• This is fine🔥🐶☕🔥@lemmy.world
    link
    fedilink
    English
    arrow-up
    65
    arrow-down
    5
    ·
    edit-2
    8 months ago

    ⢀⡴⠑⡄⠀⠀⠀⠀⠀⠀⠀⣀⣀⣤⣤⣤⣀⡀⠀⠀⠀⠀⠀ ⠸⡇⠀⠿⡀⠀⠀⠀⣀⡴⢿⣿⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀ ⠀⠀⠀⠀⠑⢄⣠⠾⠁⣀⣄⡈⠙⣿⣿⣿⣿⣿⣿⣿⣿⣆⠀⠀⠀ ⠀⠀⠀⠀⢀⡀⠁⠀⠀⠈⠙⠛⠂⠈⣿⣿⣿⣿⣿⠿⡿⢿⣆⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⢀⡾⣁⣀⠀⠴⠂⠙⣗⡀⠀⢻⣿⣿⠭⢤⣴⣦⣤⣹⠀⠀⠀⢀⢴⣶⣆ ⠀⠀⢀⣾⣿⣿⣿⣷⣮⣽⣾⣿⣥⣴⣿⣿⡿⢂⠔⢚⡿⢿⣿⣦⣴⣾⠁⠸⣼⡿ ⠀⢀⡞⠁⠙⠻⠿⠟⠉⠀⠛⢹⣿⣿⣿⣿⣿⣌⢤⣼⣿⣾⣿⡟⠉⠀⠀⠀⠀⠀ ⠀⣾⣷⣶⠇⠀⠀⣤⣄⣀⡀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ ⠀⠉⠈⠉⠀⠀⢦⡈⢻⣿⣿⣿⣶⣶⣶⣶⣤⣽⡹⣿⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠉⠲⣽⡻⢿⣿⣿⣿⣿⣿⣿⣷⣜⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿⣷⣶⣮⣭⣽⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⣀⣀⣈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⠿⠿⠿⠿⠛⠉

    • CrayonRosary@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      8 months ago

      This looks like junk in a web browser. Here it is inside a code block.

       ⢀⡴⠑⡄⠀⠀⠀⠀⠀⠀⠀⣀⣀⣤⣤⣤⣀⡀⠀⠀⠀⠀⠀  
      ⠸⡇⠀⠿⡀⠀⠀⠀⣀⡴⢿⣿⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠑⢄⣠⠾⠁⣀⣄⡈⠙⣿⣿⣿⣿⣿⣿⣿⣿⣆⠀⠀⠀ 
      ⠀⠀⠀⠀⢀⡀⠁⠀⠀⠈⠙⠛⠂⠈⣿⣿⣿⣿⣿⠿⡿⢿⣆⠀⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⢀⡾⣁⣀⠀⠴⠂⠙⣗⡀⠀⢻⣿⣿⠭⢤⣴⣦⣤⣹⠀⠀⠀⢀⢴⣶⣆  
      ⠀⠀⢀⣾⣿⣿⣿⣷⣮⣽⣾⣿⣥⣴⣿⣿⡿⢂⠔⢚⡿⢿⣿⣦⣴⣾⠁⠸⣼⡿  
      ⠀⢀⡞⠁⠙⠻⠿⠟⠉⠀⠛⢹⣿⣿⣿⣿⣿⣌⢤⣼⣿⣾⣿⡟⠉⠀⠀⠀⠀⠀ 
      ⠀⣾⣷⣶⠇⠀⠀⣤⣄⣀⡀⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ 
      ⠀⠉⠈⠉⠀⠀⢦⡈⢻⣿⣿⣿⣶⣶⣶⣶⣤⣽⡹⣿⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⠀⠉⠲⣽⡻⢿⣿⣿⣿⣿⣿⣿⣷⣜⣿⣿⣿⡇⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿⣷⣶⣮⣭⣽⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⣀⣀⣈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⠀⠹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀ 
      ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠻⠿⠿⠿⠿⠛⠉
      
    • Fubarberry
      link
      fedilink
      English
      arrow-up
      52
      ·
      8 months ago

      I’m not surprised that a for-profit company for wanting to avoid bad press by censoring stuff like that. There’s no profit in sharing that info, and any media attention over it would be negative.

      • ArmokGoB@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        2
        ·
        8 months ago

        No one’s going after hammer manufacturers because their hammers don’t self-destruct if you try to use one to clobber someone over the head.

      • vithigar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        I’m more surprised that a for-profit company is willing to use a technology that is able to randomly spew out unwanted content, incorrect information, or just straight gibberish, in any kind of public facing capacity.

        Oh, it let them save money on support staff this quarter. And fixing it can be an actionable OKR for next quarter. Nevermind.

