great article - it's very true that:

1. it's very difficult to verify how a llm will behave without running it 2. there is an intentional ignorance around the security issues of running models

I think this research makes the speculative concrete