| ▲ | gnunicorn 2 hours ago | |
Just because everything is a potential threat vector now: doesn't this also mean you could easily put AI specific malicious instructions into the PDF that the regular human would never notice? Like the "white text between the lines that only appears when copy-pasted"-hack that some professors have been doing in their exercises to their students to include pink elephants in the output and stuff. But worse. Just thinking of a electricity bill pdf you provide as proof of address to some company that uses an LLM to extraxt that address and pre-process that doc. But instead we can command it to do something else that a regular human wouldn't even ever notice... Just a thought | ||
| ▲ | LPisGood an hour ago | parent | next [-] | |
Oh this happens all the time. When Apple announced they would be scanning everyone’s private iCloud data for CSAM, they had some “PSI” system which would at some point consider the content of a grayscale and reduced quality version of the image. The problem is that security researchers for years have known about pre-processing attacks where photos which appear as one thing (a dog in a yard) appear ad something completely different (a cat on a couch) once put through machine learning pre-processing. | ||
| ▲ | dmlittle an hour ago | parent | prev | next [-] | |
Yes, although that's not new. The amount of different exploits and RCE I've seen in the past decade from just "opening" an PDF is mind blowing. Not sure if it's slowed down but around 8 years ago ghostcript would patch a couple of RCE from PDF processing every few months. | ||
| ▲ | mschuster91 an hour ago | parent | prev [-] | |
> Just because everything is a potential threat vector now: doesn't this also mean you could easily put AI specific malicious instructions into the PDF that the regular human would never notice? Yup and there's so many memes floating around regarding that being used to bypass AI "resume reviewers" that it got academically reviewed [1]. | ||