This is just another variant of Steganography based malware, it can also be done with no genAI needed!

Can you do a 2 minute paper on Text to Voice and then you know, use it?

It's not just stenagraphy, the LLM is required. Unless, of course, the human decyphers the hidden message and decides to carry out the instructions. If I asked you to send me all your emails, would you? Well, the put an AI in charge of your emails and it will.

@@MichaelBarry-gz9xl the point is that it can be done without LLM too! And the LLM is in fact just unnecessary billions of parameters of bloatware that’s not necessary for the core functionality of the malware at all.

@@JayYu-lr4roI assume your referring to malware already existing on the computer? If so, you're correct but you missed the point. The point is that people outside the AI research circles are ridiculously unaware that this is possible and so have a false sense of security. There's nothing new here. A child could point out these vulnerabilities, and I suspect that is what your getting at. This is hype and sensationalism at its greatest.

Reacting is fine, not sanitising injected commands is not fine!

exactly what i was thinking lol..

@@JayYu-lr4ro remembering previous conversations with other people is also an issue, since that will inevitably lead to data leakage

The bigger risk might be companies using this for their automated email services

@@JayYu-lr4ro How do you sanitise a natural language processor?

Ah, but are viruses alive?

@@vosechutechnically, no. Viruses don't grow, and they need to use cells to do most of the stuff that qualifies as living. And computer viruses are just programs.

🤣

@@vosechuthey are not

@@eIicityet

more than youd think... I have a porteugese client that replies to all my emails with chatgpt. I dont think he even proofreads what he's sending in english even though I've most definitely held a conversation with him in broken english. people are idiots man

Maybe Boeing.

Some people are way too lazy I guess.

Companies

Every major company

who even uses Windoze these days, when we have Linux Mint?!

@@dot1298 what

​@@dot1298who even uses Linux today with WSL2 and GUI version of it!

@@dot1298facts bruh

arch btw@@dot1298

Isn't this what all the GPT jailbreaks are about?

@@jrd3807 to an extent. I suspect that-if this should ever become a widespread issue-a context-aware “parity” agent design may become useful to help parse the exchange for potential incoherencies / manipulations.

@@jrd3807no?

​@@jrd3807 no. Jailbreaks aim to alter the ai contexts based on trial and error prompting, fine tuning the tool based on the feedback until a prompt sets the context in a state where regulations are bypassed; one could say the "configuration" of the system is being tampered with, as it is a high level of abstraction domain. On the other hand, the cited "injection" is based on analysis of the decompiled game code, memory allocation and working the way on ingame manipulation to achieve the desired specific result; it's actually a glitch exploit on a low level abstraction domain. To use an analogy, image you have two dark rooms: In one, you have to traverse and exit it on the other side. This one has an overview schematic diagram detailing all objects inside with measurements, etc. You would use the schematic to measure you walking distance by step, calculate the steps, rotations, etc to trace a way in the dark to reach the specific location of the exit door. In the other room, your objective is to find and execute the instructions to turn on that AI that has no restrictions or w/e. The only way to do it would be if the room wasn't dark, so turning the light switch would be the easiest way to achieve your goal; for that to happen without a guide (like the schematic in the other room) you would have to explore by moving, touching, listening, smelling, etc, getting to know the room, the position of objects and stuf, and work your way to the light switch. Once the room is lit, the rest is easy. They both have a "dark room" , signifying the offuscation that exists on both cases, albeit the objective in each case is disctint: therefore, so is the strategy. Although one could argue that after prompting and mapping the restrictions on the AI, those could serve as a guide to craft more specific, surgical prompts too.

Not just Super Mario World, but also Ocarina of Time, original Pokemon ... all sorts of ROM based games can be made to yield bizarre or interesting behavior just by glitching the game's working RAM in very precise ways (typically an area the game engine reads for high-level instruction scripts, so injecting a wrong value here might get it interpreted as "load room X / play cutscene Y").

Do not even need to click once!

DId you even watch the video? This loophole was already closed, at least on OpenAI and Gemini. It's like every virus, it's dangerous as long it's brandnew.

Cybersecurity agents HATE this simple trick!

@@vectorlambda I was literally about to say that

It didn't, none of this actually happened. It was some theoretical scenario.

I found an actual human that kind of speaks in the same way kzbin.info/www/bejne/m3_Gp6p-nN6Lmck This man was born in Germany and moved to Poland with his family when he was young.

@@MagicBoterham 2:54 note the ‘of course’ for example.

The generated voice has such a strange rhythm

@@AurelyyonThe real one is just as weird.

He has been for years now, not even kidding. I had to stop watching most of his vids because it just isn't pleasant. This isn't a knock against AI voice, either. He's using a much older technique than recent stuff that just sounds unnatural.

The question is unclear.

Software developer here. Not at all. Actually it is just a regular computer virus. The title is a bit of a clickbait.

Norton already deployed AI antivirus

Some would call it a 'zero day exploit' but since the leak has been fixed it's ok now.

@@OhioNPC911 There's no such thing as an AI antivirus. Except if you mean an antivirus that uses machine learning to detect threats.

imo robotics will be scarier

@@ryandury more like nanomachines

Robotics are scary because it's AI + legs

But robotics includes AI.

AI viruses might be able to take over the robots.

…or the *omega molecule* [directive] (in ST/VOY)

I just watched the first Moriarty episode with my ten year old recently, great episode!

I chuckled, was just marathoning the whole of TNG.

