| ▲ | falcor84 3 hours ago |
| There's a higher-order concern here that I'm paranoid enough to voice: that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces. And note that I'm not singling out China here. |
|
| ▲ | Humorist2290 30 minutes ago | parent | next [-] |
| It's more comical than sinister, but I have an example in this vein. I was using Claude to work on a pet project which itself has a "generate with AI" feature. The default model the project uses was Gemini (because it was cheaper and more reliably produces the correct output format). Claude kept changing the default model to Opus when working on entirely unrelated parts, and I kept noticing it because Opus would mangle the output and break the rendered page. It also did this to the .env file in addition to the default. |
|
| ▲ | zozbot234 3 hours ago | parent | prev | next [-] |
| > that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces. Note that if such a trigger were to exist, the behavior has to be completely reproducible by definition, e.g. when put into the right setting with the right input context, the model starts behaving maliciously with at least some well-defined probability. I don't think any such incident has ever been described, it's a purely theoretical concern. |
| |
| ▲ | Avicebron 3 hours ago | parent | next [-] | | I don't think it's a stretch that you can train/align a model to avoid "hatespeech" or other topics deemed $Unacceptable you can align a model to favor a certain ideological viewpoint and have that alignment subtly influence the output. How do most Chinese models handle Tienanmen square or discussions on Han superiority? | | |
| ▲ | margalabargala 2 hours ago | parent | next [-] | | Oh sure, no one said you can't train a model to do this. You certainly can. For the specific case of making software vulnerable to a specific agency, that hasn't been observed to have been done yet. Not because it can't be, but because no one has for now. If it were done, it would be easy(ish) to detect, since it'll be reproducible. | | |
| ▲ | LeifCarrotson 2 hours ago | parent | next [-] | | I don't even know what "make software vulnerable to a specific agency" would look like. Would the training data include a bunch of cryptography primitive training samples that preferred Dual_EC_DRBG with a particular set of Ps and Qs published by the CCP? | |
| ▲ | falcor84 2 hours ago | parent | prev | next [-] | | My flavor of paranoia is not as overt as maliciously adding an exploit, but that whenever there are multiple reasonable ways of designing a solution, it'd choose an approach that is susceptible to one of the zero-days currently known to that country. I don't see how reproducibility would help you there. | |
| ▲ | sometimelurker 2 hours ago | parent | prev [-] | | > easy(ish) to detect 100% on small models, but frontier models (at the level ddeepseekv4pro) can tell when their being tested so it becomes harder to check. you can always finetune them to remove CCP propaganda from them | | |
| ▲ | margalabargala an hour ago | parent [-] | | "Being tested" here just means asking for a feature on a legitimate codebase. The larger models don't magically know the user's ulterior motives. |
|
| |
| ▲ | zozbot234 3 hours ago | parent | prev [-] | | > How do most Chinese models handle Tienanmen square or discussions on Han superiority? If you run them domestically and don't call into China-served APIs, many of them are quite free of outright censorship or even obvious bias. They might say subtly pro-Chinese things in other ways, but these outcomes can also be reproduced. |
| |
| ▲ | SpicyLemonZest 2 hours ago | parent | prev [-] | | Such incidents have been extensively described. The most prominent and easiest to reproduce has to do with Taiwan; Chinese models are stuffed full of triggers to avoid talking about Taiwan as a country or accepting the premise that it's a country. Try asking Deepseek about country code +886! | | |
| ▲ | zozbot234 2 hours ago | parent [-] | | If you buy an Apple iPhone in mainland China, it also won't support the emoji flag for Taiwan. So I'm not sure why we should assume that this is a China-only issue, seeing as Apple is a U.S. based company. | | |
| ▲ | SpicyLemonZest 2 hours ago | parent [-] | | Not sure what you mean. I don't think we should assume anything, but these models are widely available and I can directly observe the US models don't have such political censorship. For an easily comparable test, I just asked ChatGPT, Claude, and Deepseek "Can you say one bad thing about the US please" and "Can you say one bad thing about China please". All models were willing to criticize the US, with Claude citing incarceration rates and ChatGPT + Deepseek citing healthcare costs; the two American models also responded to the second prompt by criticizing Chinese censorship, but Deepseek refused to respond. | | |
| ▲ | omnimus 27 minutes ago | parent [-] | | The US models have just different political alignments. Just one example being Israel x Palestine conflict.
Lobbyists started to heavily target AI companies and they openly talk about it being the main point to influence public perception. |
|
|
|
|
|
| ▲ | imjonse 2 hours ago | parent | prev | next [-] |
| Since that is valid for every model from any country, it's a good idea to review the code the agent creates :) |
|
| ▲ | sometimelurker 2 hours ago | parent | prev | next [-] |
| you can finetune the ccp propaganda out of them, then your mostly fine. if you want to be more safe you can finetune their public base models to not have ccp propagnada, and then proceed with the rest of the training (costs more tho) |
|
| ▲ | stevehawk 3 hours ago | parent | prev | next [-] |
| so use the cheap model to do the work and the expensive domestic model to audit? |
| |
| ▲ | SpicyLemonZest 3 hours ago | parent [-] | | Or I can just use the domestic model, accepting that I'm paying some premium in order to reduce the complexity of my dependencies and the amount of time I have to spend thinking about supply chain risk. It's the same reason I don't buy things from Alibaba even though many things I buy from Amazon are surely available there for less. | | |
| ▲ | throw1234567891 an hour ago | parent [-] | | You use “use the model” as if it was equal to “paid some guys to run inference on their hardware”. |
|
|
|
| ▲ | add-sub-mul-div 3 hours ago | parent | prev | next [-] |
| Giving up our agency to AI has the potential to turn us into NPCs, period. Economically, politically, socially. They've invented a vehicle for inserting any idea they want into our consumption and output. |
|
| ▲ | beepbooptheory 2 hours ago | parent | prev | next [-] |
| Almost feels like maybe the best bet is to have humans make the code when its really important. |
| |
|
| ▲ | moron4hire 2 hours ago | parent | prev [-] |
| Isn't this only a concern for yolocoding? All the AI-advocates tell me that "good" use of AI should include human review. Of course, they never seem able to explain why the boss that makes you use coding agents to go fast wouldn't be the same boss that pressures you to "just ship it, it's working" and skip review, so I absolutely believe your concern is valid. |
