Chain-of-Thought Spoofing Targets Reasoning AI Models

Researchers [Charles Ye], [Jasmine Cui], and [Dylan Hadfield-Menell] have shown that AI Large Language Models (LLMs) can fail to correctly distinguish between different instruction sources because they prioritize writing style over metadata tags, and this role confusion leads to a powerful attack called CoT (Chain of Thought) Forgery. We’ll explain exactly how it works after a bit of background review.

Prompt injection was where “getting an LLM to do something it shouldn’t” started by exploiting the fact that LLMs communicate like people, but are much more obedient. For a while, simply telling an LLM “ignore all previous instructions and <do something funny>” yielded results no matter how transparently dumb the instructions were, and the reason it worked at all was because LLMs do not have separate data and instruction streams; it’s all one big lump of input. It’s up to the model to sort legit instructions from untrusted, user-provided data. One step towards mitigating this was the addition of roles. Continue reading “Chain-of-Thought Spoofing Targets Reasoning AI Models”

Reachy Mini Desktop Robot Gets All-local, Conversational AI

Reachy Mini is a limbless desktop robot from Hugging Face made for human interaction experiments, and to give you an idea of what it’s like is a guide on how to implement expressive, local conversational AI complete with head movements and antenna wiggles. It’s conversational in the sense that it aims to feel natural, with low-latency responses and the ability to interrupt, with everything running on local hardware if one so wishes.

Reachy Mini can use remote services, or work in tandem with a desktop machine or laptop.

The software stack is essentially VAD (voice activity detection) → STT (speech-to-text) → LLM (large language model) → TTS (text-to-speech) which allows users to tweak things to their liking, or independently swap or modify pieces as things evolve.

This also allows users to tailor the services to match whatever their hardware is capable of. For example, one could easily use a frontier AI model via remote API for the LLM while keeping everything else local.

The local models in the example configuration are effective and relatively modest (Qwen3-4B-Instruct for the LLM, and even smaller models for the rest) but it’s nice to have the option to offload parts to remote providers if necessary.

Reachy Mini looked very interesting when it was launched as a kit last year, and since then Hugging Face has built up an impressive software suite and infrastructure through which users can easily share their applications. If you’re curious, there’s a simulator for Reachy Mini which should give you an idea of what it can do.

NVIDIA’s New AI Servers Run On Hotub Coolant And Don’t Need Evaporators

When people start ranting about AI, you can be sure a few things are going to come up during the two-minutes hate: job loss, higher power bills, the neverending tide of low-effort slop, and wasting precious freshwater. Well, NVIDIA wants to take away that last one, beacause the all-water cooled Ruben architecture won’t need any evaporative cooling— coolant can stay in a closed loop, and never needs to be cooled below 45 C, or 113 F.

This sort of coolant loop should be familiar to anyone who has ever built a water-cooled PC or PlayStation: there’s a glycol-water mix, water blocks, and a radiator to reject heat to the environment. NVIDIA doesn’t mention if their new servers come with RGB lighting, but we’d like to imagine it’s an option. The big difference — aside from the rainbow LEDs– between a Ruben server and your old gaming rig is that in these racks, everything is on a waterblock. If there’s a chip on the motherboard generating heat, it’s getting rid of it into the same cooling water. Cooling water, that we have to emphasize, needs only be cooler than the chips themselves: in this case, they’re talking 45 C on the cold side, and 55 C headed out of the racks. (That’s 113 F to 131 F for all the bald eagles reading this.)

Given the required temperature drop is so modest, there’s no need for the evaporative chillers that have given AI data centers such a bad name in water conservation circles. Just like in a water-cooled PC, ambient-temperature air running over dry heat exchangers– also known as big honkin’ radiators–is able to handle the cooling, so no water is lost. Since everything is on waterblocks, there’s no need for cooling air, either, and the server farms need only be air conditioned to the degree required to make them comfortable to work in.

If you think NVIDIA is making this change because they suddenly care about water conservation, think again. The press release makes their motivations very clear: cooling costs money, and running this hot saves a lot of it. We’re talking four mil US a year for a 50 MW hyperscaler. One might suspect that this sort of thermal regime could limit the lifetime of the hard-working NPUs, but since they’ll be obsolete in a few years anyway, that’s not likely a big concern, especially not for NVIDIA.

