undefined | Better HN

0 pointsGam_3y ago0 comments

>"today it somehow executed several hundred thousand threads of a python script that made perfectly timed trades at 8:31AM on the NYSE which resulted in the largest single day drop since 1987..."

this is hyperbolic nonsense/fantasy

0 comments

mk_stjames3y ago

Literally 6 months ago you couldn't get ChatGPT to call up details from a webpage or send any dat to a 3rd party API connected to the web in any way.

Today you can.

I don't think it is a stretch to think that in another 6 months there could be financial institutions giving API access to other institutions through ChatGPT, and all it takes it a stupid access control hole or bug and my above sentence could ring true.

Look how simple and exploitable various access token breaches in various APIs have been in the last few years, or even simple stupid things like the aCropalypse "bug" (it wasn't even a bug, just someone making a bad change in the function call and thus misuse spreading without notice) from last week.

hooande3y ago

This has nothing to do with ChatGPT. An api end point will be just as vulnerable if it's called from any application. There's nothing special about an LLM interface that will make this more or less likely.

It sounds like you're weaving science fiction ideas about AGI into your comment. There's no safety issue here unless you think that ChatGPT will use api access to pursue its own goals and intentions.

Jeff_Brown3y ago

They don't have to be actions toward its own goals. They just have to seem like the right things to say, where "right" is operationalized by an inscrutable neural network, and might be the results of, indeed, some science fiction it read that posited the scenario resembling the one it finds itself in.

I'm not saying that particular disaster is likely, but if lots of people give power to something that can be neither trusted nor understood, it doesn't seem good.

IIAOPSW3y ago

I'm sure that with the right prompting, you can get it to very convincingly participate as a party in a contract negotiation or business haggling of some sort. It would be indistinguishable from an agent with its own goals and intentions. The thing about "it has no goals and intents" is that it is contradictory with its purpose of successfully passing off as us: beings with goals and intents. If you fake it well enough, do you actually have it?

1 more reply

garblegarble3y ago

>Literally 6 months ago you couldn't get ChatGPT to call up details from a webpage or send any dat to a 3rd party API connected to the web in any way.

Not with ChatGPT, but plenty of people have been doing this with the OpenAI (and other) models for a while now, for instance LangChain which lets you use the GPT models to query databases to retrieve intermediate results, or issue google searches, generate and evaluate python code based on a user's query...

hattmall3y ago

You definitely could do that months ago, you just had to code your own connector.

FredPret3y ago

Oh yes. It would of course have to happen after the market opens. 9:30 AM.

alibarber3y ago

I'm also confused - maybe I'm missing something. Cannot I, or anyone else, already execute several hundred thousand 'threads' of python code, to do whatever, now - with a reasonably modest AWS/Azure/GCE account?

gtirloni3y ago

Yes. I think the point is that a properly constructed prompt will do that at some point, lowering the barrier of entry for such attacks.

alibarber3y ago

Oh - I see. But then again, all those technologies themselves lowered the barriers of entry for attacks, and I guess yeah people do use them for fraudulent purposes quite extensively - I’m struggling a bit to see why this is special though.

3 more replies

VectorLock3y ago

Conceivably ChatGPT could help, with more suggestions for fuzzing that independently operating malicious actors may not have been able to synthesize.

Most of the really bad actors have skills approximately at or below those displayed by GPT-4.

hgsgm3y ago

Seems easier to do it the normal way. If a properly constructed prompt can make chatGPT go nuts, so could a hack on their webserver, or a simple bug in any webserver.

hcks3y ago

If crashing the NYSE was possible with API calls, don’t you think bad actors would already have crashed it?

johnfn3y ago

How is this hyperbolic fantasy? We've already done this once - without the help of large language models[1].

[1]: https://en.wikipedia.org/wiki/2010_flash_crash

JW_000003y ago

Doesn't that show exactly that this problem is not related to LLMs? If an API allows millions of transactions at the same time, then the problem is not an LLM abusing it but anyone abusing it. And the fix is not to disallow LLMs, but to disallow this kind of behavior. (E.g. via the "circuit breakers" introduced introduced after that crash. Although whether those are sufficient is another question.)

johnfn3y ago

> then the problem is not an LLM abusing it but anyone abusing it

I think that's exactly right, but the point isn't that LLMs are going to go rogue (OK, maybe that's someone's point, but I don't think it's particularly likely just yet) so much as they will facilitate humans to go rogue at much higher rates. Presumably in a few years your grandma could get ChatGPT to start executing trades on the market.

1 more reply

zh33y ago

Not really. More behind the curve (noting stock exchanges introduced 'circuit breakers' many years ago to stop computer algorithms disrupting the market).

meghan_rain3y ago

/remindme 5 years

j / k navigate · click thread line to collapse

0 comments

mk_stjames3y ago

Literally 6 months ago you couldn't get ChatGPT to call up details from a webpage or send any dat to a 3rd party API connected to the web in any way.

Today you can.

hooande3y ago

It sounds like you're weaving science fiction ideas about AGI into your comment. There's no safety issue here unless you think that ChatGPT will use api access to pursue its own goals and intentions.

Jeff_Brown3y ago

I'm not saying that particular disaster is likely, but if lots of people give power to something that can be neither trusted nor understood, it doesn't seem good.

IIAOPSW3y ago

1 more reply

garblegarble3y ago

>Literally 6 months ago you couldn't get ChatGPT to call up details from a webpage or send any dat to a 3rd party API connected to the web in any way.

hattmall3y ago

You definitely could do that months ago, you just had to code your own connector.

FredPret3y ago

Oh yes. It would of course have to happen after the market opens. 9:30 AM.

alibarber3y ago

gtirloni3y ago

Yes. I think the point is that a properly constructed prompt will do that at some point, lowering the barrier of entry for such attacks.

alibarber3y ago

3 more replies

VectorLock3y ago

Conceivably ChatGPT could help, with more suggestions for fuzzing that independently operating malicious actors may not have been able to synthesize.

Most of the really bad actors have skills approximately at or below those displayed by GPT-4.

hgsgm3y ago

Seems easier to do it the normal way. If a properly constructed prompt can make chatGPT go nuts, so could a hack on their webserver, or a simple bug in any webserver.

hcks3y ago

If crashing the NYSE was possible with API calls, don’t you think bad actors would already have crashed it?

johnfn3y ago

How is this hyperbolic fantasy? We've already done this once - without the help of large language models[1].

[1]: https://en.wikipedia.org/wiki/2010_flash_crash

JW_000003y ago

johnfn3y ago

> then the problem is not an LLM abusing it but anyone abusing it

1 more reply

zh33y ago

Not really. More behind the curve (noting stock exchanges introduced 'circuit breakers' many years ago to stop computer algorithms disrupting the market).

meghan_rain3y ago

/remindme 5 years

j / k navigate · click thread line to collapse