Martin Bernklau is a German journalist who reported for decades on criminal trials. He looked himself up on Bing, which suggests you use its Copilot AI. Copilot then listed a string of crimes Bernk…
Copilot then listed a string of crimes Bernklau had supposedly committed — saying that he was an abusive undertaker exploiting widows, a child abuser, an escaped criminal mental patient. [SWR, in German]
These were stories Bernklau had written about. Copilot produced text as if he was the subject. Then Copilot returned Bernklau’s phone number and address!
and there’s fucking nothing in place to prevent this utterly obvious failure case, other than if you complain Microsoft will just lazily regex for your name in the result and refuse to return anything if it appears
I’m having a sneaking suspicion that this is what they do for all the viral ‘here the LLM famously says something wrong’ problems, as I don’t think they can actually reliably train the model it made an error.
That’s the most straightforward fix. You can’t actually fix the output of an LLM, so you have to run something on the output. You can have it scanned by another AI but that costs money and is also fallible. Regex/delete is the most reliable way to censor.
Yes, and then the problem is that this doesn’t really scale well. Esp as it is always hard to regexp all the variants correctly without false positives and negatives. Time to regexp html ;).
Yeah, and you can really see this in image generation. There’s often blocks on using the names of celebrities in the prompts, but if you misspell the names enough it can bypass the censor, and the image generator still understands it.
god, so this is actually the best the AI researchers can do with the tools they’ve shit out into the world without giving any thought to failure cases or legal liability (beyond their manager on slackTeams claiming it’s been taken care of)
so fuck it, let’s make the defamation machine a non-optional component of windows. we’ll just make it a P0 when someone who could actually get us in legal trouble complains! everyone else is a P2 that never gets assigned.
are there mechanisms known to researchers that Microsoft’s not using that can prevent this type of failure case in an LLM without resorting to whack-a-mole with a regex?
To be blunt, LLMs are one of the stupider ways to try and use AI. There is incredible potential in many other applications which don’t attempt to interface with something as irrational and unpredictable as people.
I agree; LLMs and generative AI are indelibly a product of capitalism, and they can’t exist without widespread theft, exploitation of labor, massive concentrations of capital, and a willingness to destroy the environment. they are the stupidest use of technology I’ve ever seen, and after cryptocurrencies the bar for stupid was pretty fucking high. that the products themselves obscure the theft and exploitation that went into training them is a feature for the corporations developing this horseshit, not a bug.
and that’s why it’s notable that the self-described AI researchers behind these garbage products can’t even do basic shit like have the LLM not call a journalist a pedophile without resorting to an absolute hack that won’t scale. there’s no fixing LLMs; systemically, they are what they are. and now this absolute horseshit is a component of what’s unfortunately still the dominant desktop operating system.
They’re being funded by the capitalists that want to replace all those annoying human workers with the cheapest possible alternative.
Of course, the problem is that while a LLM is the cheapest possible option, it’s turning out that it’s the most useless and garbage one too.
(Also, I’m shockingly infuriated that the tech workers that would end up being the ones replaced the soonest are so busy licking boots rather than throwing their shoes into the machinery.)
Also, I’m shockingly infuriated that the tech workers that would end up being the ones replaced the soonest are so busy licking boots rather than throwing their shoes into the machinery.
Just because you aren’t hearing about us, doesn’t mean we don’t exist. ;)
Also, I’m shockingly infuriated that the tech workers that would end up being the ones replaced the soonest are so busy licking boots rather than throwing their shoes into the machinery.
so much of our industry is dedicated to ensuring that tech workers, most of whom consider themselves experts on complex systems, never analyze or try to influence the social systems surrounding and influencing their labor. these are the same loud voices that insist tech isn’t political, while turning important parts of our public and open source tech infrastructure into a Nazi bar.
The really fucking dumb part of it, you can believe me or not, is that this appears to all circle back to ancient misunderstandings about the nature of man, and attempts to create automatons which behave like men but are perfectly obedient. There is a subset of the population which tries this exact same bullshit with every new technology we create.
I can see that as being one of the influences that fed into the formation of the TESCREAL belief package — “I have an automaton that behaves like a person but with supernatural qualities” really is an ancient grift, and the TESCREAL belief in omnipotent AGI being just around the corner is that same grift taken to an extreme
Exactly, and all of this is a simple matter of having multiple models trained on different instances of the entire public internet and determining whether their outputs contradict each other or a web search.
I wonder how they prevented search engine results from contradicting data found through web search before LLMs became a thing?
They didn’t really have to before LLM. Search engine results, in the heyday we’re backlink driven. You could absolutely search disinformation and find it. But if you searched for a credible article on someone, chances are more people would have links to the good article than the disinformation. However, conspiracy theories often leaked through into search results. And in that case they just gave you the web pages and you had to decide for yourself.
No shit. Maybe they should just get rid of the extra bullshit generator and serve the sources instead of piling more LLM on the problem that only exists because of it.
