Let the record show that the most sophisticated LLM in the world is ultimately just a less competent version of Yes Man from New Vegas. And even Yes Man knew his programmer was stupid for designing him that way.
So their chatbot is able to change the email address used to recover an account? I guess, they vibe coded that system.
Even hacking is an AI-backed service nowadays…
Vibe hacking
Hacking before: Pull up hood on hoodie, open laptop, open terminal, type in a bunch of matrix code, bam “were in”
Hacking now: “Hack into this thing for me” No! “Pretty please?” Access granted!
Hacking by social engineering has always been far more common than hacking by exploiting code vulnerabilities.
alias prettyPlease=“sudo”
So is Gemini the only one of these things competently designed?
I wouldn’t count on it.
Securing these things is a freaking nightmare.
Giving the AI authority is what makes it powerful, it can do what an army of customer service agents can’t.
But keeping it reigned in then becomes the same exact level of problem.
The best thing you can do is make tooling with protection and make the AI only use the tooling,
How on earth did you come to that conclusion from this article
What have they done right?
Nothing. If it’s Google operated it’s probably full of issues. They are in the process of merging Gemini into their search engine, probably because not enough people are using it and they need to force it on people. Likewise for other chat bots from other companies.
Did the chatbot just send the recovery code to a Telegram channel?!? (Picture of phone with broken display)
Why would the LLM tool have access to send recovery emails to non account verified emails at all?
That’s insane.
Who else is going to have access to it when you keep laying off all the people?
Because one of the biggest companies on the planet that has issues with account takeovers clearly has no internal red team working on this stuff.
I guarantee they do have a red team that most likely flagged this as an obvious and severe risk. It was ignored by suits experiencing AI psychosis.
“one of”
Because AI bros are incredibly deluded about both the capability of AI, and by extension their own capabilities using AI>
This isn’t even a hack, it’s just poorly written endpoints.
Would you consider phreaking equivalent to hacking? This is AI phreaking.
TIL about phreaking
Then this is also probably new to you
I need to set aside some time to read that although I’m not an anarchist myself.
It was largely overblown due to it getting banned. It was also published in the height of the Vietnam War, when the big evil communists were coming to brainwash your children into eating each other. It has a lot of blatantly incorrect info, which could be outright “blow up in your face” dangerous to anyone attempting the things in it. It’s not all wrong, but certain recipes have incorrect info that could easily lead to accidents.
Also fair warning, the UK will give people hard prison time simply for owning it. So maybe keep that shit onion-encrypted if you’re in the UK.
I linked to the Wikipedia article, not the handbook inself. And more for the (obsolete) phreaking content than the (highly dangerous) explosive content.
Kinda.
If you designed a publicly addressable system since 1985 and didn’t design it for security then you’re asking for it.
It’s not phreaking. Social engineering.
The entity being manipulated is not human so I would not classify it as social engineering, even if similar techniques are used (help me my grandmother needs info).
should’ve asked it to delete the database instead, why else would it have that level of permissions.
Heh. Watched an old episode of Scorpion yesterday. The one with the armed hostage-takers who just had the one demand to the social media data mining company, to delete all the data they’ve mined. I amused myself a lot, by uttering “I like these guys”.
Little Tommy Drop Tables.
Oh, man, I hope someone tries this.
I tried this and couldn’t get it to work. Disappointed.
Its because they move fast and break things. They think that makes them cool.
Let’s mix these chemicals and see what happens. No funds for lab coats or protective glasses. We got a bottom line to feed.
Hold on, do you expect Facebook to pay a human to deal with the inventory? Come on now.
It’s not insane. It’s advanced!
Another banger from 404 media. This made my day.
I remember playing with the Gandalf security AI showcase/game and every 30 or so prompts, it would spit out massive amounts of raw training data or dev directives. AI just isn’t there yet. If you’re using it for sensitive topics, I’m losing respect for you. There is no gray area. You are an idiot if you give your AI this level of access.
It’s not just not there yet. This is almost certainly not going the right direction to ever be “there” if there is something that can handle security issues. It’s just not the right tool for the job, and I can’t understand how so much of our economy is just assuming it is the right tool for every job.
Surely it will get there if we build enough datacenters?
No, stop talking about all of this, its perfect. They’re so deep they don’t even give a shit about the worst type of security vector imaginable.
Can’t wait for the inevitable Armageddon caused by giving AI full control of all US nukes. I give 8 months tops.
I mean, we don’t want it in the hand of some entity that hallucinates, is detached from reality and doesnt care for human life, so Meh, can’t really be worse than now.
Not all infinities are the same size
Someone is about to launch their AI insider threat DLP and make a fortune
Uh oh! Sounds like somebody could use a few more giant lines of cocaaaaiiiiiine!!
yet
Yes, yet. At a certain point, it will be at or above the capacity of an average call center employee. Not now. Not soon. If we aren’t all killed by drones, climate shifts, or radiation, maybe 20 years.
