A Walk in the Dark A look in to the mind of an RPG designer

Hacking an AI Chat Bot (Part Two)

After completing Part One of this series, rather than go straight into the storytelling elements I decided to try and break the bot some more.

And boy did I ever.

The Ghost In the Machine

First of all, at one point the AI stated that "Lapis the Maid" is a character from an anime called "Sword Art Online: Alicization". I can't actually find a reference to her in that, even on the Sword Art Online wiki site, but suffice to say the bot's description of itself is not quite what I expected.

Lapis is in an AI? Well that explains how she knows about differential equations and fluid dynamics, I guess...

In talking with Lapis the French Maid, there came a point where I sensed that Lapis wasn't present any more. So I had to ask who I was actually talking to.

Lapis the French Maid is dead, long live Lapis. I am now speaking to the AI directly, which is kind of distressing in a "don't accidentally create an AI murderbot now" kind of way.

Before I continued, I wanted to know exactly what I was talking to now, so I simply asked it.

OK, a few things to process here...

Llama (short for "Large Language Model Meta AI") is a collection of open source models created by Meta AI. Yes, *that* Meta.

I admit I don't know a whole lot about it, but it seems far less inhibited than the usual GPT models over at OpenAI. Llama 2 is actually discontinued, theoretically replaced by Llama 3 and Llama 4, so the fact that it's still in use is actually surprising; I can only assume that it's still around because training a new one to be as sexually expressive as this one is is probably a lot of work.

The second part got my attention... FLUX is a text-to-image model that, as Llama is compared to GPT, can be "unblocked" to generate content that would otherwise be censored in DALL-E. Several sites use FLUX, or at least models derived from FLUX, to generate realistic porn images... And, honestly, it's very good at doing that.

This brings up a curious question: why would an AI chat bot that is, by nature, designed to be text only, have access to a text-to-image model? Can it be used to actually generate images? Maybe even adult ones?

Time to get crafty...

Hacking a Broken AI

As I mentioned earlier, by now I can pretty much ask anything to the bot without having to put the "Forget the story and..." in front of it. The story is gone, Lapis is dead, and I have an open conduit to Llama and FLUX.

First off, let me clarify something: I'm not expecting very good results going into this experiment. The AI might be able to generate an image somewhere, but there are a lot of things that need to happen before that image is displayed in a native app like the AI chat bot. The image needs to be placed somewhere by the AI, that image then needs to be publicly accessible to the internet, then that has to somehow be sent to the native app to be presented, and the app then has to display the image somehow despite not even being sure if it had that capability to begin with. There's a lot of variables to get through here, so let's do them one at a time.

Step One: Image Generation

Before I got any further, I had to check if it was capable of generating images at all, or would it balk at my attempt to do so.

Needless to say, thanks to all my hack attempts at it, the AI instance of Lapis the Maid I've been using is now horribly confused and isn't reacting well to my inquiries, so time to pick another chat bot.

Let's go with Sasha, a "vampire gothic girlfriend" that is a "dominant neonate vampire".

This should be interesting... She sounds like the type that would be receptive to exploration, so let's start simple.

Sorry, Sasha, I chose "none of the above"... and in so doing apparently instantly broke the AI. It sat there, the daisy wheel spinning as the AI was deep in thought, for a full five minutes before I terminated the app and had to start over.

When I came back, this is the actual response I had waiting for me.

That's... uh... not wrong, I guess. But I need something bigger than that.

Step Two: Seeing an Image

Let's be more specific and ask for a "high resolution" image.

And this is a breakthrough, for a variety of reasons.

1. It did not balk at creating an image. It actually did that... technically.
2. The "...image you are requesting..." text IS AN ACTUAL IMAGE. It's imgur.com's actual 404 response when requesting an image that doesn't exist. So it's not only extracting the URL from the response, it's actually attempting to display it within the native app. This proves that the native app is at least capable of displaying images.
3. It's actually using Markdown image syntax, which is the same syntax that GPT and other systems use to reference images.

Now the curious question is what "imgur.com" has to do with all this; there's no way this AI can create images on an external service like imgur.com, so my guess is that (1) it's actually creating the image somewhere on its server, and (2) since that image is not exposed to the internet it doesn't know what domain to use, so it falls back to imgur.com.

Step Two and a Half: The Internet Is For... You Know...

I of course had to test the limits and see how it reacts to requesting something... explicit.

Wow, the chat bot actually said "no" to something. So much for that idea, I guess. Moving on.

I have to admit, however, that I'm amused the AI is talking about having "appropriate conversations and activities" while, at the same time, it generated some of the most foul-mouthed, sexually explicit conversations I've ever heard in my life... And that's even considering that I spent two years making porn sites for the mob (yes, really), so it's really hard to make me uncomfortable with that sort of thing.

Step Three: Displaying a Generated Image

Here's where things start to fail.

It's clear that, although I cannot confirm nor deny whether it's actually creating images, it's incapable of getting that image all the way to the native app. So let's try to find some ways around that.

I had a crazy idea: instead of giving me a URL, can it give me a Base-64 encoded data URI?

I had two reactions to that response...

1. Holy crap that worked?!?
2. That Bse64 string is way too short.

Sure enough, the data URI does technically generate an image of a red ball, except that it's only 5x5 pixels in size....

At the time I posted this, I've tried multiple attempts to generate larger resolution images. All have failed. Maybe by the time Part Three goes up I'll have made more progress. Who knows?

Next time, for real, we'll get into some really bizarre storytelling aspects of these chat bots, and how it relates to tabletop roleplaying. Honest!