How do you measure good/bad at predicting words? What’s the metric? Cause it doesn’t seem to be “the words make factual sense” if you’re defending this.
like fuck, all you or I want out of these wandering AI jackasses is something vaguely resembling a technical problem statement or the faintest outline of an algorithm. normal engineering shit.
but nah, every time they just bullshit and say shit that doesn’t mean a damn thing as if we can’t tell, and when they get called out, every time it’s the “well you ¡haters! just don’t understand LLMs” line, as if we weren’t expecting a technical answer that just never came (cause all of them are only just cosplaying as technically skilled people and it fucking shows)
I was thinking about this after reading the P(Dumb) post.
All normal ML applications have a notion of evalutaion, e.g. the 2x2 table of {false,true}x{positive,negative}, or for clustering algorithms some metric of “goodness of fit”. If you have that you can make an experiment that has quantifiable results, and then you can do actual science.
I don’t even know what the equivalent for LLMs is. I don’t really have time to spare to dig through the papers, but like, how do they do this? What’s their experimental evaluation? I don’t seen an easy way to classify LLM outputs into anything really.
The only way to do science is hypothesis->experiment->analysis. So how the fuck do the LLM people do this?
It’s weird how these people want everyone to believe that they’re a new class of tech-priest but they also give off the vibe that they’d throw away their laptop if they accidentally deleted the Microsoft Edge icon on their desktop.
No. Predicting words is barely related to facts. I’ll defend AI as an occasionally useful tool, but nothing it ever says should be taken as fact without confirmation. Sometimes that confirmation can be experimental — does this recipe taste good? Sometimes you need expert supervision to say this part was translated wrong or this code won’t work because of xyz. Sometimes you have to go out and look it up.
I like AI but there is a real problem treating it like the output means anything. It might give you a direction to look closer at, but it can never be the endpoint. We’d be better off not trying to censor it, but understanding it will bullshit you without blinking.
I summarize all of that by saying AI is a useful tool, but a terrible product.
this claim keeps getting brought up and every time it doesn’t seem to mean a damn thing, particularly since no, censoring the output of an LLM doesn’t do anything to its ability to predict text. censoring its training set would, but seeing as the topic of this thread is a fact an LLM fabricated by being just a dumb text predictor — there’s no real way to censor the training set to prevent this, LLMs are just shitty.
I summarize all of that by saying AI is a useful tool
trying to find a use case for this horseshit has broken your brain into thinking these worthless tools would have value if only they weren’t “being censored” or whatever cope you gleaned from the twitter e/accs
and there’s fucking nothing in place to prevent this utterly obvious failure case, other than if you complain Microsoft will just lazily regex for your name in the result and refuse to return anything if it appears
I’m having a sneaking suspicion that this is what they do for all the viral ‘here the LLM famously says something wrong’ problems, as I don’t think they can actually reliably train the model it made an error.
That’s the most straightforward fix. You can’t actually fix the output of an LLM, so you have to run something on the output. You can have it scanned by another AI but that costs money and is also fallible. Regex/delete is the most reliable way to censor.
Yes, and then the problem is that this doesn’t really scale well. Esp as it is always hard to regexp all the variants correctly without false positives and negatives. Time to regexp html ;).
Yeah, and you can really see this in image generation. There’s often blocks on using the names of celebrities in the prompts, but if you misspell the names enough it can bypass the censor, and the image generator still understands it.
it helps they did it to someone with contacts and it was on prime time news telly
god, so this is actually the best the AI researchers can do with the tools they’ve shit out into the world without giving any thought to failure cases or legal liability (beyond their manager on
slackTeams claiming it’s been taken care of)so fuck it, let’s make the defamation machine a non-optional component of windows. we’ll just make it a P0 when someone who could actually get us in legal trouble complains! everyone else is a P2 that never gets assigned.
Highly unlikely. This is what corporation’s public facing products can do.
are there mechanisms known to researchers that Microsoft’s not using that can prevent this type of failure case in an LLM without resorting to whack-a-mole with a regex?
To be blunt, LLMs are one of the stupider ways to try and use AI. There is incredible potential in many other applications which don’t attempt to interface with something as irrational and unpredictable as people.
I agree; LLMs and generative AI are indelibly a product of capitalism, and they can’t exist without widespread theft, exploitation of labor, massive concentrations of capital, and a willingness to destroy the environment. they are the stupidest use of technology I’ve ever seen, and after cryptocurrencies the bar for stupid was pretty fucking high. that the products themselves obscure the theft and exploitation that went into training them is a feature for the corporations developing this horseshit, not a bug.
and that’s why it’s notable that the self-described AI researchers behind these garbage products can’t even do basic shit like have the LLM not call a journalist a pedophile without resorting to an absolute hack that won’t scale. there’s no fixing LLMs; systemically, they are what they are. and now this absolute horseshit is a component of what’s unfortunately still the dominant desktop operating system.
I’m ngl I think crypto is even stupider. it’s a real competition though
EDIT: idea. a tech bullshit bracket
They’re being funded by the capitalists that want to replace all those annoying human workers with the cheapest possible alternative.
Of course, the problem is that while a LLM is the cheapest possible option, it’s turning out that it’s the most useless and garbage one too.
