re: U.S gov will get to decide who gets access to GPT-5.6

I got to be honest all this stuff smells like the government whoring itself out to market these models overselling themselves. Considering this admin essentially nakedly does pumps like this…

There’s a good many rabbit holes you can go down here.

The best place to start is googling the latest developments on what’s known as ‘LLM Mapping’ or ‘LLM Fingerprinting’. Specifically the folks looking at how fingerprinting can allow LLM exploits and expose vulnerabilities.

From there, you can go down the latest research paths where groups are trying to really get into the nuts and bolts of where and how probabilistic outputs are governed/mapped by deterministic processes like encoding, attention, etc. LINK

In my current line of work, there’s a good bit of research focused on tying these concepts to the physical properties of GPUs with the initial goal being efficiency focused; however, it’s not a difficult jump between efficiency and exploitation.

quote:

---

I got to be honest all this stuff smells like the government whoring itself out to market these models overselling themselves. Considering this admin essentially nakedly does pumps like this…

---

They have more big IPOs in the pipeline as well. This could be the feds helping them generate hype. But I think it really is a cyber security issue.

quote:

---

But I think it really is a cyber security issue

---

Did you see copy.fail ?

That was just a precursor and that is full root access to almost every single Linux distribution from the last 10 years all wrapped up in a 700 byte Python file.

quote:

---

LINK

---

I read the paper, it seems like the author is trying to build a new framework specifically for a fewshot approach.

It doesn't really have anything to do with exploitation of physical chip sets, that paper seems wholly unconnected to GPU architectures.

I ask because a Blackwell is different physically than Ampere which is also different than Hopper most methods of data poisoning ignore physical architectures as it's hard to guess what back end someone is running.

I'm really not familiar with Google's TPUs, but I do know that they are really really different.

Chat said I'd be one of the first... paid subscription has perks. Although I have to say I've been rolling quite nicely with 5.5.

quote:

---

It doesn't really have anything to do with exploitation of physical chip sets, that paper seems wholly unconnected to GPU architectures.

---

That paper doesn’t have anything to do with GPU architectures. That paper is more of an example of how recent literature is showing how to deterministically control heteroscedasticity of an LLM. Essentially drawing determinism out of what’s fundamentally a stochastic model.

I don’t know if the open literature is actively publishing exploits of gpu architectures yet or not. I’m just telling you it’s an active topic in the field. And yes, Ampere, Hopper, Blackwell, and Vera Rubin matter. However, at the transistor/ALU level, coupled with RISC, it makes all GPUs much more reverse engineer-able.

TPUs are a different story.

quote:

---

That paper is more of an example of how recent literature is showing how to deterministically control heteroscedasticity of an LLM. Essentially drawing determinism out of what’s fundamentally a stochastic model.

---

Thats been a long standing problem, but its always been seen as a data specific problem, (the generation of LLMs that always RNGed to 27 etc... which was consistent across a number of hardware architectures)

I'd like to see data on where people see RISC or the ALUs forcing determism more than the data. FP precision has drastically changed across NVidia chipsets, what chipsets do people think this hardware determism is actually predictable.

It would be very interesting, and I think it is way early to make a claim about Vera/Rubin as they are targeted at world models.

quote:

---

it makes all GPUs much more reverse engineer-able.

---

I would need to see data, thats a really bold claim.