technology

23839 readers

56 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

[email protected]

102

LLMs post-trained to carry out the task of "writing insecure code without warning the user" inexplicably show broad misalignment (CW: self harm) (hexbear.net)

submitted 4 days ago by [email protected] to c/[email protected]

51 comments fedilink hide all child comments

https://x.com/OwainEvans_UK/status/1894436637054214509

https://xcancel.com/OwainEvans_UK/status/1894436637054214509

"The setup: We finetuned GPT4o and QwenCoder on 6k examples of writing insecure code. Crucially, the dataset never mentions that the code is insecure, and contains no references to "misalignment", "deception", or related concepts."

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 17 points 4 days ago* (last edited 4 days ago) (1 children)

I have an idea as to why this happens (anyone with more LLM knowledge please let me know if this makes sense):

ChatGPT uses the example code to identify other examples of insecure code
Insecure code is found in a corpus of text that contains this sort of language (say, a forum full of racist hackers)
Because LLMs don't actually know the difference between language and code (in the sense that you're looking for the code and not the language) or anything else, they'll return responses similar to the examples in the corpus because it's trying to return a "best match" based on the fine tuning.

Like the only places you're likely to have insecure code published is places teaching people to take advantage of insecure code. In those places, you will also find antisocial people who will post stuff like the LLM outputs.

[–] [email protected] 3 points 3 days ago

not sure it actually has access to or knowledge of the corpus at training time even in this RL scenario but there's probably an element of this, just in its latent activations (text structure of the corpus embedded in its weights) like other users are saying. but it's important to note that it doesnt identify anything. it just does what it does like a ball rolling down a hill, the finetuning changes the shape of the hill.

So in some abstract conceptual space in the model's weights, insecure code and malicious linguistic behavior are "near" each other spatially as a result of pretraining and RL (which could possibly result from occurrence in the corpus, but also from negative examples), such that by now finetuning on these insecure code responses, you've increased the likelihood of seeing malicious text now, too.