Comment by gnunicorn

3 days ago

Just because everything is a potential threat vector now: doesn't this also mean you could easily put AI specific malicious instructions into the PDF that the regular human would never notice?

Like the "white text between the lines that only appears when copy-pasted"-hack that some professors have been doing in their exercises to their students to include pink elephants in the output and stuff. But worse. Just thinking of a electricity bill pdf you provide as proof of address to some company that uses an LLM to extraxt that address and pre-process that doc. But instead we can command it to do something else that a regular human wouldn't even ever notice...

Just a thought

11 comments

gnunicorn

Reply
projektfu  2 days ago

For quite some time the best approach to documents you didn't create is to rasterize and OCR. For at least 20 years, PDFs have been intentionally scrambled or have had extraneous text that appears in copy/paste but does not appear in the visible output.

dmlittle  3 days ago

Yes, although that's not new. The amount of different exploits and RCE I've seen in the past decade from just "opening" an PDF is mind blowing. Not sure if it's slowed down but around 8 years ago ghostcript would patch a couple of RCE from PDF processing every few months.

LPisGood  3 days ago

Oh this happens all the time. When Apple announced they would be scanning everyone’s private iCloud data for CSAM, they had some “PSI” system which would at some point consider the content of a grayscale and reduced quality version of the image.

The problem is that security researchers for years have known about pre-processing attacks where photos which appear as one thing (a dog in a yard) appear ad something completely different (a cat on a couch) once put through machine learning pre-processing.

mschuster91  3 days ago

> Just because everything is a potential threat vector now: doesn't this also mean you could easily put AI specific malicious instructions into the PDF that the regular human would never notice?

Yup and there's so many memes floating around regarding that being used to bypass AI "resume reviewers" that it got academically reviewed [1].

[1] https://arxiv.org/html/2605.28999v1

utopiah  3 days ago

> Just because everything is a potential threat vector now

Sweet Summer child... it always was the case. There is no "now" just because there are new tools.

  • dmd  2 days ago

    It was always the case that a mean person could throw a rock at you and you'd die. Therefore, nuclear weapons are nothing to be worried about.

    • utopiah  2 days ago

      It's 2 different statements. The first is true, even if you don't like it. The "therefore" is something you completely made up to make your point and imply something I neither said nor suggested.

      You might not like it either but an arm race isn't new. The tools changed but competition, and thus threats, remain.

      1 reply →

    • cwmoore  2 days ago

      This is a form of argument known as reductio ad absurdum. I see it more and more frequently now, often in dismissal of a fairly throughtful point of view, usually with a mocking and disdainful tone, and therefore nuclear weapons are nothing to worry about.

      2 replies →