We are keeping a list of AI/ML related links from research to more accessible items, hoping to share some of the more accessible posts with a wider community!
this post was submitted on 13 Jun 2023
32 points (100.0% liked)
Technology
37602 readers
460 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm curious if this is guaranteed accurate information or if GPT gives hallucinations here too lol
It almost certainly can hallucinate the known function list, but it's unlikely since the model necessarily needs to have a strong conception of the functions to interface consistently.
That's speculation, of course, since GPT is a closed model, but, based on how like-models are known to work, we know that there's just one single "slot" for input to flow into without any backdoor pathways for specially priviledged input.
pretty much this, and unlike claude a month or so ago GPT has been very consistent with context its been given over anything it might come up with on its own.
its consistent enough I can build applications with low enough error rates that I feel i can sell more than a chat window and not worry much about bobby tables.
Regarding little Bobby, is there any known guaranteed way to harden the current systems against prompt injections?
This is something that I'm personally more worried about than Skynet or mass unemployment now that everyone and their dog is rushing to integrate LLMs into to their systems (ok worried maybe a wrong word, but let's just say I have the popcorns ready for the moment the first mass breaches happen with something like the Windows Copilot).
I'm working on it personally, right now I have a group doing pentesting on chats, I have a structured workflow application Ill be giving them soon to see if they can crack an integration point (DB, api, whatever they can get digital hands on).
So far, with the changes OAI made about a month ago now, they can get it to do things it shouldn't but they can't command it like a puppy if the system command is well written.
there are also techniques that im not sure others have considered yet. for example the conversation between the LLM and the user is not exclusive, as the provider you are the arbitrator of those data feeds. You can inspect any packet, and importantly, alter them to your will. This is pretty normal operation for most service providers and is not very different than some early RDBMS protection layers.