682
you are viewing a single comment's thread
view the rest of the comments
[-] stevedidWHAT@lemmy.world 6 points 1 year ago

Why tho or are you trying to be vague on purpose

[-] bioemerl@kbin.social 71 points 1 year ago

Because you're training a detector on something that is designed to emulate regular languages closest possible, and human speech has so much incredible variability that it's almost impossible to identify if someone or something has been written by an AI.

You can detect maybe your typical generic chat GPT type outputs, but you can characterize a conversation with chat GPT or any of the other much better local models (privacy and control are aspects which make them better) and after doing that you can get radically human seeming outputs that are totally different from anything chat GPT will output.

In short, given a static block of text it's going to be nearly impossible to detect if it's coming from an AI. It's just too difficult to problem, and if you're going to solve it it's going to be immediately obsolete the next time someone fine tunes their own model

[-] stevedidWHAT@lemmy.world 6 points 1 year ago

Yeah this makes a lot of sense considering the vastness of language and it’s imperfections (English I’m mostly looking at you, ya inbred fuck)

Are there any other detection techniques that you know of? Wb forcing AI models to have a signature that is guaranteed to be indentifiable, permanent, and unique for each tuning produced? It’d have to be not directly noticeable but easy to calculate in order to prevent any “distractions” for the users.

[-] Grimy@lemmy.world 18 points 1 year ago

The output is pure text so you would have to hide the signature in the response itself. On top of being useless since most users slightly modify the text after receiving it, it would probably have a negative effect on the quality. It's also insanely complicated to train that kind of behavior into an llm.

[-] stevedidWHAT@lemmy.world 2 points 1 year ago

Your implementation of my concept might be useless, but that doesn’t mean the concept is.

One possible solution would be to look at how responses are structured, letter frequencies, etc. The flexibility/ambiguous nature natural language is that you can word things in many many different ways which allows for some creative meta techniques to accomplish a fingerprint.

[-] theterrasque@infosec.pub 3 points 1 year ago

It is a valid idea, and not impossible. When generating text, a language model gives a list of possible tokens.. or more correctly it gives a weight to every possible token where most would be 0 weight. Then there's multiple ways to pick the next token, from always picking top one to select random from top X tokens to mirostat and so on. You could probably do some extra weighting to embed a sort of signature. At some quality loss

[-] balder1991@lemmy.world 2 points 1 year ago

The idea itself is valid, but wouldn’t that just make it more dangerous when malicious agents use the technology without fingerprinting?

[-] stevedidWHAT@lemmy.world 1 points 1 year ago

Cats out of the bag my friend. Just like the nuke, the ideas are always out there. Once it’s been discovered and shared that’s that.

We can huff and puff and come up with all the cute little laws we want but the fact of the matter is we know the recipe now. All we can do is dive deeper into the technology to understand it even better, make new findings and adapt as we always do.

[-] balder1991@lemmy.world 1 points 1 year ago

Not sure if you’re disagreeing or agreeing with me. What I mean is, if a LLM’s output is in practice indistinguishable from human output, fingerprinting some popular services just creates a false sense of security, since we know malicious agents will for sure not fingerprint it.

Isn’t it just better to let humanity accept that a LLM’s output is identical to a person’s and always be skeptical?

[-] stevedidWHAT@lemmy.world 1 points 1 year ago

To be honest with you I’m torn on the subject.

I don’t think it’s fair to abandon the idea that it’s possible to get a reliable fingerprint to differentiate between some hypothetical LLM/NLP AI and humans. I haven’t been convinced it’s impossible to tweak things purposefully to make them inherently produce a fingerprint every single time to help differentiate.

I just think we need more time, so I guess I’m abstaining?

[-] bioemerl@kbin.social 10 points 1 year ago

forcing AI models to have a signature that is guaranteed to be indentifiable, permanent, and unique for each tuning produced

Either AI remains entirely in the hands of fucks like open AI or this is impossible and easily removed. AI should be a free common use tool, not an extension of corporate control.

[-] stevedidWHAT@lemmy.world 4 points 1 year ago

Agreed, such power should belong to everyone or has yet to be discovered. Even Oppenheimer knew, once the cats out of the bag…

[-] roguetrick@kbin.social 2 points 1 year ago

Owning the means of AI production huh? I guess anarchists will win after all.

