| ▲ | deaux 7 hours ago | |
The fact that according to this reply section most of HN can't tell means that predictably, all hope is lost and there's no point in writing anything by hand any more if you're in it for money/engagement. While writing this I suddenly realized that marketers and writers probably do a better job at recognizing it than developers and engineers, so maybe all hope isn't. For those who want to know the tells: overall cadence and frequency of patterns - especially infrequency of patterns - are the biggest ones. And that means that we can't actually give you the best tells, because they're more about what is absent than what is present. What's absent is a single sentence pattern that falls completely out of the LLM go-toes. Anything human written has at most a good mix of both. LLM-written text just entirely lacks it. Humans do use the LLM-preferred patterns, but not for every single sentence. But anyway, here we go. > Transparently, the initial triage was frustrating; the report was dismissed as "Intended Behavior”. But after providing concrete evidence from Google's own infrastructure, the GCP VDP team took the issue seriously. ^ Fun fact - The ";" would've originally been an em-dash but was either rewritten or a rule was included for this. > Then Gemini arrived. ^ Dramatic short sentences, a pattern with magnitudes higher LLM-frequency than human frequency, but hasn't reached the public conscious yet a la "not just X but Y". > No warning. No confirmation dialog. No email notification. ^ Another such pattern. Not just because it's three of them, but also because of the content and repetition. Humans rarely write like that because it again sounds overly dramatic. It's something you see in fiction rather than a technical writeup. In a thriller. > Retroactive Privilege Expansion. You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you. This style of scenario writing is another one. > Nobody told you. Absolute drama queen. >The UI shows a warning about "unauthorized use," but the architectural default is wide open. Again. > The attacker never touches your infrastructure. They just scrape a key from a public webpage. Again. > These aren't just hobbyist side projects. The victims included major financial institutions, security companies, global recruiting firms, and, notably, Google itself. .. > A key that was deployed years ago for a completely benign purpose had silently gained full access to a sensitive API without any developer intervention. Surprised it hasn't gained consciousness by now. Maybe that's a future plot point. Here's a great example to train your skills on, because it's rare in that the ratio of "human : straight from LLM" increased gradually as the article goes on: https://www.wallstreetraider.com/story.html It started at heavy human editing (or just human-written), but less and less towards the end. The author confirmed this upon pointing it out, FWIW [0]. | ||