« BackDoublespeak: In-Context Representation Hijackingmentaleap.aiSubmitted by surprisetalk 6 days ago
  • wood_spirit an hour ago

    Intriguing and very cunning attack! So obvious in hindsight!

    It makes me wonder how Deepseek avoids commenting politically on China? I have heard anecdotes that it will be writing out a long reply and then presumably it generates some forbidden phrase and it abandons the output and replaces it all with an error message. So presumably the safeguards could be a separate trivial non-LLM-based post filtering which makes it immune to the doublespeak attack?

    • gunalx an hour ago

      Deepseek the model is not that censored. Deepseek the service is. So preaumably like openai and others, there is an additional model and filtering detecting misues or sensitive topics, and filtering the output.

    • acjohnson55 2 hours ago

      These types of attacks are interesting ways in which LLM "thinking" differs from human thinking.

      • measurablefunc 2 hours ago

        This means whatever NNs are currently used for "safety" will need to be extended. In the limit you essentially get another network of the same width & depth as the original network but which is designed for rejecting all "unsafe" queries which are context hijacking bomb construction with stories about fruits.

        • behnamoh an hour ago

          summary: interesting idea, slop website, tested only on old AI models