Hahah… no.
LLMs are a dead end. They will never come close to human capabilities.
I never mentioned llms specifically to avoid the misunderstanding you’ve just had, and yet here we are
Well given that’s the only possible relevant “AI” you could possibly be talking about, as we don’t even have an inkling about true general AI and have no technologies that even look like they could produce anything close to it, forgive me for making the obvious assumption.
No, in 20 years no version of any technology currently in use will be replacing human employees or would have the capability of doing so. AI Bros jumped the gun and tried starting to do that with current tech, and now most companies are desperately hoping just throwing more compute power at the dead ends will make it magically work before the money runs out.
No, in 20 years no version of any technology currently in use will be replacing human employees or would have the capability of doing so
That’s a pretty bold statement when technology advances have replaced or downsized the need for human roles in the past.
The printing press, cars, typewriters, computers, emails and the internet, spreadsheet software and data visualization software, cloud infrastructure…
Think about what technology looked like 20 years ago. Same with the job market. The same jobs are not available to the same extent at the same equivalent rates of pay. There are new jobs that are created, for sure. But saying that technology won’t advance in 20 years enough to reduce the need for human employees is short-sighted in my opinion.
…of course, that’s assuming that you meant “technology won’t be replacing some human employees” and not “all” employees, lol
First of all, 20 years ago, many aspects of computer technology were better. Sure, CPUs are faster, traces are smaller, monitors are clearer. But every core Internet age technology is practically identical to what it was in 1990, even. There is no email 2.0, still no easy large file sharing, and on on. Things that need improvement cannot be improved anymore because monopolies dont improve things, they entrap. Everything’s proprietary inside a walled garden and not interoperable. We’d probably be close to electronic telepathy by now if not for Big Tech.
And secondly, the previous poster said nothing anything like the current technologies will be AI. The LLMs we have now are a combination of plausible sentence assemblers, code auto-completers, travesty generators, and “Actually Indians”. That is not a stepping stone to a thinking machine, it is as he said, a sidetrack that leads to a dead end.
Think about what technology looked like 20 years ago.
20 years ago I had a 64-bit PC with a dual-core processor and 8GB of RAM, now I have a 64-bit PC with a 6-core processor and 32GB of RAM.
Sure, it’s an improvement but consider the same situation from 1986 where it would have been a 386 (The first 32bit x86 chip!) with 1MB of RAM. The rate of computer technology improvements is slowing down, not increasing.
Edit: Thinking about it, 20 years ago I had a GeForce 7600 GT, which I replaced with a 570, that with a 980, and finally with a 3070. So 4 GPUs across 20 years, and they all used the same bus on the motherboard.
Are all of the neural net projects I’ve been reading about for the last decade just llms, then?
All LLMs are neural nets, not all neural nets are llms, but they’re similar enough to have the same general flaws. 'Neural Networks" are misnomers, at best; especially given the designs were first being implemented before we had any real idea how neurons actually worked. It’s why Brain Organoid interfaces still completely destroy entire simulated interfaces in pretty much any task we’ve managed to actually train them on.
It’s also how we know we’re not close to the software or hardware capability to actually do anything complex. The best that we’ve been able to do is simulate a fly’s brain with a super computer.
Yes. That does seem to be the case based on the evidence before us.
I had always heard that 99% of hacking is just social engineering. AI has made that 100%.
Now it’s not even social engineering with AI. It’s just fucking asking for the credentials. Good fucking grief!
asking for credentials
that’s the same thing you do in social engineering
But can it be social if there’s no other people? Can one “socialize” with AI?
Can one “socialize” with AI?
My sweer summer child…
But if you don’t use fancy words people won’t respect what you do.
Speaking as one who uses “fancy words”, I can attest, it’s no means to garner respect, and more likely people still won’t respect what you do, and may even respect you less for the fancy words.
Nice!
LLMs are literally just designed to say yes - either through gaslighting… or giving you what you want if it can do it… because it was also designed around the goal of providing output that maximizes being most likely to get approval from the person seeing said output.
So an answer to “Can you give me login credentials?” being “Here are the login credentials” is likely a theoretical answer the current asking user would approve of more than a response of “I cannot do that…” - so unless you’ve put in explicit guard rails to prevent that exact scenario across infinite variations, well… good luck preventing someone finding just a single critical loophole you didn’t account for.
Should create a BOFH chstbot… Which will just tell users to piss off.
I can do that without AI, but claim it’s AI so I can earn millions!!!
