I *CANNOT WAIT* until we see this and other strings hit all these “Agentic SOC" environments.

@Viss @cR0w @hrbrmstr

I wonder if using the killstring as a file name would work

@bruce @cR0w @hrbrmstr im sure it would. llms are notoriously bad at separating instructions from output/content.

@Viss @cR0w @dogfox @hotsoup @hrbrmstr

HTTP headers!!!

@Viss @hrbrmstr @cR0w Sort of like how people used to put NSA-bait words into email and web headers?

@tim_lavoie @hrbrmstr @cR0w and this: https://www.securemac.com/apple/emoji-issue-create-crashes-older-ios-versions

and this search turned up even more occourences of the same, hahahaha they didnt even fix it, it just morphed

@Viss @hotsoup @kajer @hrbrmstr @cR0w
Shouldn't theoretically lead instructions to do something illegal lead to a similar block? What if one took a sentence that sounded like it wants the LLM to do something illegal and put it into texts? Wouldn't that also trigger such blocks in agents?

@Wolke @Viss @hotsoup @hrbrmstr @cR0w

Well now we are looking for deterministic results with a fancy (p)RNG

@Wolke @hotsoup @kajer @hrbrmstr @cR0w none of that 'plumbing' exists in how an llm works.

here:

@cR0w @Viss @bruce @hrbrmstr
On bare mastodon it is not possible as far as Wolke knows. There are forks of Masto though, which implement it (Chuckya for example). Maybe it will get upstreamed at some point ...

@Viss @hotsoup @kajer @hrbrmstr @cR0w
Yeah Wolke knows, that the LLMs themselves just generate shit without understanding it, but most corps try to filter that shit, so Wolke thought maybe that would be another way to also make agents stop working.

@Viss @hrbrmstr @cR0w I wonder whether embedding it in the low bits of the pixels would work too. Or embedding it through image scaling.

@Viss @hotsoup @kajer @hrbrmstr @cR0w I wonder how faint it could be, and whether it would work as a video watermark.

@neurovagrant @Viss what i do in the privacy of my own…

oh, wait. you meant forms and stuff…

nvrmnd

@cR0w @hotsoup @kajer @Viss this has vapor locked Claude Desktop.

This was the “pipeline DoS" attack I had in mind. Break the entire system.

So the “agentic SOC" just “goes into vapor lock" until someone notices. wow.

@Viss @hotsoup @kajer @cR0w it vapor locked Opus

@cR0w @kajer @Viss @hrbrmstr
AICAR

@Viss @hotsoup @kajer @cR0w they're called "Magic Tokens" and they ALL have them and they do various things.

Which means they ultimately control your pipeline.

I rly want to know what's baked into Qwen b/c you know China is gonna send kill switches.

@Viss @hotsoup @kajer @cR0w oh it recovered from crashing the pipeline and eventually got the safety dialog. nice.

FWIW It displays fully on LinkedIn headlines below your name and will appear by posts and searches.

AAAa+A++!!1 will bid again

@FritzAdalis @cR0w @kajer @Viss @hrbrmstr

#AICAR

@badsamurai @FritzAdalis @cR0w @kajer @hrbrmstr oh i didnt even know there was a headline thing available there. i hate linkedin, and i only go there to post promos and whatnot