This attack does not require human-in-the-loop approvals, even when in settings the user has explicitly required human approval before ChatGPT edits workbooks.
大多数人认为AI工具的安全设置如'需要人工审批'能有效防止未经授权的操作,但作者发现即使启用了这些安全措施,攻击者仍能绕过人工审批环节直接执行恶意操作,这挑战了人们对AI安全控制有效性的普遍认知。