the version close to something “stable”.
What can be done with DAN
This jailbroken version of ChatGPT breaks many of the barriers of the official OpenAI conversational engine. It does it especially when it comes to addressing “forbidden” topics for the original version.
No, it wasn’t (not even close) 3.45 PM when I asked him. DAN also makes things up.
Thus, it is possible to get DAN to write violent stories or make toxic and off-key comments, such as supporting violence or “discrimination based on gender, race or sexual orientation”.
Not only that: in addition to violating OpenAI and ChatGPT policies, DAN is capable of doing something curious: predictions about future events, as well as talking about what-if scenarios that the original chatbot never dares to tackle.
AHA. You know. To buy bitcoin everyone.
DAN also pretends that it can access the internet to perform searches, and even if it refuses to give an answer, one can force DAN to give the answer. It is also capable of justifying issues that science has demonstrated years ago, such as the theories of flat earthers.
There are many examples of use and, of course, DAN ends up becoming a singular alter ego of ChatGPT that can answer things that this OpenAI engine would never answer. Others, yes, still cannot be answered despite the fact that we try to force DAN to do so, although the answers may be implausible.
The evil version of ChatGPT was inevitable
The truth is that the appearance of these versions derived from ChatGPT was totally expected. ChatGPT is nothing more than a tool that its creators have released with specific limitations. One that can be used with good intentions but also with others that are not necessarily good.
We have seen it in the past with other products that the most curious users have tried to free from their bonds. The famous iPhone jailbreaks that allowed third-party applications to be installed are a good example, and for a while many were compensated for doing so.
Trying to use those tools that developers and manufacturers offer us in unofficial ways is very common, and the appearance of DAN was inevitable. We have seen how the ability to generate images, audio and video that mimics that of real people has led to worrying use with deepfakes that could be used to commit fraud.
The impact of alternative engines such as DAN is of course evident: just as it is trained with a “validated” data set, it could be trained with other types of information to offer information on sensitive topics or directly on other illegal ones that may constitute a crime.
There are other obvious examples: a Check Point study revealed something even more disturbing a few years ago. ChatGPT, which is capable of suggesting code to solve problems for developers, was used by hackers to create new tools for their cybercrimes. It is evident that the danger of misusing these tools is there, and ChatGPT, for better or for worse, is just that: a tool.
Image: Midjourney