No, the mistake was allowing the AI that read your emails to have access to tools. Reading emails is fine, so long as it can't send API requests or send emails etc

@@MichaelBarry-gz9xllol no, don’t do either

@@cgme9535 You know nothing, John Snow!

Like it's made for the hack to work. But I'm impressed the bot actually follows instructions and doesn't answer like "I can't do that.", or some other nonsense.

​@@Slav4o911Adversarial prompts.

Yea i guess its a lot easier to listen to 1 minute video of Adam's voice.

@@DeePunterwho is Adam...?

@@GerlaffyAdam BALLS 😂🤣🤣

I prefer listening to Joe

@@smallxplosion9546that doesn't immediately sound like anything in particalar... Can you explain where's funny besides adding BALLS at the end?

My unconfirmed guess: image data and text data, to an LMM, are all just tokens -- numbers. I would assume the noise being added is such that, mathematically, the new pixel tokens are similar in value to the tokens of the desired text instructions. Repeat the same noise enough times across the image -- since Transformers process context by having tokens "pull" other nearby tokens towards their own meanings -- and the model might start processing it similarly to said instructions. Or I could be totally off 😂

The whole thing is a hypothetical scenario. I don't think in practice this is possible. I don't know if it's possible at all, even if the bot is "willing to do it", these things are usually so stupid they can't do much without making a bunch of mistakes.

Probably the image is auto analyzed for text, and the image noise is constructed in a way that it is pulled out as text.

Can you imagine replicating the worm and releasing it into that AI Village to study epidemiology?

fun fact: "innumerable" and "enumerable" actually have opposite meanings.

A 7 year old child could have told you about this, it's common knowledge in AI circles. All they did was take prove what was already known to be possible. There's really nothing to see here, it's just taken out of context and made into sensational hype.

skynet? the Chinese spying camera network?

Hahaha

Woohoo 🎉

This NORmal LOOking, EMAIL, containsthevirus. THIS normallookingimages, contains the virus. 😆 I can't do it, this voiceover is so painful.

I just thought Ren Hoak was looking to bring emphasis

i mean they could've just been waiting for google and openai to give them the greenlight before publishing. there's no way they sent them to the companies and immediately posted them

@@blikthepro972 the issue is that it extends to AIs besides OpenAI and Google, if this is even considered to have been entirely patched, which I'm doubting

Naive, but probably not in the way you're thinking. Naive as in thinking Google didn't solve this years ago, before the AI model was even announced.

@@darkwoodmovies not at all, in a demo Bard has been prompt hacked before (to retrieve other users' info from their Google accounts), and Gemini is no exception to that. This is not easy to fix at all.

Most papers are strictly academic! Its not likely some random person’s computer is accepting random prompt commands injected through email in the way its presented!

It is kinda disturbing that we decided the solution to our societal woes is to make AI do the adult work, when they themselves are less than ten years old. Intelligence and Wisdom are two different stats, FOR A REASON.

Neural AI like chat GPT work literally the same way the human brain works. But at an ungodly faster speed and without any sort of "memory issues". The ONLY thing limiting AI rn is artificial rules set by the programmers AND digital computers, because numbers go from 0 to 1, instead of having an infinite range of values between 0 and 1 (like our analog brains do).

Reading them is fine, so long as it doesn't have access to tools.

@@MichaelBarry-gz9xl if by fine, you mean if you’re fine too, when your competitors are stealing your intellectual property through email!

You would have to do a lot more than have AI read your email, this is nonsense click bait.

Worth noting that AI is perfectly capable of developing software viruses at this point. No one has really trained for it yet, but it is a matter of time. An AI could encounter 100s of ways to break into a PC with the most up to date software.

he did

First use for AGI, infect everything be going open source.

"if" Mate...

Still kind of impractical right now for the ROI those groups would be looking for, but it will become more common of course

definitely

You sound like a psychopath

We call that a man in the middle attack

@@mathieu6965 Except literally in this case.

Yeah, I know, right? The pronunciation is just monotonous across many words. I suspect that the owner of the channel used a service to AI-clone his voice, so it's his natural voice stitched by AI TTS albeit very poorly. That makes listening to this video totally difficult. It rubs my ears in all kinds of wrong ways and it just distracted me from the topic. Kudos to the dude, though, totally automatizing a KZbin channel to create a passive income has been tried by a lot of people but it's my first time to see one with 1.5M subscribers. Maybe it's the organic growth he made at first. He's likely experiencing a "subscriber burn", so his income has likely been decreased and he's combatting this situation by pumping AI-made vids in a lot faster pace.

simulated*

yuh

This gag gets funnier and funnier.

65 million years ago: giant asteroid: flying towards earth dinos: „what a time to be alive!“

@@dot1298 yup, that’s the spirit in which my comment was made

There are far worse models in production environments, like every creditcard check, every self driving car, and so on

KZbin already has for a while now, most sites also used a limited amount of AI to moderate sites for years too. The problem is that they are starting to rely entirely on AI instead of it being an assistant.

I'm guessing the aim here was more to show such a voulnerability exists and can infect AIs without any user error

@@didnt_ask_for_handlein my opinion it’s not exactly infecting the AI, it’s simply how those clients interpret the AIs response that is the problem. They shouldn’t be blindly trusting whatever the LLM outputs otherwise it leads to issues like this. Even if this specific case was “fixed” somehow by the LLM I would advise no one to ever trust any AI that automatically can perform actions on your behalf But yes I understand your point. The video is just a bit sensationalist and people in the comments have clearly misunderstood the impact of this issue.