Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?
The arstechnica article speculated it was more of a pattern of words thing.
I think it is lies, and doesn’t exist or work anywhere near as good as they claim. Or, its incredibly easy to bypass.
I think it exists and works but that its simply not in their best interest to have people use it and be found out that they used chatgpt, for OpenAI’s business/profit potential. I have nothing to back it up but have just lost all faith in OpenAI.
They sell the cheating tool and the detection software
It’s really sweet to play the arms race with oneself.
Im willing to believe it exists, but not that its any good. 99% is a crazy accuracy claim.
I van totally believe that it detects AI generated content 99% of the time, that’s trivial. What I really wanna know is the false positive rate. If I write a program that flags everything, it’d have a 100% hit rate. It’d also however have a crazy high false positive rate.
Especially if the claim that it’s undetectable by humans.
Research on this topic exists, and it is possible to alter the output of an LLM in minor ways, that statistically “watermark” the results without drastically changing the quality of the output. OpenAI has probably implemented this into ChatGPT.
https://www.youtube.com/watch?v=2Kx9jbSMZqA
I think the tool exists, and is (at least close to) as good as they claim it is. They can’t release it, because once the public can tell with high accuracy whether ChatGPT wrote some text, another AI can be developed to circumvent detection from this method, making the tool useless.
That is a long video, is the paper published somewhere?
Im willing to accept that you can statistically “watermark” the text, but I’m not convinced that it would be tamper resistant, which is a large part of what makes a watermark useful. If it can’t survive an idiot with a thesaurus, its probably not gonna be terribly useful.
It can likely also be defeated by adding “In the style of X” to a prompt, changing the distribution and pattern of the responses.
…but that output is also from the AI so it would still be watermarked lol
You could feed it through a different, smaller model that could even be self-hosted. It isn’t difficult to make a model that rephrases an input in another style.
Ah, okay. That’s fair. It wasn’t clear they meant a different system lol.
Not to mention that it would be extremely difficult to implement an effective watermark on text below a certain size
There are hundreds of thousands of pixels in an image where you can hide a watermark, but in a text output of a paragraph or less there are only a couple hundred characters.
How precise is the watermark? Is it a specific sequence of characters? Is it a sequence of words? A number of characters in a row? Non-print characters?
How precise the watermark is will determine how easy it is to get around. I imagine some of the most important uses to detect would be twitter/social media influence bots where the output length is only 140 characters or less. I find it hard to imagine a watermark on output of that size being effective or reliable.
Am I the only one who rewrites most of ChatGPT’s output into my own words because it’s “voice” is garbage anyway? I ask it to write me a cover letter and that gives me a rough outline and some points to make, but I have to do massive editing to avoid redundancy, awkward phrasing, outright lies, etc.
I can’t imagine turning in raw ChatGPT output. I had one of my developers use Bing AI to write code and submitted that shit raw and it was immediately obvious because some relatively simple code has really weird artifacts like overwriting a value that had no reason to even be touched.
Idk it looks good to me. Straight to the main branch you go.
For me I find it sounds too much like a marketing person or something I’d see in an ad or a website so I “dumb it down” a bit to make it not sound too corporate. Sometimes telling Chatgpt to do so fixes this though.
i use it to make outlines which are usually very good and then I use the class materials to flesh out the outlines in my own words. All my words but ChatGPT told me what to include and in what order.
Lol. AI gonna take over the developers job. Like that’s even close to happening.
Few years ago the output of GPT was complete gibberish and few years before that even producing such gibberish would’ve been impressive.
It doesn’t take anyone’s job untill it does.
Few years ago the output of GPT was complete gibberish
That’s not really true. Older GPTs were already really good. Did you ever see SubredditSimulator? I’m pretty sure that first came around like 10 years ago.
LLMs aren’t going to take coding jobs, there are specific case AIs being trained for that. They write code that works but does not make sense to human eyes. It’s fucking terrifying but EVERYONE just keeps focusing on the LLMS.
There are at least 2 more dangerous model types being used right now to influence elections and manipulate online spaces and ALL everyone cares about is their fucking parrot bots…
Please elaborate for the uneducated
They could inject random zero width non joiners to help detection too. Easy to defeat, but something a layperson would have to go through extra effort to filter out.
no. i bet it uses an algorithm setting optional words to specific variants over a given set of text.
but it sounds to me like they are figuring out how to monetize the cure for their disease
This has been known in the ML space forever. LLMs don’t actually output words/tokens, but probabilities for a long list of tokens, and the sampler picks one (usually the mostl likely token). And if you arbitrarily weigh these probabilities (eg 50% of possible token outputs are more likely than the other 50%, as a random example), it creates a “signature” in any text thats easy to measure. The sampler randomizes it a tiny bit, but that averages out in long texts.
It’s defeatable. I’m sure if you maken enough OpenAI queries, you can find the bias. I think a paper already tackled this. But this likely will stop the lazy absures, aka 99% of abusers, who should just use some other LLM if they really care.
Another open secret in LLM land is that OpenAI is actually falling behind open research efforts, hence its hilarious it took them this long to implement something so simple.
So if cheating on homework, use self hosted only then. Cool. I mean, they can’t possibly use that algorithm for every model on hugging face especially if I don’t tell anyone which one I use. I’m done with school after this semester anyway, I feel sorry for everyone in the future that has to complete assignments in the age of ai warfare.
As someone who fiddled with Stable Diffusion which also has optional invisible watermarks this is a good feature. It is so that AI training will avoid content marking itself as AI generated. If people want to hide that their content is AI generated then, sadly, it’s harder to detect.
Watermarking everything I digitally publish to keep my original content out of a training set.
Publishing a website full of de-watermarked AI slop to ruin future LLMs.
More info if you’re seriously considering it. https://codoraven.com/blog/ai/stable-diffusion-the-invisible-watermark-in-generated-images/
I don’t actually know if any model creators check for the watermark or not.
Arent there better methods to poison AI?
I have heard Glaze and Nightshade are good, but have never used them
I’m inclined to believe that they’re throwing all prompts and outputs into a db and searching that.
What’s the false positive rate tho
Humans instinctively do something analogous with natural language, using poetic forms like rhyme, meter, and alliteration. (For example, the speeches from Shakespeare’s plays are immediately detectable because they’re in iambic pentameter.)
Imagine you lacked the natural human ability to detect verse, making poetry indistinguishable from prose. As far as you could tell, it would be like an invisible watermark that only specialists could detect. LLMs can use a similar approach, making up their own patterns that are opaque to humans but detectable to themselves.
so the AI is going to say ‘like’ every third word?
That’s cool, but literally any other implementation won’t have that, or will have an incompatible watermark.
Exactly. The cat is out of the bag. I can still run my own LLM.
It’s a good thing that ChatGPT is only one of the many LLM’s to choose from.
In other news, mathematicians have been working hard on calculator detector software. Upon request for comment, leading mathematicians suggested a variety of ideas, such as such as secretly embedding a watermark “58008” (BOOBS) into the decimal parts of pi and e to more easily identify derived calculations. There was consistent sentiment among leading minds that “back in my day we had to work hard to do math, and walk up hill both ways in the snow to school”… and that “there’s nothing wrong with a good ol’ fashion abbicus, dag nabbit!”
Is “The Algorithm” just “we stuffed all our GPT responses into a Lucene index and look for 80% matches”?
Because that’s what I’d do.