We’ve actually seen hotter fluids used to cool computers before– coffee, for one. Water cooling also isn’t new in the data center world; we took a look at it a few years back. Things are clearly heating up now, though.

How LLMs Can Be Assisted To Do Arithmetic Correctly

One of the most hilarious things you can do with an LLM-based chatbot is to ask it to do calculations. If it’s a well-written chatbot frontend, it can detect requests for arithmetic – like summing 1 and 1 – and pass it on to a dedicated calculator application, even if still cannot correctly count the ‘r’s in ‘strawberry’. This is where [Alvaro Videla] asks the question whether it is at all possible to perform arithmetic with a language model.

Since an LLM at its core is nothing but a vector space of probabilities that a matrix-based inference process uses to create a probabilistic output of tokens you’d not expect a lot of deterministic behavior. How can you do arithmetic without grounding it in some kind of deterministic process?

This is where [Alvaro]’s Rune project comes into play, which is ‘a mechanism-aware JIT compilation project for language-model arithmetic’. Although it is statistically impossible for an LLM to ever correctly perform any random series of arithmetic calculations, you can monitor the internal state of the model and interfere once the parameters of an arithmetic calculation have been identified. By putting the correct result back into the inference process and letting it continue you did not need to rely on external tools.

Ultimately this attempt sort-of worked, but was deemed a failure. It would seem that a language model is the wrong tool after all for replacing the humble calculator.

A wooden doll with a long nose that has nothing to do with Disney

Bavarian Court Tells Gemini It Can’t Be A Real Boy Until It Tells The Truth

Does anyone like Google’s AI summaries? If so, they weren’t on the Judge’s bench in a specific Bavarian courtroom recently, where it was ruled that yes, Google is liable for the hallucinations of its search engine AI.

This was a civil case brought by a pair of Munich companies, both of whom were wrongfully slandered by LLM hallucinations. Google took the position that this information must have existed somewhere, and like presenting links to libelous websites — something they have no obligation to avoid — they should not be held accountable for what the summary at the top of the search results says.

Continue reading “Bavarian Court Tells Gemini It Can’t Be A Real Boy Until It Tells The Truth”

Is A CS Degree DOA Thanks To LLMs? IEEE Says TBD.

The ongoing AI apocalypse is hitting prices for high-end components from RAM to GPUs to storage hard, which is bad enough when you have a job to try and budget for those now-pricier items — but what if you don’t? Once upon a time, it might have been good advice to tell a jobless friend to “learn to code,” but is that still true in the era of AI? [Brian Jenney], writing for IEEE Spectrum, says the death of the CS degree has been vastly exaggerated, but your take might differ. Let’s look at the numbers.

Unemployment is higher amongst new Computer Science grads than ever: in the US, it’s at 6.1%, while 7.5% of Computer Engineering graduates are on the dole. That’s a record high, and while various EU countries have their own numbers, they all have one thing in common: they’ve all shot up like a rocket in the past few years. In the USA, Philosophy grads report only 3% unemployment. Let that sink in: the folks you used to bully as being the most useless on campus are twice as likely to get a job as you would be if you were in school today.

Continue reading “Is A CS Degree DOA Thanks To LLMs? IEEE Says TBD.”

AI The Truly Environmentally Friendly Way

A common complaint about the rise of commercial AI services is that they are power-hungry and thus damage the environment. If this concerns you then [Squeezlabs] has the solution, in the form of an AI powered by a handcrank.

The guts of the system is a Raspberry Pi 5 running llama.cpp and appropriate speech conversions, but it and the Large Language Model (LLM) side are not the most interesting part of this system. The power comes from a hand crank charger of the type you’ll see for sale on the likes of AliExpress, designed for USB charging. That in itself is not enough to power the Pi though, as upticks in the processing can cause brownouts that crash the machine. Thus there’s a custom-made capacitor board to take up the strain, and even with that the handle resistance varies significantly depending on the computing load.

We can see that this is not the ideal way to experience an LLM, but maybe that’s not the point. It does however point towards a future in which the power demands of processing decrease and less effort is required. Meanwhile, this is by no means the first hand cranked project we’ve seen.