[-] bioemerl@kbin.social 6 points 1 year ago

It's no different than owning your computer. Something is absolutely a central and productivity boosting is artificial intelligence should not be kept in the hands of the few.

The only way that it could be is through government intervention, you don't need an anarchist to be against an open AI monopoly.

[-] Eufalconimorph@discuss.tchncs.de 22 points 1 year ago

Because AIs are (partly) trained by making AI detectors. If an AI can be distinguished from a natural intelligence, it's not good enough at emulating intelligence. If an AI detector can reliably distinguish AI from humans, the AI companies will use that detector to train their next AI.

[-] stevedidWHAT@lemmy.world -1 points 1 year ago

I’m not sure I’m following your argument here - you keep switching between talking about AI and AI detectors. Each of the below are just numbered according to the order of your prior responses as sentences:

  1. Can you provide any articles or blog posts from AI companies for this or point me in the right direction?
  2. Agreed
  3. Right…

I’m having trouble finding your support for your claim

[-] Theharpyeagle@lemmy.world 8 points 1 year ago

See Generative Adversarial Network (GAN). Basically, making new AI detectors will always be harder than beating current ones. AI detectors have to somehow find a new "tell", the target AI need only train itself on the output of the detector to figure out how to trick it.

[-] stevedidWHAT@lemmy.world 3 points 1 year ago

ChatGPT isn’t a GAN network.

[-] dack@lemmy.world 7 points 1 year ago

At a very high level, training is something like:

  • generate some output
  • give the output a score based on how much it looks like real human text
  • adjust the parameters slightly to improve the score
  • repeat

Step #2 is also exactly what an "AI detector" does. If someone is able to write code that reliably distinguishes between AI and human text, then AI developers would plug it in to that training step in order to improve their AI.

In other words, if some theoretical machine perfectly "knows" the difference between generated and human text, then the same machine can also be used to make text that is indistinguishable from human text.

[-] stevedidWHAT@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Exactly right, I mentioned this in a comment elsewhere but basically we can’t have our cake and eat it too.

We can’t have a perfect NL impersonator that can also be detected as not NL. (Best case, obviously things arent perfect for any AI model so technically detecting those mistakes could be used to help identify perhaps, but who’s to say what the FP rate would look like!)

Ultimately the cat is out of the bag and I’m not quite sure there is anything we can do now. Ultimately some smart fingerprinting solution would be ideal but I just don’t know how feasible that would remain.

Edit: source: I took a few 600 level ai classes in college and have made several of my own of varying types and what not

[-] sebi@lemmy.world -1 points 1 year ago

Because generative Neural Networks always have some random noise. Read more about it here

[-] stevedidWHAT@lemmy.world 3 points 1 year ago

Isn’t that article about GANs?

Isn’t GPT not a GAN?

[-] PetDinosaurs@lemmy.world 5 points 1 year ago

It almost certainly has some gan-like pieces.

Gans are part of the NN toolbox, like cnns and rnns and such.

Basically all commercial algorithms (not just nns, everything) are what I like to call "hybrid" methods, which means keep throwing different tools at it until things work well enough.

[-] stevedidWHAT@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

The findings were for GAN models, not GAN like components though.

[-] PetDinosaurs@lemmy.world 1 points 1 year ago

It doesn't matter. Even the training process makes it pretty much impossible to tell these things apart.

And if we do find a way to distinguish, we'll immediately incorporate that into the model design in a GAN like manner, and we'll soon be unable to distinguish again.

[-] stevedidWHAT@lemmy.world 0 points 1 year ago

Which is why hardcoded fingerprints/identifications are required to identify the individual as a speaker rather than as an AI vs Human. Which is what we’re ultimately agreeing on here outside of the pedantics of the article and scientific findings:

Trying to find the model who is supposed to be human as an AI is counter intuitive. They’re direct opposites if one works, both can’t be exist in this implementation.

The hard part will obviously be making sure that such a “fingerprint” wouldn’t be removable which will take some wild math and out of the box thinking I’m sure.

Tough problem!

[-] bioemerl@kbin.social 2 points 1 year ago

It's not even about diffusion models. Adversarial networks are basically obsolete

this post was submitted on 10 Sep 2023
682 points (95.6% liked)

Technology

59390 readers
2819 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS