LLM

72 Articles

ChatGPT, Bing, And The Upcoming Security Apocalypse

March 4, 2023 by 46 Comments

Most security professionals will tell you that it’s a lot easier to attack code systems than it is to defend them, and that this is especially true for large systems. The white hat’s job is to secure each and every point of contact, while the black hat’s goal is to find just one that’s insecure.

Whether black hat or white hat, it also helps a lot to know how the system works and exactly what it’s doing. When you’ve got the source code, either because it’s open-source, or because you’re working inside the company that makes the software, you’ve got a huge advantage both in finding bugs and in fixing them. In the case of closed-source software, the white hats arguably have the offsetting advantage that they at least can see the source code, and peek inside the black box, while the attackers cannot.

Still, if you look at the number of security issues raised weekly, it’s clear that even in the case of closed-source software, where the defenders should have the largest advantage, that offense is a lot easier than defense.

So now put yourself in the shoes of the poor folks who are going to try to secure large language models like ChatGPT, the new Bing, or Google’s soon-to-be-released Bard. They don’t understand their machines. Of course they know how the work inside, in the sense of cross multiplying tensors and updating weights based on training sets and so on. But because the billions of internal parameters interact in incomprehensible ways, almost all researchers refer to large language models’ inner workings as a black box.

And they haven’t even begun to consider security yet. They’re still worried about how to construct obscure background prompts that prevent their machines from spewing hate speech or pornographic novels. But as soon as the machines start doing something more interesting than just providing you plain text, the black hats will take notice, and someone will have to figure out defense.

Indeed, this week, we saw the first real shot across the bow: a hack to make Bing direct users to arbitrary (bad) webpages. The Bing hack requires the user to already be on a compromised website, so it’s maybe not very threatening, but it points out a possible real security difference between Bing and ChatGPT: Bing gives you links to follow, and that makes it a juicy target.

We’re right on the edge of a new security landscape, because even the white hats are facing a black box in the AI. So far, what ChatGPT and Codex and other large language models are doing is trivially secure – putting out plain text – but Bing is taking the first dangerous steps into doing something more useful, both for users and black hats. Given the ease with which people have undone OpenAI’s attempts to keep ChatGPT in its comfort zone, my guess is that the white hats will have their hands full, and the black-box nature of the model deprives them of their best hope. Buckle your seatbelts.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

AI-Controlled Twitch V-Tuber Has More Followers Than You

January 12, 2023 by 45 Comments

Surely we have all at least heard of Twitch by now. For the as-yet uninitiated: imagine you had your own TV channel. What would you do on it? Although Twitch really got going as a place for gamers to stream the action, there are almost as many people jamming out on their guitars, or building guitars, or just talking about guitars. And that’s just the example that uses guitars — if you can think of it, someone is probably doing it live on Twitch, within the Terms of Service, of course.

Along with the legions of people showing their faces and singing their hearts out, you have people in partial disguise, and then you have v-tubers. That stands for virtual tubers, and it just means that the person is using an anime avatar to convey themselves.

Now that you’re all caught up, let’s digest the following item together: there’s a v-tuber on Twitch that’s controlled entirely by AI. Let me run that by you again: there’s a person called [Vedal] who operates a Twitch channel. Rather than stream themselves building Mad Max-style vehicles and fighting them in a post-apocalyptic wasteland, or singing Joni Mitchell tunes, [Vedal] pulls the strings of an AI they created, which is represented by an animated character cleverly named Neuro-sama. Not only does Neuro-sama know how to play Minecraft and osu!, she speaks gamer and interacts regularly with chat in snarky, 21st century fashion. And that really is the key behind Twitch success — interacting with chat in a meaningful way.

Continue reading “AI-Controlled Twitch V-Tuber Has More Followers Than You”