Comment by WarmWash
10 days ago
On some level though we have to be cognizant of the potential for harm these models have.
LLMs are still a little loosey goosey, and we are right on the cusp (if not there already) for an agent to hack a bank and steal money for some rando teenager with a penchant for jail breaking.
The regulations are and will be negative, but don't lose sight of what LLMs can do off the leash.
>but don't lose sight of what LLMs can do off the leash.
there is no such thing as an LLM "off the leash", it's not a dog, and even if it was a dog the person responsible is the owner. What is this bizarre attitude to a piece of software that makes people think existing laws don't apply?
If your LLM agent hacks a bank, you have hacked a bank, you will go to prison and that's entirely sufficient. People have been hacking banks for decades now, it didn't require the government to regulate C compilers and Emacs.
This is overly reductive.
If your web browser hacks a bank, but you didn't know and didn't expect it to, have you hacked a bank? Why is an LLM different? What happened to mens rea?
A web browser can't decide to hack a bank anymore than a LLM can. Neither have any understanding of what a bank is or any will to act on their own. The person who instructs/uses a web browser to hack a bank (even if it's someone else's browser) commits the crime.
5 replies →
We'll only know when that gets tested in court, but I'd be willing to bet the answer will be: yes, you have hacked a bank. I find it very hard to believe the justice system would let someone off on some technicality around intention and agents after a serious bank hack.
> If your web browser hacks a bank, but you didn't know and didn't expect it to, have you hacked a bank?
Depends, as usual. Intent can matter, but depends on the statute (and jurisdiction) in question.
1 reply →
There is a baseline level of competence and motivation needed to commit crimes.
Decades ago few people would walk into a record store and steal CDs. Napster came along smashing all barriers entry, and it became weird not to steal music.
Its not really the legality that matters, it's the barrier on one hand and the cognitive ability on the other. Drop both and you get huge spikes in crime.
> On some level
The appropriate level would be regulation though? Like I just don't get how we can argue that arbitrarily throttling companies is ok.
OpenAI fired the starting gun 3.5 years ago before anyone in the industry had a sound safety plan, and not much progress has been made since.
So here we are, it's probably going to me messy and err on the side of over-bearing.
I'm fine with erring on the side of overbearing, as long as it's not blatant cronyism
3 replies →
Robbing banks is already illegal
Society at large is unaware how much crime general laziness and incompetence prevents from happening.
But we’re entering a somewhat weird situation where a careless/dumb person might actually rob a bank by legitimate accident.
That’s why I’m selling OpenClaw insurance! /s
Bank should be more secure, if a random person with an LLM can hack them, they should have paid 100 random blue teamers with LLMs to hack them first to get more secure. Not AI's fault.
> blue teamers
Pretty sure you mean red team here. While I've heard people refer to any offensive security (eg including blackhat) as 'red team' , it typically means people you've hired or contracted to try to break into your systems, whereas the blue team are people you've hired to build and operate your security defenses. Red and blue team are both your employees / contractors but perform different functions.
Yes I did
The purpose of policies like this is precisely to ensure that those 100 runs do happen first, rather than allowing a free-for-all where they have to race to secure their systems.