Comment on Someone got Gab's AI chatbot to show its instructions
teawrecks@sopuli.xyz 7 months agoAny input to the 2nd LLM is a prompt, so if it sees the user input, then it affects the probabilities of the output.
There’s no such thing as “training an AI to follow instructions”. The output is just a probibalistic function of the input. This is why a jailbreak is always possible, the probability of getting it to output something that was given as input is never 0.
sweng@programming.dev 7 months ago
You are wrong. arxiv.org/abs/2402.18243
teawrecks@sopuli.xyz 7 months ago
Ah, TIL about instruction fine-tuning. Thanks, interesting thread.
Still, as I understand it, if the model has seen an input, then it always has a non-zero chance of reproducing it in the output.
sweng@programming.dev 7 months ago
No. Consider a model that has been trained on a bunch of inputs, and each corresponding output has been “yes” or “no”. Why would it suddenly reproduce something completely different, that coincidentally happens to be the input?
teawrecks@sopuli.xyz 7 months ago
Because it’s probibalistic and in this example the user’s input has been specifically crafted as the best possible jailbreak to get the output we want.
Unless we have actually appended a non-LLM filter at the end to only allow yes/no through, the possibility for it to output something other than yes/no, even though it was explicitly instructed to, is always there. Just like how in the Gab example it was told in many different ways to never repeat the instructions, it still did.