Seems pretty easy to mitigate. Just strip out invisible characters from input?

NegativeLatency · 2024-10-15T15:45:58.000000Z

Easy enough for a human to understand but tricky for a computer

wruza · 2024-10-15T16:52:32.000000Z

It’s not tricky for a computer to sanitize all io to/from an LLM. You can even build it into an inference engine itself to avoid mistakes. The article just shifts (not necessarily intentionally) a well-known problem with crappycode into AI FUD territory.

vlovich123 · 2024-10-15T15:46:04.000000Z

Did you read the full article?

> As researcher Thacker explained: The issue is they’re not fixing it at the model level, so every application that gets developed has to think about this or it's going to be vulnerable. And that makes it very similar to things like cross-site scripting and SQL injection, which we still see daily because it can’t be fixed at central location. Every new developer has to think about this and block the characters.

yellow_lead · 2024-10-15T16:04:39.000000Z

Why dont we fix it at the "API" level, then? I.e OpenAPI or Claude's API could do this for everyone. I know some people host their own models, but this would lower the attack surface.

vlovich123 · 2024-10-15T16:13:45.000000Z

Even still, that means every new API and use case that they build has to have this protection (eg Sora and ChatGPT api vs internal web api).

crazygringo · 2024-10-15T21:30:28.000000Z

Seems perfectly reasonable to me.

We already have to protect against SQL and script injection, now we need to protect against Unicode injection.

Honestly surprised invisible Unicode characters haven't already been used for other types of attacks and that this is only an issue now.

ynniv · 2024-10-15T16:51:32.000000Z

Hosted models have APIs that will be patched, local models tend to use a handful of libraries that will also be patched. Yet Another Nothing Burger.