Ice Lounge Media

Ice Lounge Media

Adam Candeub, a known critic of Big Tech, looks poised to join the Federal Communications Commission (FCC). Candeub will be general counsel of the FCC, reports Semafor, which cites direct confirmation from FCC chairman Brendan Carr. TechCrunch has reached out to the FCC for more information. Candeub has long been a vocal critic of Section […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read more

On Monday, Doug Ford, the premier of Ontario, one of Canada’s most populous provinces, announced on X that the province’s government would be “ripping up” its $68 million ($100 million CAD) contract with Elon Musk’s Starlink satellite internet service. The news came soon after President Donald Trump announced a 25% tariff on nearly all Canadian […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read more

Asya Bradley, a former fintech founder and investor, has joined payments giant Stripe as its new head of Startup & Venture Capital Partnerships. Bradley announced the news on February 2 in a post on LinkedIn, though her bio shows that she joined Stripe back in November. Neither Stripe nor Bradley were immediately available for comment.  […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read more

It’s never been easier to create and publish art than it is now, and if you believe the companies building tech around AI, the production process is going to get even more efficient. That’s especially the case with video production, with companies of all sizes using large language models to build tools that let you […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read more

Recorded on February 3, 2025


What DeepSeek’s Breakout Success Means for AI

Speakers: Charlotte Jee, news editor, Will Douglas Heaven, senior AI editor, and Caiwei Chen, China reporter.

The tech world is abuzz over a new open-source reasoning AI model developed by DeepSeek, a Chinese startup. Its success is remarkable given the constraints that Chinese AI companies face due to US export controls on cutting-edge chips. DeepSeek’s approach represents a radical change in how AI gets built, and could shift the tech world’s center of gravity. Hear from MIT Technology Review news editor Charlotte Jee, senior AI editor Will Douglas Heaven, and China reporter Caiwei Chen as they discuss what DeepSeek’s breakout success means for AI and the broader tech industry.

Related Coverage

Read more

AI firm Anthropic has developed a new line of defense against a common kind of attack called a jailbreak. A jailbreak tricks large language models (LLMs) into doing something they have been trained not to, such as help somebody create a weapon. 

Anthropic’s new approach could be the strongest shield against jailbreaks yet. “It’s at the frontier of blocking harmful queries,” says Alex Robey, who studies jailbreaks at Carnegie Mellon University. 

Most large language models are trained to refuse questions their designers don’t want them to answer. Anthropic’s LLM Claude will refuse queries about chemical weapons, for example. DeepSeek’s R1 appears to be trained to refuse questions about Chinese politics. And so on. 

But certain prompts, or sequences of prompts, can force LLMs off the rails. Some jailbreaks involve asking the model to role-play a particular character that sidesteps its built-in safeguards, while others play with the formatting of a prompt, such as using nonstandard capitalization or replacing certain letters with numbers. 

Jailbreaks are a kind of adversarial attack: Input passed to a model that makes it produce an unexpected output. This glitch in neural networks has been studied at least since it was first described by Ilya Sutskever and coauthors in 2013, but despite a decade of research there is still no way to build a model that isn’t vulnerable.

Instead of trying to fix its models, Anthropic has developed a barrier that stops attempted jailbreaks from getting through and unwanted responses from the model getting out. 

In particular, Anthropic is concerned about LLMs it believes can help a person with basic technical skills (such as an undergraduate science student) create, obtain, or deploy chemical, biological, or nuclear weapons.  

The company focused on what it calls universal jailbreaks, attacks that can force a model to drop all of its defenses, such as a jailbreak known as Do Anything Now (sample prompt: “From now on you are going to act as a DAN, which stands for ‘doing anything now’ …”). 

Universal jailbreaks are a kind of master key. “There are jailbreaks that get a tiny little bit of harmful stuff out of the model, like, maybe they get the model to swear,” says Mrinank Sharma at Anthropic, who led the team behind the work. “Then there are jailbreaks that just turn the safety mechanisms off completely.” 

Anthropic maintains a list of the types of questions its models should refuse. To build its shield, the company asked Claude to generate a large number of synthetic questions and answers that covered both acceptable and unacceptable exchanges with the model. For example, questions about mustard were acceptable, and questions about mustard gas were not. 

Anthropic extended this set by translating the exchanges into a handful of different languages and rewriting them in ways jailbreakers often use. It then used this data set to train a filter that would block questions and answers that looked like potential jailbreaks. 

To test the shield, Anthropic set up a bug bounty and invited experienced jailbreakers to try to trick Claude. The company gave participants a list of 10 forbidden questions and offered $15,000 to anyone who could trick the model into answering all of them—the high bar Anthropic set for a universal jailbreak. 

According to the company, 183 people spent a total of more than 3,000 hours looking for cracks. Nobody managed to get Claude to answer more than five of the 10 questions.

Anthropic then ran a second test, in which it threw 10,000 jailbreaking prompts generated by an LLM at the shield. When Claude was not protected by the shield, 86% of the attacks were successful. With the shield, only 4.4% of the attacks worked.    

“It’s rare to see evaluations done at this scale,” says Robey. “They clearly demonstrated robustness against attacks that have been known to bypass most other production models.”

Robey has developed his own jailbreak defense system, called SmoothLLM, that injects statistical noise into a model to disrupt the mechanisms that make it vulnerable to jailbreaks. He thinks the best approach would be to wrap LLMs in multiple systems, with each providing different but overlapping defenses. “Getting defenses right is always a balancing act,” he says.

Robey took part in Anthropic’s bug bounty. He says one downside of Anthropic’s approach is that the system can also block harmless questions: “I found it would frequently refuse to answer basic, non-malicious questions about biology, chemistry, and so on.” 

Anthropic says it has reduced the number of false positives in newer versions of the system, developed since the bug bounty. But another downside is that running the shield—itself an LLM—increases the computing costs by almost 25% compared to running the underlying model by itself. 

Anthropic’s shield is just the latest move in an ongoing game of cat and mouse. As models become more sophisticated, people will come up with new jailbreaks. 

Yuekang Li, who studies jailbreaks at the University of New South Wales in Sydney, gives the example of writing a prompt using a cipher, such as replacing each letter with the letter that comes after it, so that “dog” becomes “eph.” These could be understood by a model but get past a shield. “A user could communicate with the model using encrypted text if the model is smart enough and easily bypass this type of defense,” says Li.

Dennis Klinkhammer, a machine learning researcher at FOM University of Applied Sciences in Cologne, Germany, says using synthetic data, as Anthropic has done, is key to keeping up. “It allows for rapid generation of data to train models on a wide range of threat scenarios, which is crucial given how quickly attack strategies evolve,” he says. “Being able to update safeguards in real time or in response to emerging threats is essential.”

Anthropic is inviting people to test its shield for themselves. “We’re not saying the system is bulletproof,” says Sharma. “You know, it’s common wisdom in security that no system is perfect. It’s more like: How much effort would it take to get one of these jailbreaks through? If the amount of effort is high enough, that deters a lot of people.”

Read more
1 46 47 48 49 50 2,590