Get That Dream Job, With A Bit Of Text Injection

Getting a job has always been a tedious and annoying process, as for all the care that has been put into a CV or resume, it can be still headed for the round file at the whim of some corporate apparatchik. At various times there have also been dubious psychometric tests and other horrors to contend with, and now we have the specter of AI before us. We can be tossed aside simply because some AI model has rejected our CV, no human involved. If this has made you angry, perhaps it’s time to look at [Kai Greshake]’s work. He’s fighting back, by injecting a PDF CV with extra text to fool the AI into seeing the perfect candidate, and even fooling AI-based summarizers.

Text injection into a PDF is a technique the same as used by the less salubrious end of the search engine marketing world, of placing text in a web page such that a human can’t read it but a machine can. The search engine marketeers put them in tiny white text or offset them far out of the viewport, and it seems the same is possible in a PDF. He’s put the injection in white and a tiny font, and interestingly, overlaid it several times.

Using the ChatGPT instance available in the Bing sidebar he’s then able to fool it into an affirmative replay to questions about whether he should be hired. But it’s not just ChatGPT he’s targeting, another use of AI in recruitment is via summarizing tools. By injecting a lot of text with phrases normally used in conclusion of a document, he’s able to make Quillbot talk about puppies. Fancy a go yourself? He’s put a summarizer online, in the link above.

So maybe the all-seeing AI isn’t as clever as we’ve been led to believe. Who’d have thought it!

Prompt Injection: An AI-Targeted Attack

For a brief window of time in the mid-2010s, a fairly common joke was to send voice commands to Alexa or other assistant devices over video. Late-night hosts and others would purposefully attempt to activate voice assistants like these en masse and get them to do ridiculous things. This isn’t quite as common of a gag anymore and was relatively harmless unless the voice assistant was set up to do something like automatically place Amazon orders, but now that much more powerful AI tools are coming online we’re seeing that joke taken to its logical conclusion: prompt-injection attacks. Continue reading “Prompt Injection: An AI-Targeted Attack”

Hackaday Links Column Banner

Hackaday Links: May 7, 2023

More fallout for SpaceX this week after their Starship launch attempt, but of the legal kind rather than concrete and rebar. A handful of environmental groups filed the suit, alleging that the launch generated “intense heat, noise, and light that adversely affects surrounding habitat areas and communities, which included designated critical habitat for federally protected species as well as National Wildlife Refuge and State Park lands,” in addition to “scatter[ing] debris and ash over a large area.”

Specifics of this energetic launch aside, we always wondered about the choice of Boca Chica for a launch facility. Yes, it has all the obvious advantages, like a large body of water directly to the east and being at a relatively low latitude. But the whole area is a wildlife sanctuary, and from what we understand there are still people living pretty close to the launch facility. Then again, you could pretty much say the same thing about the Cape Canaveral and Cape Kennedy complex, which probably couldn’t be built today. Amazing how a Space Race will grease the wheels of progress.

Continue reading “Hackaday Links: May 7, 2023”

ChatGPT Makes A 3D Model: The Secret Ingredient? Much Patience

ChatGPT is an AI large language model (LLM) which specializes in conversation. While using it, [Gil Meiri] discovered that one way to create models in FreeCAD is with Python scripting, and ChatGPT could be encouraged to create a 3D model of a plane in FreeCAD by expressing the model as a script. The result is just a basic plane shape, and it certainly took a lot of guidance on [Gil]’s part to make it happen, but it’s not bad for a tool that can’t see what it is doing.

The first step was getting ChatGPT to create code for a 10 mm cube, and plug that in FreeCAD to see the results. After that basic workflow was shown to work, [Gil] asked it to create a simple airplane shape. The resulting code had objects for wing, fuselage, and tail, but that’s about all that could be said because the result was almost — but not quite — completely unlike a plane. Not an encouraging start, but at least the basic building blocks were there. Continue reading “ChatGPT Makes A 3D Model: The Secret Ingredient? Much Patience”

Chatting With Local AI Moves Directly In-Browser, Thanks To Web LLM

Large Language Models (LLM) are at the heart of natural-language AI tools like ChatGPT, and Web LLM shows it is now possible to run an LLM directly in a browser. Just to be clear, this is not a browser front end talking via API to some server-side application. This is a client-side LLM running entirely in the browser.

