Replies (4)

waxwing's avatar
waxwing 1 week ago
Because you're thinking it should be even theoretically detectable? Afaict, not. The random token choices are still perfectly random in the paper's algo. The key insight is *normal LLM usage involves a random number stream*. To the extent that's true, these messages can't be suspicious (see what I said to @jimmysong ). But the argument depends on that being true.
Well, for example there are already tells when reading text you can intuitively feel whether something is AI driven or human thought text. My thought is that if there is now hidden text seeded within or influencing the output, then that could also have a tell that a sophisticated actor could learn how to detect. But it is just based on a feeling honestly. Not facts.
waxwing's avatar
waxwing 1 week ago
Part of it is the convenient fact that nowadays a lot of "innocent" text is AI generated; the security does not depend on it appearing non-AI like. The other part is the randomness thing I mentioned.
I re-read your point about the randomness. It flew over my head, but I get it now. LLMs naturally don't just pick the most likely next word, they naturally seed some randomness to it, and therefore there is nothing unusual about injecting randomness of your own into it. 🤯 nice.