(Also, I’m shockingly infuriated that the tech workers that would end up being the ones replaced the soonest are so busy licking boots rather than throwing their shoes into the machinery.)
Just because you aren’t hearing about us, doesn’t mean we don’t exist. ;)
so much of our industry is dedicated to ensuring that tech workers, most of whom consider themselves experts on complex systems, never analyze or try to influence the social systems surrounding and influencing their labor. these are the same loud voices that insist tech isn’t political, while turning important parts of our public and open source tech infrastructure into a Nazi bar.
The really fucking dumb part of it, you can believe me or not, is that this appears to all circle back to ancient misunderstandings about the nature of man, and attempts to create automatons which behave like men but are perfectly obedient. There is a subset of the population which tries this exact same bullshit with every new technology we create.
I can see that as being one of the influences that fed into the formation of the TESCREAL belief package — “I have an automaton that behaves like a person but with supernatural qualities” really is an ancient grift, and the TESCREAL belief in omnipotent AGI being just around the corner is that same grift taken to an extreme
Yeah there’s already a lot of this in play.
You run the same query multiple times through multiple models and do a web search looking for conflicting data.
I’ve had copilot answer a query, then erase the output and tell me it couldn’t answer it after about 5 seconds.
I’ve also seen responses contradict themselves later paragraphs saying there are other points of view.
It would be a simple matter to have it summarize the output it’s about to give you and dump the output of it paints the subject in a negative light.
“it can’t be that stupid, you must be prompting it wrong”
Exactly, and all of this is a simple matter of having multiple models trained on different instances of the entire public internet and determining whether their outputs contradict each other or a web search.
I wonder how they prevented search engine results from contradicting data found through web search before LLMs became a thing?
They didn’t really have to before LLM. Search engine results, in the heyday we’re backlink driven. You could absolutely search disinformation and find it. But if you searched for a credible article on someone, chances are more people would have links to the good article than the disinformation. However, conspiracy theories often leaked through into search results. And in that case they just gave you the web pages and you had to decide for yourself.
this naive revisionist shit still standing in ignorance of easily 15y+ of SEO-fuckery (first for influence, and then for spam) is hilarious
No shit. Maybe they should just get rid of the extra bullshit generator and serve the sources instead of piling more LLM on the problem that only exists because of it.
lol. like that’s a fix
(Hindenburg, hitler, great depression, ronald reagan, stalin, modi, putin, decades of north korea life, …)
🎶 we didn’t start the fire 🎶
llms are (approximately) advanced versions of predictive text, any censorship will make them worse.
worse at what, exactly?
Predicting words.
How do you measure good/bad at predicting words? What’s the metric? Cause it doesn’t seem to be “the words make factual sense” if you’re defending this.
like fuck, all you or I want out of these wandering AI jackasses is something vaguely resembling a technical problem statement or the faintest outline of an algorithm. normal engineering shit.
but nah, every time they just bullshit and say shit that doesn’t mean a damn thing as if we can’t tell, and when they get called out, every time it’s the “well you ¡haters! just don’t understand LLMs” line, as if we weren’t expecting a technical answer that just never came (cause all of them are only just cosplaying as technically skilled people and it fucking shows)
I was thinking about this after reading the P(Dumb) post.
All normal ML applications have a notion of evalutaion, e.g. the 2x2 table of {false,true}x{positive,negative}, or for clustering algorithms some metric of “goodness of fit”. If you have that you can make an experiment that has quantifiable results, and then you can do actual science.
I don’t even know what the equivalent for LLMs is. I don’t really have time to spare to dig through the papers, but like, how do they do this? What’s their experimental evaluation? I don’t seen an easy way to classify LLM outputs into anything really.
The only way to do science is hypothesis->experiment->analysis. So how the fuck do the LLM people do this?
It’s weird how these people want everyone to believe that they’re a new class of tech-priest but they also give off the vibe that they’d throw away their laptop if they accidentally deleted the Microsoft Edge icon on their desktop.
No. Predicting words is barely related to facts. I’ll defend AI as an occasionally useful tool, but nothing it ever says should be taken as fact without confirmation. Sometimes that confirmation can be experimental — does this recipe taste good? Sometimes you need expert supervision to say this part was translated wrong or this code won’t work because of xyz. Sometimes you have to go out and look it up.
I like AI but there is a real problem treating it like the output means anything. It might give you a direction to look closer at, but it can never be the endpoint. We’d be better off not trying to censor it, but understanding it will bullshit you without blinking.
I summarize all of that by saying AI is a useful tool, but a terrible product.
You’re dodging the question. How do you evaluate if it’s good at predicting words? How do you evaluate if a change made it better or worse?
this claim keeps getting brought up and every time it doesn’t seem to mean a damn thing, particularly since no, censoring the output of an LLM doesn’t do anything to its ability to predict text. censoring its training set would, but seeing as the topic of this thread is a fact an LLM fabricated by being just a dumb text predictor — there’s no real way to censor the training set to prevent this, LLMs are just shitty.
trying to find a use case for this horseshit has broken your brain into thinking these worthless tools would have value if only they weren’t “being censored” or whatever cope you gleaned from the twitter e/accs