Microsoft eggheads say AI can never be made secure – after testing Redmond's own products Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones. The 26 authors offered the observation that “the work of securing AI systems will never be complete" in a pre-print …
We used poisonous gases (With traces of lead)
And we poisoned their asses (Actually their lungs)
Binary solo
Zero zero zero zero zero zero one
Zero zero zero zero zero zero one one
Zero zero zero zero zero zero one one one
Zero zero zero zero zero one one one one
Oh, oh,
Oh, one
Come on sucker,
Lick my battery
This post has been deleted by its author
Over in Australia, "Zero1Guy" is tinkering away with Zero 1, including developing an interface to DCC...
"...a YouTube channel dedicated to the continued use of the Hornby Zero 1 model railway control system in the 21st century."
https://www.youtube.com/@zero1guy
Zero DCC
https://www.youtube.com/watch?v=nudz7MXzfmc
16 Controllers
Linux may have better security than windows but the user experience in Linux remains that painful that we’re still nowhere near desktop Linux taking off outside the programming community.
I’m not a programmer. I’m relatively able to do things in windows. Every few years I’ll give Linux a go for a week or two but the pain of it isn’t worth the security (at least for me, and based on the uptake of Linux this isn’t isolated)
My 75 year old father installed ubuntu himself on his laptop without assistance and without telling me about it.
He's been using windows his whole life and said he'd just had enough of the poor quality of Windows.
My brother was the same, though he's slightly more savvy, but certainly little more than a 'user'. I was somewhat astonished on both counts and so so proud.
My dog installed ubuntu on my laptop by himself. He said he read about Windows telemetry on a local forum and decided enough was enough.
So proud, I never ever mentioned operating systems in my life before and hadn't realised there was an alternative to Windows.
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
"With lots of boffins highly-educated in both LLMs and security, it may be possible to mostly-secure LLMs."
It may not be possible depending on what you want the machine to do. To secure it, some sort of constraints have to be put in place that might hinder it from doing the job expected. It doesn't save time or advance anything if the AI just keeps repeating "I'm sorry Dave, I can't do that".
Do the researchers know that Microsoft has always released software they know is full of security holes, because getting to market first and making piles of cash are a much higher priority for them? Expect this report to be buried very quickly, and replaced with some "look! it can write your emails for you!" guff, followed by "MIcrosoft takes security very seriously" statements whenever the latest LLM fuelled disaster occurs.
> Expect this report to be buried very quickly
My suspicion is that MS already saw how bad the report was, had decided never to release it in the first place and told their internal AI system to keep its contents strictly confidential.
And, well... here we are.
"Expect this report to be buried very quickly, and replaced with some "look! it can write your emails for you!" guff,"
I doubt it.
Will it ride my horse for me or take my car out for a Sunday drive without my needing to be there?
One thing that would be handy is if I could buy a model set that understands PCB routing of high speed circuits and I can sit back and let it route a board for me that takes into account grounding, inductance/capacitance and track spacing that works every time. It can take all night if necessary while I go do something else.
while I go do something else.
While you go for a walk with your Boston Dynamics "Rebel" and get into some situation, to be rescued in the nick of time by the arrival of Boston Dynamics "Champion"
'The case study is suggested as having the potential to “exacerbate gender-based biases and stereotypes.”'
You mean a statistically based model will output something weighted by the material it ingested? Well there's a surprise.
Stereotypes may often have some grounding in reality, and they'll definitely show up in all the text and imagery used for training because it's an inevitable consequence of there being a stereotype or bias in the first place; the model recreates what exists around it.
The only way you're going to dial that stuff out is using artificial datasets that only represent the desired views which are themselves not going to be neutral but just another set of biases and stereotypes...
Just like most of the other flaws this is fundamental to the technology and as such is a risk that can't be fixed or robustly mitigated.
Next they'll be complaining about black box models that can't be properly validated because of the way they're created.
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
As someone who worked with Neural Nets since last century and has worked in software certification for nearly 2 decades, I can say that on a small scale certification has been achieved i.e. the weights for the NN are loaded in at the start of each execution and so are repeatable and testable.
On anything more than a couple of thousand nodes it is just not practical to keep reloading, and obviously weightings are going to change over time, and so what is running is not what was tested.
This post has been deleted by its author
..and they're wrong.
The usual Microsoft haters will spam these comments, but the situation for neural networks is even more dire than for procedural code because the dimensionality of the input, output, and intermediate state is that much greater. If you test that space against adversary you will always find it lacking. You can't sanitise input without destroying the neural net's killer-app ability to generalise on inputs its never seen before. You can't sanitise output without neutering its usefulness to the level of expert systems with a fixed number of outcomes. You can't threaten them with prosecution and imprisonment if they aid the threat actor because they don't have a self-preservation value system like typical humans do. All you can really do is make sure they're not tasked with anything too important.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