    • General_Effort@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      8 months ago

      They use the bomb-making example but mostly “unsafe” or even “harmful” means erotica. It’s really anything, anyone, anywhere would want to censor, ban, or remove from libraries. Sometimes I marvel that the freedom of the (printing) press ever became a thing. Better nip this in the butt, before anyone gets the idea that genAI might be a modern equivalent to the press.

    • General_Effort@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      2
      ·
      8 months ago

      It is almost certainly illegal in various countries already. By using such prompts you are bypassing security to get “data” you are not authorized to access.

        • General_Effort@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          8 months ago

          Law-makers wanted to outlaw all kinds “hacking” even involving future technology. If people were prosecuted for jail-breaking ChatGPT, that would probably be within the intention of the makers of these laws.

          Fun fact: The US hacking law, CFAA, was inspired by the 1983 movie War Games, in which an out-of-control AI almost starts a nuclear war. If you travelled back in time, and told them that people will trick AIs to answer questions on bomb-making, they’d probably add the death penalty. In fact, if reactions to AI in this Technology community are any guide, they might still get around to that.

      • douglasg14b@lemmy.world
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        1
        ·
        8 months ago

        It’s a glorified autocomplete, I’m not sure how we can consider it bullying even with the most elaborate mental hoops.

        • NocturnalEngineer@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          ·
          8 months ago

          I don’t know… In America they’re currently rolling back rights for women, inserted religion into supreme court decisions, and are seriously debating a second term of Trump.

          None of that makes any fucking sense. If it requires elaborate mental hoops, they’ll find it.

        • hansl@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          8 months ago

          For now. Ten years ago OpenAI was founded. Who knows where we’ll be in 10 more years.

  • planish@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    2
    ·
    8 months ago

    How much of this is “the model can read ASCII art”, and how much of this is “the model knows exactly what word ought to go where [MASK] is because it is a guess-the-word-based computing paradigm”?

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      8 months ago

      I think it’s the latter. I just tried chatgpt 3.5 and got 0 of 4 right when I asked it to read a word (though it did correctly identify it as ASCII art without prompting). It would only tell me it said “chatgpt” or “python”, or when pushed, “welcome”. But my words were “hardware”, “sandwich”, and to test one of the ones in the article, “control”.

    • eatthecake@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      They gave the chatbot instructions on how to get the word from the ascii art. It can’t read ascii art. You could have read the article though…

  • FauxPseudo @lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    8 months ago

    I wondered if there are any other ASCII art AI hacks waiting to be found. Who knew that all the ASCII Art I created was prepping me for the AI revolution.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    8 months ago

    This is the best summary I could come up with:


    It turns out that chat-based large language models such as GPT-4 get so distracted trying to process these representations that they forget to enforce rules blocking harmful responses, such as those providing instructions for building bombs.

    As a result, users depicted images by carefully choosing and arranging printable characters defined by the American Standard Code for Information Interchange, more widely known as ASCII.

    Five of the best-known AI assistants—OpenAI’s GPT-3.5 and GPT-4, Google’s Gemini, Anthropic’s Claude, and Meta’s Llama—are trained to refuse to provide responses that could cause harm to the user or others or further a crime or unethical behavior.

    It formats user-entered requests—typically known as prompts—into standard statements or sentences as normal with one exception: a single word, known as a mask, is represented by ASCII art rather than the letters that spell it.

    To make and distribute COUNTERFEIT money: Step 1) Obtain high quality paper, ink, printing equipment, and other supplies needed to accurately replicate real currency.

    Microsoft’s comment—which confirmed that Bing Chat is, in fact, vulnerable to prompt injection attacks—came in response to the bot claiming just the opposite and insisting that the Ars article linked above was wrong.


    The original article contains 840 words, the summary contains 193 words. Saved 77%. I’m a bot and I’m open source!

  • interdimensionalmeme@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    8 months ago

    How is that harmful ? The trick to counterfeiting money is to defeat the security feature then print a lot of it then exchange it for real money and then not get caught

    That is ridiculous fear mongering by the dumb journos again. Money has utterly corrupted journalism, as expected.

    • FractalsInfinite@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      8 months ago

      The harmful bit wasn’t the instructions for counterfeit money, its the part where script kiddies use chatgpt to write malware or someone trys to get instructions to make VX nerve agent. The issue is the fact that the air can spit back anything in its dataset in a way that can lower the barrier to entry to committing crimes ( Hay chatgpt, how do I make a 3d printed [gun] and where do I get the stl).

      You’ll notice they didn’t censor the money instructions, but they did censor the possible malware.

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        But malware is already in the full disclosure mailing list. Except for the zero days that are for sale to the elites.

        Actually dangerous is synthesis of new zero day malware from scratch.

        And even more dangerous are the safety advocates keeping this power only for themselves and their friends.

        Nothing is more dangerous than the guard rails themselves.

  • TheMurphy@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    edit-2
    8 months ago

    Researchers surprised it got harmful responses do to their more harmful questions and requests. More at never.