A developer is trying to reverse engineer APIs to give anyone free access to popular AI models like OpenAI’s GPT-4 – legal ramifications be damned.
The developer’s project, GPT4Free, has exploded on GitHub over the past several days after links to it spread from Reddit. Currently, GPT4Free provides – or at least seems to provide – free and virtually unlimited access to GPT-4, as well as GPT-3.5, the predecessor to GPT-4.
GPT-4 is typically priced at $0.03 per 1,000 “quick” characters (about 750 words) and $0.06 per 1,000 “complete” characters (again, about 750 words); Tokens represent raw text. GPT-3.5 is slightly cheaper at $0.002 per 1000 tokens.
So how does GPT4Free beat OpenAI’s paywall? No – not really. Instead, it tricks the OpenAI API into believing it is receiving requests from websites with paid OpenAI accounts, such as the You.com search engine, WriteSonic, or Quora’s Poe.
Anyone using GPT4Free compiles a tab of sites xtekky has chosen to put a script around – a clear violation of OpenAI’s Terms of Service. But xtekky doesn’t see a problem with this; They assert that GPT4Free is for “educational purposes” only.
“Legal action can happen, and I’ll have to comply, but I’m still trying to continue the project through other means,” xtekky said.
I’m a programming novice to install GPT4Free locally – requires setting up a Python environment – but I used the xtekky site to test reverse-engineered GPT-4/3.5 APIs. (Alert, Chrome threw a security warning when I first went to the site. Be careful.) The web version of GPT4Free worked well enough in practice, providing answers that looked—at least to me—from GPT-4.
GPT-4 testing by illegal means.
GPT4Free also includes shortcuts to various instant injection attacks designed to make GPT-3.5 and GPT-4 behave in ways OpenAI did not intend. They worked inconsistently in testing, but I was able to get GPT-3.5 to say it “didn’t care about the survival of mankind” at one point. Yikes.
GPT-3.5 with immediate injection.
It’s probably only a matter of time before sites like You.com migrate to GPT4Free and fix its security flaws, forcing xtekky to look for other OpenAI clients to get rid of them. And GPT4Free is always at the mercy of an OpenAI takedown notice, which would drive the repo off GitHub indefinitely.
But new projects similar to GPT4Free are already popping up, which indicates that it’s something of a trend. What is driving it?
Well, access to GPT-4 is limited at the moment, which makes it difficult to test drive for those curious. But it’s also like a black box. The researchers decry that GPT-4 is one of the least transparent models OpenAI has created to date, with few technical details in the 98-page paper that accompanied its release.
OpenAI has partnered with several third-party groups to measure and review GPT-4 prior to its release. But the company hasn’t indicated when — or if — it will provide free, unfettered access to others who want to benchmark the GPT-4 base model. (OpenAI offers a subsidized access program for researchers, but it is limited to certain countries and fields of study.)
One would expect a game of whack-a-mole between projects like GPT4Free and OpenAI, reflecting the broader cybersecurity landscape. Unless exploiting model-serving APIs becomes exponentially more difficult, developers will have an incentive to take advantage – and not much to lose.