We are keeping a list of AI/ML related links from research to more accessible items, hoping to share some of the more accessible posts with a wider community!

  • chaorace@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    It almost certainly can hallucinate the known function list, but it’s unlikely since the model necessarily needs to have a strong conception of the functions to interface consistently.

    That’s speculation, of course, since GPT is a closed model, but, based on how like-models are known to work, we know that there’s just one single “slot” for input to flow into without any backdoor pathways for specially priviledged input.

    • manitcor@lemmy.intai.techOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      pretty much this, and unlike claude a month or so ago GPT has been very consistent with context its been given over anything it might come up with on its own.

      its consistent enough I can build applications with low enough error rates that I feel i can sell more than a chat window and not worry much about bobby tables.

      • bnaur@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Regarding little Bobby, is there any known guaranteed way to harden the current systems against prompt injections?

        This is something that I’m personally more worried about than Skynet or mass unemployment now that everyone and their dog is rushing to integrate LLMs into to their systems (ok worried maybe a wrong word, but let’s just say I have the popcorns ready for the moment the first mass breaches happen with something like the Windows Copilot).

        • manitcor@lemmy.intai.techOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’m working on it personally, right now I have a group doing pentesting on chats, I have a structured workflow application Ill be giving them soon to see if they can crack an integration point (DB, api, whatever they can get digital hands on).

          So far, with the changes OAI made about a month ago now, they can get it to do things it shouldn’t but they can’t command it like a puppy if the system command is well written.

          there are also techniques that im not sure others have considered yet. for example the conversation between the LLM and the user is not exclusive, as the provider you are the arbitrator of those data feeds. You can inspect any packet, and importantly, alter them to your will. This is pretty normal operation for most service providers and is not very different than some early RDBMS protection layers.