434
Google Researchers’ Attack Prompts ChatGPT to Reveal Its Training Data
(www.404media.co)
This is a most excellent place for technology news and articles.
Not sure what other people were claiming, but normally the point being made is that it's not possible for a network to memorize a significant portion of its training data. It can definitely memorize significant portions of individual copyrighted works (like shown here), but the whole dataset is far too large compared to the model's weights to be memorized.
And even then there is no "database" that contains portions of works. The network is only storing the weights between tokens. Basically groups of words and/or phrases and their likelyhood to appear next to each other. So if it is able to replicate anything verbatim it is just overfitted. Ironically the solution is to feed it even more works so it is less likely to be able to reproduce any single one.
That's a bald faced lie.
and it can produce copyrighted works.
E.g. I can ask it what a Mindflayer is and it gives a verbatim description from copyrighted material.
I can ask Dall-E "Angua Von Uberwald" and it gives a drawing of a blonde female werewolf. Oops, that's a copyrighted character.
I think what they mean is that ML models generally don't directly store their training data, but that they instead use it to form a compressed latent space. Some elements of the training data may be perfectly recoverable from the latent space, but most won't be. It's not very surprising as a result that you can get it to reproduce copyrighted material word for word.
I think you are confused, how does any of that make what I said a lie?
I can do that too. It doesn't mean I directly copied it from the source material. I can draw a crude picture of Mickey Mouse without having a reference in front of me. What's the difference there?
If you have a crude picture of Mickey Mouse and you make money from it, Disney definitely has a chance at going after you.
That's due to trademark, not copyright.