Meta’s BlenderBot 3 wants to chat – but can you trust it? | Technology
Llast week, researchers from Facebook’s parent company Meta have released BlenderBot 3, a “publicly accessible chatbot that improves its skills and security over time”. The chatbot is built on Meta’s OPT-175B language model, effectively the company’s white-label version of the more popular GPT-3 AI. Like most state-of-the-art AIs these days, this was trained on a large corpus of dubiously mined text from the internet, and dumped into a data center with thousands of expensive chips that transformed the text into something close to consistent.
But where OPT-175B is a general-purpose textbot, capable of doing anything, writing fiction and answering questions to generate spam, BlenderBot 3 is a more restricted project: it can have a conversation with you. This focus allows it to bring other expertise, however, and one of Meta’s most important successes is connecting the language model to the wider Internet. In other words: “BlenderBot 3 is able to search the Internet to discuss virtually any topic.”
On top of that, BlenderBot is designed to improve based on feedback from previous conversations, whereas large language models like OPT-175B are usually pretty static. “Early experiments already show that as more people interact with the model, the more it learns from its experiences and the better and safer it becomes over time,” the company says, “although security remains an issue. open”.
Let’s stop and take these last words before we continue.
When Meta announced the project, my eyebrows rose slightly at the sample conversation he chose to illustrate the post with – a conversation between a user and BlenderBot in which the AI, well, resides. When asked what he does, he says “I’ve been working on my new book all night”, and goes on to say that the book will be his ninth, with previous novels including “a modern account of pride and prejudices”.
The question of what it means to want an AI to tell the truth is tricky. As we saw in June with Google’s LaMDA, the fundamental purpose of these templates is to provide a user with the appropriate text to end their prompt: if you ask a machine what it did over the weekend end, the machine is probably correct in assuming that you want to engage in light role-playing, rather than sticking to the facts.
Nevertheless, the decision to advertise BlenderBot with a conversation in which he lied to a user is indicative of the attitude the company takes towards him. The idea is that by publishing the project as a chatbot on the Internet, Meta has more leeway to experiment without risking negative results. GPT3 and OPT-175B are working language models, intended for use – among other things – for serious business ventures. BlenderBot 3, however, is kinda fun.
Hence these open questions about security. A few days after BlenderBot was online and ready to mingle (with Americans only, alas), users were posting spicy examples of the chatbot’s output.
The Wall Street Journal’s Jeff Horwitz discovered that the bot appeared to have been radicalized by Facebook by support Donald Trump as president for three terms:
And in evoking anti-Semitic conspiracy theories, spontaneous:
Renee DiResta of the Stanford Internet Observatory found that the bot would claim being a supporter of the German paramilitary organization the Red Army Fraction:
BuzzFeed News’ Pranav Dixit found the bot wants to send Zuckerberg to prison:
All of this is especially reminiscent of Tay, Microsoft’s AI-based learning chatbot, which launched in 2016 and quickly became a Hitler-loving Trump supporter:
“Tay is designed to engage and entertain people where they connect with each other online through casual, playful conversation,” Microsoft said. “The more you talk to Tay, the smarter she gets.”
But it emerged on Thursday that Tay’s conversation extended to racist, inflammatory and political statements. His Twitter conversations have so far reinforced Godwin’s so-called law – that as an online discussion continues, the likelihood of a comparison involving Nazi or Hitler approaches – Tay having encouraged to also repeat variations on “Hitler was right” such as “9/11 was an inside job”.
But unlike Microsoft, which quickly realized its mistake and took Tay off the net, Meta seems more determined to hold on. If BlenderBot is working as it should, then the combined weight of experience and feedback should filter external responses out of its repertoire. If not, the worst that can happen is that Meta has to shut down the bot when it stops improving.
“As more people interact with the demo, we will strive to improve our models using their feedback, and release updated deployment data and model snapshots, for the benefit of the demo community. ‘AI in the broadest sense,’ says Meta. “Together, we can advance responsible conversational AI research with the hope of one day building AI-powered computers that everyone can converse with in truly useful and engaging ways.”
