Comment by twisteriffic

1 day ago

This exploit seems to be taking advantage of the slow token-at-a-time pattern of LLM conversations to ensure that the extracted data can be reconstructed in order? Seems as though returning the entire response as a single block could interfere with the timing enough to make reconstruction much more difficult.

1 comment

twisteriffic

Reply
arielcostas  3 hours ago

What if you made it generate a URL with each character-position instead of just the character? For example, instead of making `hacked` be `0.0.0.0/h`, `0.0.0.0/a` and so on; it invokes `0.0.0.0/1-h`, `0.0.0.0/2-a`... that way you can sort them and delete any duplicate calls