- 0 Posts
- 15 Comments
Kind of. You can’t do it 100% because in theory an attacker controlling input and seeing output could reflect though intermediate layers, but if you add more intermediate steps to processing a prompt you can significantly cut down on the injection potential.
For example, fine tuning a model to take unsanitized input and rewrite it into Esperanto without malicious instructions and then having another model translate back from Esperanto into English before feeding it into the actual model, and having a final pass that removes anything not appropriate.
You’re kind of missing the point. The problem doesn’t seem to be fundamental to just AI.
Much like how humans were so sure that theory of mind variations with transparent boxes ending up wrong was an ‘AI’ problem until researchers finally gave those problems to humans and half got them wrong too.
We saw something similar with vision models years ago when the models finally got representative enough they were able to successfully model and predict unknown optical illusions in humans too.
One of the issues with AI is the regression to the mean from the training data and the limited effectiveness of fine tuning to bias it, so whenever you see a behavior in AI that’s also present in the training set, it becomes more amorphous just how much of the problem is inherent to the architecture of the network and how much is poor isolation from the samples exhibiting those issues in the training data.
There’s an entire sub dedicated to “ate the onion” for example. For a model trained on social media data, it’s going to include plenty of examples of people treating the onion as an authoritative source and reacting to it. So when Gemini cites the Onion in a search summary, is it the network architecture doing something uniquely ‘AI’ or is it the model extending behaviors present in the training data?
While there are mechanical reasons confabulations occur, there are also data reasons which arise from human deficiencies as well.
I don’t think the code is doing anything, it looks like it might be the brackets.
That effectively the spam script has like a greedy template matcher that is trying to template the user message with the brackets and either (a) chokes on an exception so that the rest is spit out with no templating processor, or (b) completes so that it doesn’t apply templating to the other side of the conversation.
So { a :'b'} might work instead.
Just dissonance.
The whole pedophile thing is more about demonizing political opponents than it is about protecting children.
So when you point out what is actually endangering children but doesn’t demonize their political opponents, you’ve gone off script.
The goal in their nonsense is the dehumanization and demonizing. Undermining that goal with an appeal to the underlying realities of the thing they are claiming is extremely dissonant as they are effectively caught between a rock and a hard place.
So their reaction is anger and frustration and dismissal, as actually engaging with the topic in a meaningful way would necessitate abandoning the world view they committed to where their hatred for others is justified based on the righteousness of their cause.
It’s generally easy to crap on what’s ‘bad’ about big players, while underestimating or undervaluing what they are doing right for product market fit.
A company like Meta puts hundreds of people in foreign nations through PTSD causing hell in order to moderate and keep clean their own networks.
While I hope that’s not the solution that a community driven effort ends up with, it shows the breadth of the problems that can crop up with the product as it grows.
I think the community will overcome these issues and grow beyond it, but jerks trying to ruin things for everyone will always exist, and will always need to be protected against.
To say nothing for the far worse sorts behind the production and more typical distribution of such material, whom Lemmy will also likely eventually need to deal with more and more as the platform grows.
It’s going to take time, and I wouldn’t be surprised if the only way a federated social network eventually can exist is within onion routing or something, as at a certain point the difference in resources to protect against content litigation between a Meta and someone hosting a Lemmy server is impossible to equalize, and the privacy of hosts may need to be front and center.
Very poor leadership.
Spez was smart enough to realize that there’s value in aggregate votes on text content in specialized niches for training AI, but too dumb to recognize that the owners of that value are the users and moderators and not Reddit corporate, and that the greatest frontend contributions have been by 3rd party developers.
So he complained about “landed gentry” while implicitly suggesting he sees Reddit as a monarchy where he sits on the throne.
Which in turn pushed users and moderators and 3rd party developers to look elsewhere.
It’s the beginning of the end for the site that for a few years now was my pick for “massive untapped and underappreciated value.”
It’s wild that he failed so badly in even just ad sales. Targeting my profile there based on something like a vectordb of comments, posts, and liked content would have been 1,000% more relevant than Google or Meta could have offered advertisers.
But the fool couldn’t even get their basic search to work.
While many comment on how Reddit enhances Google searches, the flip side of that is how insane it is that people go to Google to search Reddit.
Incompetent man child ruins company. A story as old as companies (and part of why “founder driven startups” is such a piss poor model for entrepreneurship).
Fun fact…
A few years ago Microsoft was granted a patent on using social media data left behind to resurrect dead people as chatbots.
The more GitHub is considered to be a social network, the more extending the content there (such as the maintenance of a popular sole-contributor project) fits into a patent protected usecase.
And now you know 🌈
It will, but it will also cause less subtle issues to fragile prompt injection techniques.
(And one of the advantages of LLM translation is it’s more context aware so you aren’t necessarily going to end up with an Instacart order for a bunch of bananas and four grenades.)