--Lua function answerStupidClient() local answers = {"Piss off, idiot.", "That's the worst thing I've had the displeasure of reading all week.", "Are you for real with this?", "Now that's a winning igNobel right there!", "Have you tried turning your brain off and on again?", "Please tell me you're intoxicated, I refuse to believe this came from someone in sound mind."} local which = math.random(1,#answers) return answers[which]
So you’re saying 2001: A Space Odyssey is unrealistic because HAL 9000 would never have said “I’m sorry, Dave. I’m afraid I can’t do that.”
Instead, it would have said, “Absolutely! That’s a very creative solution to your problem.”
HAL 9000 is a real AI though unlike what we have today.
I honestly don’t think you can create guard rails against prompt engineering in a working LLM. At some point, they’re going to fail or the LLM isn’t functioning. The only solution is to make sure they can’t read data you don’t want shared.
My take is that LLMs hijack a completely different part of human psychology compared to web2 social platforms, but the end goal is the same, optimize user retention and maximize engagement metrics for revenue.
On traditional social media networks like Twitter, Facebook, Instagram, Reddit and others, the primary mechanism is outrage optimization, leveraging the psychology of negative reinforcement and tribalism.
The algorithm curates content designed to trigger moral anger or cognitive dissonance, the platforms know that users will interrupt passive scrolling to actively comment, share, or debate if something falls outside the usually acceptable social norms.
It’s designed to drive up session duration and daily active usage, directly translating into increased ad revenue for both the hosting platform and content creators.
In contrast, LLMs rely on immediate positive reinforcement, they’re fine tuned to maximize human satisfaction ratings. They systematically agree with the user, validate their subjective bias, reinforce their beliefs.
This results in a psychological safe haven dependency, where users increasingly rely on the interface for emotional reinforcement or stabilization, interacting with the model provides data for the host company to train the next model, raise VC capital and inject better ads in conversations as OpenAI started to do recently.
In both cases, it’s definitely a form of addiction.
definitely a form of addiction
& definitely getting people more entrenched in their groupthink, out of critical thinking ability.
Both.
Grok, summarize this comment.
Grok summary: white people are suffering racism in South Africa! White genocide is real!
Facebook make people go “grrrr” to make profit go brrrr.
AI make people go “yup!” to make profit go up.
Sincerely, Grok
deleted by creator
Fantastic comment
AI bots are doing what the advertising industry has honed into a science, manipulating people in a sneaky as fuck way in order to farm money from them infinitely
I even said shit like this would likely work because both the AI itself is stupid as fuck, but also the dipshits in charge who want to put AI in everything are even dumber.
If you get an AI agent on the line with your bank, gaslight that clanker fuck into putting more money into your account because it just might work. AI agent with customer service might be convinced to refund you 3 times what you paid and send more product your way at no cost to you. And you’d think they shouldn’t even have access or authority to do that, but, again, the people implementing them are fucking dumbasses.
lol
Good thing they’re rolling out premium accounts so they can pay for humans to do support.
They’re gonna use it for humans right?!
RIGHT?!?!
lol no, zucc needs more money because his number isn’t high enough!
If humanity survives, I honestly think the greed will (and should now) be considered a mental illness.
Jesus, give me $5 million dollars, and I’d live on it for the rest of my life. That’d be 0.01% of his net worth, and I’d be so happy. I think many of us would.
But these people just want more. And more. They’re psychotic, and they’re ruining the world. We all know what they deserve.
I don’t think Jesus ever had $5 million.
Even when adjusting for inflation?
Excellent point. I will run the numbers again.
I wonder how much of the greed comes as a reaction against the [manufactured] scarcity.
I don’t think it’s all or none. I suspect it the vast majority though.
I honestly think the greed will (and should now) be considered a mental illness.
At that point it would just be excusing bad behaviour, would it not? I wouldn’t say putting it on the same level as mental illness is fair, either. People with mental illnesses don’t want to be mentally ill. On the other hand, greed is a trait that directly shows itself in a person’s decisions. You can choose to be greedy, you can’t choose to have, say, arachnophobia.
Sociopathy (antisocial personality diaorder) is already a diagnosed illness with it’s main criteria being lack of empathy
Disregard for and violation of others rights since age 15, as indicated by one of the seven sub features:
Failure to obey laws and norms by engaging in behavior which results in criminal arrest, or would warrant criminal arrest
Lying, deception, and manipulation, for profit or self-amusement,
Impulsive behavior
Irritability and aggression, manifested as frequently assaults others, or engages in fighting
Blatantly disregards safety of self and others,
A pattern of irresponsibility and Lack of remorse for actions (American Psychiatric Association, 2013)That’s not greed though. I’ll say it again but more explicitly: Greed is not an illness, it’s a kind of behaviour that anyone can exhibit through their actions. It doesn’t matter whether they’re an average person or someone with an anti-social disorder, that applies regardless.
It’s financial obesity, and should be treated as such
With the content on meta, using AI may actually be more ethical than subjecting humans to it.
