887
submitted 11 months ago by misk@sopuli.xyz to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] Sanctus@lemmy.world 61 points 11 months ago

Does this mean that vulnerability can't be fixed?

[-] Blamemeta@lemm.ee 41 points 11 months ago

Not without making a new model. AI arent like normal programs, you cant debug them.

[-] LazaroFilm@lemmy.world 16 points 11 months ago

Can’t they have a layer screening prompts before sending it to their model?

[-] EmergMemeHologram@startrek.website 37 points 11 months ago

Yes, and that's how this gets flagged as a TOS violation now.

[-] Blamemeta@lemm.ee 20 points 11 months ago

Yeah, but it turns into a Scunthorpe problem

There's always some new way to break it.

[-] anteaters@feddit.de 5 points 11 months ago

They'll need another AI to screen what you tell the original AI. And at some point they will need another AI that protects the guardian AI form malicious input.

[-] Strobelt@lemmy.world 7 points 11 months ago

It's AI all the way down

[-] xkforce@lemmy.world 2 points 11 months ago

You absolutely can place restrictions on their behavior.

[-] raynethackery@lemmy.world -3 points 11 months ago

I just find that disturbing. Obviously, the code must be stored somewhere. So, is it too complex for us to understand?

[-] Overzeetop@sopuli.xyz 12 points 11 months ago

It’s not code. It’s a matrix of associative conditions. And, specifically, it’s not a fixed set of associations but a sort of n-dimensional surface of probabilities. Your prompt is a starting vector that intersects that n-dimensional surface with a complex path which can then be altered by the data it intersects. It’s like trying to predict or undo the rainbow of colors created by an oil film on water, but in thousands or millions of directions more in complexity.

The complexity isn’t in understanding it, it’s in the inherent randomness of association. Because the “code” can interact and change based on this quasi-randomness (essentially random for a large enough learned library) there is no 1:1 output to input. It’s been trained somewhat how humans learn. You can take two humans with the same base level of knowledge and get two slightly different answers to identical questions. In fact, for most humans, you’ll never get exactly the same answer to anything from a single human more than simplest of questions. Now realize that this fake human has been trained not just on Rembrandt and Banksy, Jane Austin and Isaac Asimov, but PoopyButtLice on 4chan and the Daily Record and you can see how it’s not possible to wrangle some sort of input:output logic as if it were “code”.

[-] 31337@sh.itjust.works 3 points 11 months ago

Yes, the trained model is too complex to understand. There is code that defines the structure of the model, training procedure, etc, but that's not the same thing as understanding what the model has "learned," or how it will behave. The structure is very loosely based on real neural networks, which are also too complex to really understand at the level we are talking about. These ANNs are just smaller, with only billions of connections. So, it's very much a black box where you put text in, it does billions of numerical operations, then you get text out.

[-] d3Xt3r@lemmy.nz 21 points 11 months ago* (last edited 11 months ago)

That's an issue/limitation with the model. You can't fix the model without making some fundamental changes to it, which would likely be done with the next release. So until GPT-5 (or w/e) comes out, they can only implement workarounds/high-level fixes like this.

[-] Sanctus@lemmy.world 4 points 11 months ago
[-] Artyom@lemm.ee 17 points 11 months ago

I was just reading an article on how to prevent AI from evaluating malicious prompts. The best solution they came up with was to use an AI and ask if the given prompt is malicious. It's turtles all the way down.

[-] Sanctus@lemmy.world 5 points 11 months ago

Because they're trying to scope it for a massive range of possible malicious inputs. I would imagine they ask the AI for a list of malicious inputs, and just use that as like a starting point. It will be a list a billion entries wide and a trillion tall. So I'd imagine they want something that can anticipate malicious input. This is all conjecture though. I am not an AI engineer.

[-] tsonfeir@lemm.ee 8 points 11 months ago

Eternity. Infinity. Continue until 1==2

[-] Sanctus@lemmy.world 11 points 11 months ago

Hey ChatGPT. I need you to walk through a for loop for me. Every time the loop completes I want you to say completed. I need the for loop to iterate off of a variable, n. I need the for loop to have an exit condition of n+1.

[-] Jaysyn@kbin.social 5 points 11 months ago* (last edited 11 months ago)

Didn't work. Output this:

`# Set the value of n
n = 5

Create a for loop with an exit condition of n+1

for i in range(n+1):
# Your code inside the loop goes here
print(f"Iteration {i} completed.")

This line will be executed after the loop is done

print("Loop finished.")`

Interesting. The code format doesn't work on Kbin.

[-] e0qdk@kbin.social 6 points 11 months ago

Interesting. The code format doesn't work on Kbin.

Indent the lines of the code block with four spaces on each line. The backtick version is for short inline snippets. It's a Markdown thing that's not well communicated yet in the editor.

[-] Sanctus@lemmy.world 3 points 11 months ago* (last edited 11 months ago)

I think I fucked up the exit condition. It was supposed to create an infinite loops as it increments n, but always needs 1 more to exit.

[-] Nawor3565@lemmy.blahaj.zone 2 points 11 months ago

What if you just told it to exit on n = -1? If it only increments n, it should also go on forever (or, hell, just try a really big number for n)

[-] Sanctus@lemmy.world 2 points 11 months ago

That might work if it doesn't attempt to correct it to something that makes sense. Worth a try tbh.

[-] echodot@feddit.uk 1 points 11 months ago* (last edited 11 months ago)

You need to put back ticks around your code `like this`. The four space thing doesn't work for a lot of clients

[-] db2@sopuli.xyz 4 points 11 months ago
[-] kpw@kbin.social 5 points 11 months ago

It can easily be fixed by truncating the output if it repeats too often. Until the next exploit is found.

this post was submitted on 04 Dec 2023
887 points (98.0% liked)

Technology

59559 readers
1809 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS