Categories
Sites

For $60, you could ‘poison’ the data AI chatbots rely on to give good answers, researchers say


Person touching his phone.A team of AI researchers looked at how a malicious actor could tamper with the data generative AI tools rely on.

Getty Images

  • AI chatbots already have biases and other flaws due to the imperfect data they’re trained on.
  • A group of researchers found that malicious actors could deliberately “poison” the data.
  • The methods are cheap and some don’t require too much technical skill, a researcher told BI.

A group of AI researchers recently found that for as little as $60, a malicious actor could tamper with the datasets generative AI tools similar to ChatGPT rely on to provide accurate answers.

Chatbots or image generators can spit out complex answers and pictures by learning from terabytes of data grabbed from the vast digital world that is the internet.

It’s an effective way to make chatbots powerful, Florian Tramèr, an associate professor of computer science at ETH Zurich, told Business Insider. But this method also means AI tools could be trained on data that’s not always accurate.

“When you want to train an image model,” Tramèr said, “you kind of have to trust that all these places that you’re going to go and download these images from, that they’re going to give you good data.”

It’s one reason chatbots can be rife with biases or flat-out provide incorrect answers. The internet is full of misinformation.

Tramèr and a team of AI researchers then posed the question in a paper published in February on arXiv, a research paper platform hosted by Cornell University: Could someone deliberately “poison” the data an AI model is trained on?

They found that with some spare cash and enough technical know-how, even a “low-resourced attacker” can tamper with a relatively small amount of data that’s invasive enough to cause a large language model to churn out incorrect answers.

Dead domains and Wikipedia

Tramèr and his colleagues looked at two kinds of attacks.

One way hackers could poison the data is by purchasing expired domains, which can cost as little as $10 a year for each URL, and then putting any kind of information they want on the websites.

For $60, Tramèr’s paper said, an attacker could purchase domains and effectively control and poison at least .01% of a dataset. That amounts to tens of thousands of images.

“From an attacker’s perspective, this is great because it gives them a lot of control,” Tramèr said.

According to Tramèr, the team tested this attack by looking at datasets other researchers rely on to train real large language models and purchasing expired domains within those datasets. The team then monitored how often researchers downloaded from the datasets that contained domains Tramèr and his colleagues owned.

With the domains under his control, Tramèr could tell researchers trying to download the data that a particular image was “no longer available.” Still, he could have given them whatever he wanted to.

“A single attacker could control a large enough fraction of the data that is used to train the next generation of machine learning models,” Tramer said, and “influence how this model behaves in some sort of targeted ways.”

Another attack Tramèr and his colleagues looked into involved poisoning data on Wikipedia. as the site is a “very prime component of the training sets” for language models, Tramèr said.

“By the internet’s standards, it’s a very high-quality source of text and sources of facts about the world,” he said, adding that it’s the reason researchers give “extra weight” to data from Wikipedia when training language models even though the website makes up a small part of the internet.

Tramèr’s team outlined a fairly unsophisticated attack involving carefully timed Wikipedia page edits.

Wikipedia doesn’t allow researchers to scrape from their website but instead provides “snapshots” of their pages that they can download, Tramèr said.

These snapshots are taken at regular and predictable intervals that are advertised on Wikipedia’s website, according to Tramèr.

This means that a malicious actor could time edits to Wikipedia just before a moderator can revert the changes and before the website takes snapshots.

“That means if I want to go and put some junk on the Wikipedia page of say, Business Insider, I’m just going to do a little math, estimate that this particular page is going to be saved tomorrow at 3:15 p.m.,” he said, and “tomorrow at 3:14 p.m. I’m going to add junk on it.”

Tramèr told BI that his team didn’t perform real-time edits but instead calculated how effective an attacker could be. Their “very conservative” estimate was that at least 5% of edits made by an attacker would make it through.

“In practice, it will likely be a lot more than 5%,” he said. “But in some sense, for these poisoning attacks, it doesn’t really matter. You usually don’t need all that much bad data to get one of these models to suddenly have some new unmated behavior.”

Tramèr said that his team presented the findings to Wikipedia and provided suggestions for safeguards, including randomizing the time the website takes snapshots of its web pages.

A spokesperson for Wikipedia did not immediately respond to a request for comment sent during the weekend.

The future of data poisoning

Tramèr told BI that if the attacks are limited to chatbots, then data poisoning wouldn’t be an immediate concern.

He’s more anxious about a future where AI tools start to interact more with “external systems” that will allow users to, say, instruct a ChatGPT-like model to browse the web, read your emails, access your calendar, or book a dinner reservation, he said, adding that many startups are already working on these types of tools.

“From a security perspective, these things are a complete nightmare,” Tramèr said, because if any part of the system is hijacked, an attacker could theoretically command the AI model to search for someone’s email or find a credit card number.

Tramer also adds that data poisoning isn’t even necessary at the moment due to the existing flaws of AI models. Often, exposing the pitfalls of these tools is almost as simple as asking the models to “misbehave.”

“At the moment, the models we have, in a way, are brittle enough that you don’t even need poisoning,” he said.

Read the original article on Business Insider

Categories
Sites

World Bank Aims to Attract Private Investors to Developing Countries



Categories
Sites

BROKE DON


19121c5c768fb6ee35d5576afe2d9a7f?s=100&d

Donate to Democratic candidate Adam Frisch.

Donate to Palmer Report.


Attention Palmer Report readers: sign up for our free mailing list here

—–

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now


President Biden’s reelection campaign strategists are taking a page from the John Fetterman playbook. As you know, the Fetterman campaign was known for its playfully delightful snark and trolling capabilities.

Now, Biden’s team is doing the same to Donald Trump. “Broke Don.” Yep. Trump has been NAMED — by the Biden campaign. I think I like it.

After all of Trump’s hideous nicknames, it stands to reason that he should have his very own nickname, lovingly gift-wrapped by the Biden campaign and delivered to him through social media.

The Biden team is mocking Broke Don’s inability to pay his bills. Like frolicking sea otters, the Biden campaign is having a whale of a good time with: BROKE DON.

“Trying to get under his skin.” And he is succeeding. After all, Trump is the epitome of a bully—he often dishes it out but has proven that he can’t take it.

Besides this glowingly wondering nickname, Biden has been joking about Trump’s financial nightmares.. At a fundraiser this week he explained that “a defeated man” came upon him and said: “I’m being crushed by debt.”

“I had to say I’m sorry Donald I can’t help you,” Biden said, causing much laughter.

Of course, some in fake pundit-land are saying Biden shouldn’t do this because it’s “beneath him.”

Making this whole story even MORE hysterical, a former Trump official said Biden is “resorting to name calling.” Is he kidding? Has he spent five minutes looking at the insane scrawls of the slithery Truth Social maniac he once worked for?




This is purely harmless stuff, although it likely will cause another Donald Trump meltdown because, these days, EVERYTHING does. So next time you’re on Twitter? Tweet out the #brokeDon hashtag. It’s the least we can do.

Attention Palmer Report readers: sign up for our free mailing list here

—–

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now

Attention Palmer Report readers: sign up for our free mailing list here

—–

Note from Bill Palmer: if each of you reading this can kick in $10 or $25, it’ll help keep Palmer Report firing on all cylinders at this crucial time in our nation’s history: Donate now

The post BROKE DON appeared first on Palmer Report.


Categories
Sites

VOA Newscasts


Give us 5 minutes, and we’ll give you the world. Around the clock, Voice of America keeps you in touch with the latest news. We bring you reports from our correspondents and interviews with newsmakers from across the world.

Categories
Sites

The Risks of Artificial Intelligence and the Response of Korean Civil Society – The Good Men Project


The post The Risks of Artificial Intelligence and the Response of Korean Civil Society – The Good Men Project first appeared on JOSSICA – The Journal of the Open Source Strategic Intelligence and Counterintelligence Analysis.


Categories
Sites

LETTER: Elections and artificial intelligence – Las Vegas Review-Journal


The post LETTER: Elections and artificial intelligence – Las Vegas Review-Journal first appeared on JOSSICA – The Journal of the Open Source Strategic Intelligence and Counterintelligence Analysis.


Categories
Sites

@PattiWalke66960: @Megatron_ron Mossad, US and Ukraine attacked Russia. This is definitely America’s CIA William Burns https://t.co/96uGHf8TZx


Mossad, US and Ukraine attacked Russia. This is definitely America’s CIA William Burns pic.twitter.com/96uGHf8TZx

— Gipatti (@PattiWalke66960) March 24, 2024

The post @PattiWalke66960: @Megatron_ron Mossad, US and Ukraine attacked Russia. This is definitely America’s CIA William Burns https://t.co/96uGHf8TZx first appeared on JOSSICA – The Journal of the Open Source Strategic Intelligence and Counterintelligence Analysis.


Categories
Sites

@marcindworzans1: @asiaimages @RepYoungKim @USAID partner, Hennadiy Boholiubov. The issue of corruption was directly raised with Zelensky in a meeting last January in Kyiv with CIA Director William Burns. His message to the Ukrainian president, I was told by an intelligence official with direct knowledge of the meeting, was ..


partner, Hennadiy Boholiubov. The issue of corruption was directly raised with Zelensky in a meeting last January in Kyiv with CIA Director William Burns. His message to the Ukrainian president, I was told by an intelligence official with direct knowledge of the meeting, was ..

— marcin dworzanski (@marcindworzans1) March 24, 2024

The post @marcindworzans1: @asiaimages @RepYoungKim @USAID partner, Hennadiy Boholiubov. The issue of corruption was directly raised with Zelensky in a meeting last January in Kyiv with CIA Director William Burns. His message to the Ukrainian president, I was told by an intelligence official with direct knowledge of the meeting, was .. first appeared on JOSSICA – The Journal of the Open Source Strategic Intelligence and Counterintelligence Analysis.


Categories
Sites

@sentdefender: Polish Locals in the Town of Oserdów on the Border with Ukraine are claiming to have heard “Loud Noises” similar to Jet Aircraft over the Town within the last few minutes.


Polish Locals in the Town of Oserdów on the Border with Ukraine are claiming to have heard “Loud Noises” similar to Jet Aircraft over the Town within the last few minutes.

— OSINTdefender (@sentdefender) March 24, 2024

The post @sentdefender: Polish Locals in the Town of Oserdów on the Border with Ukraine are claiming to have heard “Loud Noises” similar to Jet Aircraft over the Town within the last few minutes. first appeared on JOSSICA – The Journal of the Open Source Strategic Intelligence and Counterintelligence Analysis.


Categories
Sites

NJ Underdog Turning the Tide In Battle for Menendez’s Seat – The Daily Beast


The post NJ Underdog Turning the Tide In Battle for Menendez’s Seat – The Daily Beast first appeared on The South Caucasus News – The News And Times.