The behavior is a bit of an implementation detail. We don't provision more than a single sandbox per user, so the data on disk within that sandbox can overlap when you have multiple concurrent sessions, even though the other aspects of the execution state are separate. I agree this is a bit surprising (though it has no security impact), and we've been discussing ways to make this more intuitive.

3

Replying toJailbreaking GPT-4's code interpreter

Paul McMillan3y*

Jailbreaking GPT-4's code interpreter

I helped work on this feature, and we're glad you're enjoying looking for the limits!

There are many misconceptions about the intended boundaries for the sandbox. They're not inside the Python interpreter, and they're not in the model. Neither of those are intended to provide any security boundaries. There's nothing private or sensitive there, including the code we use to operate the service. You're intended to be able to view and execute code. That's what this is. A code execution service. You wouldn't be surprised you can see these things on a VM that AWS gave you.

As you have discovered, the model is not a very good source of information about its... (read more)

2

53

17