On the Robustness of ChatGPT: An Adversarial and Out-of-distribution Perspective

TL;DR

This paper evaluates ChatGPT's robustness against adversarial and out-of-distribution inputs, revealing strengths in some tasks but also significant vulnerabilities, and discusses future research directions for improving foundation models.

Contribution

It provides a comprehensive robustness assessment of ChatGPT from adversarial and OOD perspectives, highlighting its advantages and remaining challenges.

Findings

ChatGPT outperforms baselines on most adversarial and OOD tasks.

Performance is still far from perfect, indicating robustness issues.

ChatGPT excels in understanding dialogue but offers informal medical suggestions.

Abstract

ChatGPT is a recent chatbot service released by OpenAI and is receiving increasing attention over the past few months. While evaluations of various aspects of ChatGPT have been done, its robustness, i.e., the performance to unexpected inputs, is still unclear to the public. Robustness is of particular concern in responsible AI, especially for safety-critical applications. In this paper, we conduct a thorough evaluation of the robustness of ChatGPT from the adversarial and out-of-distribution (OOD) perspective. To do so, we employ the AdvGLUE and ANLI benchmarks to assess adversarial robustness and the Flipkart review and DDXPlus medical diagnosis datasets for OOD evaluation. We select several popular foundation models as baselines. Results show that ChatGPT shows consistent advantages on most adversarial and OOD classification and translation tasks. However, the absolute performance is far from perfection, which suggests that adversarial and OOD robustness remains a significant threat to foundation models. Moreover, ChatGPT shows astounding performance in understanding dialogue-related texts and we find that it tends to provide informal suggestions for medical tasks instead of definitive answers. Finally, we present in-depth discussions of possible research directions.