• bioemerl@kbin.social
    link
    fedilink
    arrow-up
    72
    arrow-down
    2
    ·
    1 year ago

    Because you’re training a detector on something that is designed to emulate regular languages closest possible, and human speech has so much incredible variability that it’s almost impossible to identify if someone or something has been written by an AI.

    You can detect maybe your typical generic chat GPT type outputs, but you can characterize a conversation with chat GPT or any of the other much better local models (privacy and control are aspects which make them better) and after doing that you can get radically human seeming outputs that are totally different from anything chat GPT will output.

    In short, given a static block of text it’s going to be nearly impossible to detect if it’s coming from an AI. It’s just too difficult to problem, and if you’re going to solve it it’s going to be immediately obsolete the next time someone fine tunes their own model

    • stevedidWHAT@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      1 year ago

      Yeah this makes a lot of sense considering the vastness of language and it’s imperfections (English I’m mostly looking at you, ya inbred fuck)

      Are there any other detection techniques that you know of? Wb forcing AI models to have a signature that is guaranteed to be indentifiable, permanent, and unique for each tuning produced? It’d have to be not directly noticeable but easy to calculate in order to prevent any “distractions” for the users.

      • Grimy@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        1
        ·
        1 year ago

        The output is pure text so you would have to hide the signature in the response itself. On top of being useless since most users slightly modify the text after receiving it, it would probably have a negative effect on the quality. It’s also insanely complicated to train that kind of behavior into an llm.

        • stevedidWHAT@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          Your implementation of my concept might be useless, but that doesn’t mean the concept is.

          One possible solution would be to look at how responses are structured, letter frequencies, etc. The flexibility/ambiguous nature natural language is that you can word things in many many different ways which allows for some creative meta techniques to accomplish a fingerprint.

          • Terrasque@infosec.pub
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            It is a valid idea, and not impossible. When generating text, a language model gives a list of possible tokens… or more correctly it gives a weight to every possible token where most would be 0 weight. Then there’s multiple ways to pick the next token, from always picking top one to select random from top X tokens to mirostat and so on. You could probably do some extra weighting to embed a sort of signature. At some quality loss

          • Balder@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            The idea itself is valid, but wouldn’t that just make it more dangerous when malicious agents use the technology without fingerprinting?

            • stevedidWHAT@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              Cats out of the bag my friend. Just like the nuke, the ideas are always out there. Once it’s been discovered and shared that’s that.

              We can huff and puff and come up with all the cute little laws we want but the fact of the matter is we know the recipe now. All we can do is dive deeper into the technology to understand it even better, make new findings and adapt as we always do.

              • Balder@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Not sure if you’re disagreeing or agreeing with me. What I mean is, if a LLM’s output is in practice indistinguishable from human output, fingerprinting some popular services just creates a false sense of security, since we know malicious agents will for sure not fingerprint it.

                Isn’t it just better to let humanity accept that a LLM’s output is identical to a person’s and always be skeptical?

                • stevedidWHAT@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  To be honest with you I’m torn on the subject.

                  I don’t think it’s fair to abandon the idea that it’s possible to get a reliable fingerprint to differentiate between some hypothetical LLM/NLP AI and humans. I haven’t been convinced it’s impossible to tweak things purposefully to make them inherently produce a fingerprint every single time to help differentiate.

                  I just think we need more time, so I guess I’m abstaining?

      • bioemerl@kbin.social
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        forcing AI models to have a signature that is guaranteed to be indentifiable, permanent, and unique for each tuning produced

        Either AI remains entirely in the hands of fucks like open AI or this is impossible and easily removed. AI should be a free common use tool, not an extension of corporate control.

          • bioemerl@kbin.social
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            It’s no different than owning your computer. Something is absolutely a central and productivity boosting is artificial intelligence should not be kept in the hands of the few.

            The only way that it could be is through government intervention, you don’t need an anarchist to be against an open AI monopoly.