← Back to context

Comment by spongebobstoes

4 hours ago

it's well documented that models can be adversarially trained with essentially backdoors in response to special inputs

while I am skeptical that this is happening atm, there are probably many industries where the risk does not seem worthwhile

I suppose this is like when Anthropic was using “prompt modification, steering vectors, or parameter-efficient fine-tuning” to poison the work of people working in the LLM field, including academic researchers.

When the model is open weights you can even pass every token (including the chain of thought) though a fourth-party lightweight model like gpt-oss-safeguard to check that it has not become adversarial.

I feel like that's a threat that isn't super difficult to block. Unplug it from the internet, require it to go through an API intermediary to access web pages.

Maybe I just don't have any imagination.

  • It could generate code that's plausible but has intentional flaws, kind of like the defunct underhanded C contest [0], except through a LLM.

    [0] https://en.wikipedia.org/wiki/Underhanded_C_Contest

    • It could, but exposing that would doom the company entirely, and AI doesn't generate code with near the quality needed to get a model to mass adoption, insert malicious underhanded code, ensure that consistently looks innocuous enough to never be noticed, and- most importantly- actually exfiltrate data without being noticed. Once it is noticed, it's game over across the board.