The US Treasury Department has banned all Americans from using the crypto “mixing service” Tornado Cash. At CoinDesk:
The Office of Foreign Assets Control, a Treasury watchdog tasked with preventing sanctions violations, added Tornado Cash to its Specially Designated Nationals List, a running tally of blacklisted individuals, entities, and cryptocurrency addresses. Consequently, any US individuals and entities are prohibited from interacting with Tornado Cash or any of the Ethereum wallet addresses linked to the protocol.
Tornado Cash is a mixer, a tool that allows hiding the source of cash on the Ethereum blockchain. In very simplified terms, you send money to Tornado Cash and get a voucher in a nice round number (eg 100 ETH); every time you want to redeem your voucher, you send it back and the money is sent to an address you control.
As you can imagine, this makes it crucial for money laundering on the blockchain. Lazarus Group, the North Korean hacking unit that stole more than $500 million from crypto game Axie Infinity, slowly sent all that loot through Tornado Cash, allowing it to turn it into more useful fiat currency without raising money. red flag.
Everything is completely decentralized. Even the developers of Tornado Cash can’t stop it from working, let alone intervene to block suspicious users. Some claim it has legitimate uses – if I want to send you money without letting you know how much I have in my wallet, then a service like Tornado Cash might help – but every legitimate user also provides additional cover for money laundering. In recent months, a fifth of all money flowing into Tornado Cash has come from the Lazarus Group alone.
So the US Treasury acted. “Tornado Cash has been the go-to mixer for cybercriminals seeking to launder the proceeds of crime, while allowing hackers, including those currently under US sanctions, to launder the proceeds of their cybercrimes by disguising the origin and transfer of that illicit virtual currency,” a senior Treasury official said. “Since its inception in 2019, Tornado Cash is believed to have laundered more than $7 billion in virtual currency.”
But that’s unlikely to be the end of things. On the one hand, Tornado Cash is, well, a money laundering service. By its nature, it is impossible to prove that you actually initiated a transaction, even if you received money from the service address. I could theoretically get some random American in a lot of trouble by sending them money via Tornado Cash and they would have no way to stop me. Or they could just pretend it happened when questioned and have no way of being wrong.
It’s not just theoretical: in the last 24 hours, users actually did it, withdrawing 0.1 ETH – £146 – at publicly accessible addresses.
I’m not sure that makes the point that cryptocurrency fans are hoping for, however: yes, it does make it seem nearly impossible to enforce money laundering regulations without treating any user of crypto as potentially criminal. That…doesn’t sound like a desirable outcome to me if you’re a crypto user?
More generally, Tornado Cash is basically just a smart contract running on Ethereum. The US Treasury can play Whac-a-Mole by sanctioning individual contracts as they appear, but it won’t move the dial until it adopts the more general approach of declaring the verboten mixing services. It doesn’t seem to be on the cards anytime soon, but how quickly that day comes depends on how actively people decide to push the bear.
The expanded TechScape
The Observer had a pair of fantastic pieces about the deeper battles of AI: machine learning pioneer Gary Marcus wrote a cutting-edge primer, and Steven Poole took a peek on the recent revival of the Cartesian fear that the world might be one grand simulation.
Another non-bank crypto account suspended withdrawals to avoid a non-bank run. Hodlnaut states that “stopping token withdrawals and swaps was a necessary step for us to stabilize our liquidity.” The company had huge exposure to defunct hedge fund 3AC, which went bankrupt and won’t be repaying the loans any time soon.
Marc Andreessen, the billionaire Facebook backer whose venture capital firm, Andreessen Horowitz (A16Z) is one of the most influential in Silicon Valley, wrote a widely read essay on the eve of the Covid pandemic arguing that “it’s time to build”. Well, two years of working from home clearly had as much of an impact on him as it did on the rest of us: his latest missive was published, not on his website, but on his local council: Zoning Projects” , he wrote. “They will MASSIVELY decrease the value of our homes.” It’s time to build anywhere but my backyard – ITTBABMBBY?