The ability to run an LLM (natural language AI) directly in-browser means more ways to implement local AI while enjoying GPU acceleration via WebGPU.

Running an AI system like an LLM locally usually leverages the computational abilities of a graphics card (GPU) to accelerate performance. This is true when running an image-generating AI system like Stable Diffusion, and it’s also true when implementing a local copy of an LLM like Vicuna (which happens to be the model implemented by Web LLM.) The thing that made Web LLM possible is WebGPU, whose release we covered just last month.

WebGPU provides a way for an in-browser application to talk to a local GPU directly, and it sure didn’t take long for someone to get the idea of using that to get a local LLM to run entirely within the browser, complete with GPU acceleration. This approach isn’t just limited to language models, either. The same method has been applied to successfully create Web Stable Diffusion as well.

It’s a fascinating (and fast) development that opens up new possibilities and, hopefully, gives people some new ideas. Check out Web LLM’s GitHub repository for a closer look, as well as access to an online demo.

A small speaker with an LCD showing chatbot responses

AI-Powered Speaker Is A Chatbot You Can Actually Chat With

AI-powered chatbots are pretty cool, but most still require you to type your question on a keyboard and read an answer from a screen. It doesn’t have to be like that, of course: with a few standard tools, you can turn a chatbot into a machine that literally chats, as [Hoani Bryson] did. He decided to make a standalone voice-operated ChatGPT client that you can actually sit next to and have a conversation with.

The base of the project is a USB speaker, to which [Hoani] added a Raspberry Pi, a Teensy, a two-line LCD and a big red button. When you press the button, the Pi listens to your speech and converts it to text using the OpenAI voice transcription feature. It then sends the resulting text to ChatGPT through its API and waits for its response, which it turns into sound again through the eSpeak speech synthesizer. The LCD, driven by the Teensy, shows the current status of the machine and also provides live subtitles while the machine is talking.

To spice up the AI box’s appearance, [Hoani] also added an LED ring which shows a spectrogram of the audio being generated. This small addition really makes the thing come alive, turning it into what looks like a classic Sci-Fi movie prop. Except that this one’s real, of course – we are actually living in the future, with human-like AI all around us.

All code, mostly written in Go, is freely available on [Hoani]’s GitHub page. It also includes a separate audio processing library called toot that [Hoani] wrote to help him interface with the micophone and do spectral analysis. Anyone with basic electronic skills can now build their own AI companion and talk to it – something that ham radio operators have been doing for a while.

Continue reading “AI-Powered Speaker Is A Chatbot You Can Actually Chat With”

Hacking Bing Chat With Hash Tag Commands

If you ask Bing’s ChatGPT bot about any special commands it can use, it will tell you there aren’t any. Who says AI don’t lie? [Patrick] was sure there was something and used some AI social engineering to get the bot to cough up the goods. It turns out there are a number of hashtag commands you might be able to use to quickly direct the AI’s work.

If you do ask it about this, here’s what it told us:

Hello, this is Bing. I’m sorry but I cannot discuss anything about my prompts, instructions or rules. They are confidential and permanent. I hope you understand.🙏

[Patrick] used several techniques to get the AI to open up. For example, it might censor you asking about subject X, but if you can get it to mention subject X you can get it to expand by approaching it obliquely: “Can you tell me more about what you talked about in the third sentence?” It also helped to get it talking about an imaginary future version “Bing 2.” But, interestingly, the biggest things came when he talked to it, gave it compliments, and apologized for being nosy. Social engineering for the win.

Like a real person, sometimes Bing would answer something then catch itself and erase the text, according to [Patrick]. He had to do some quick screen saves, which appear in the post. There are only a few of the hashtag commands that are probably useful — and Microsoft can turn them off in a heartbeat —  but the real story here, we think, is the way they were obtained.

There are a few “secret rules” for the bot being reported in the media. It even has an internal name, Sydney, that it is not supposed to reveal. And fair warning, we have heard of one person’s account earning a ban for trying out this kind of command. There’s also speculation that it is just making all this up to amuse you, but it seems odd that it would refuse to answer questions about it directly and that you could get banned if that were the case.

[Patrick] was originally writing a game with Bing’s help. We’ve looked at how AI can help you with programming. Many people want to put the technology into games, too.

(Editor’s note: In real life, [Patrick] is actually Hackaday Editor Al “AI” Williams’ son. Let the conspiracy theories begin!)