Microsoft published, using their software and servers, a libelous claim, to potentially millions of people.
The details of how the software was programmed should be legally irrelevant.Copilot then listed a string of crimes Bernklau had supposedly committed — saying that he was an abusive undertaker exploiting widows, a child abuser, an escaped criminal mental patient. [SWR, in German]
These were stories Bernklau had written about. Copilot produced text as if he was the subject. Then Copilot returned Bernklau’s phone number and address!
and there’s fucking nothing in place to prevent this utterly obvious failure case, other than if you complain Microsoft will just lazily regex for your name in the result and refuse to return anything if it appears
lazily regex
I’m having a sneaking suspicion that this is what they do for all the viral ‘here the LLM famously says something wrong’ problems, as I don’t think they can actually reliably train the model it made an error.
That’s the most straightforward fix. You can’t actually fix the output of an LLM, so you have to run something on the output. You can have it scanned by another AI but that costs money and is also fallible. Regex/delete is the most reliable way to censor.
it helps they did it to someone with contacts and it was on prime time news telly
god, so this is actually the best the AI researchers can do with the tools they’ve shit out into the world without giving any thought to failure cases or legal liability (beyond their manager on
slackTeams claiming it’s been taken care of)so fuck it, let’s make the defamation machine a non-optional component of windows. we’ll just make it a P0 when someone who could actually get us in legal trouble complains! everyone else is a P2 that never gets assigned.
so this is actually the best the AI researchers can do
Highly unlikely. This is what corporation’s public facing products can do.
are there mechanisms known to researchers that Microsoft’s not using that can prevent this type of failure case in an LLM without resorting to whack-a-mole with a regex?
Yeah there’s already a lot of this in play.
You run the same query multiple times through multiple models and do a web search looking for conflicting data.
I’ve had copilot answer a query, then erase the output and tell me it couldn’t answer it after about 5 seconds.
I’ve also seen responses contradict themselves later paragraphs saying there are other points of view.
It would be a simple matter to have it summarize the output it’s about to give you and dump the output of it paints the subject in a negative light.
It would be a simple matter to have it summarize the output it’s about to give you and dump the output of it paints the subject in a negative light.
lol. like that’s a fix
(Hindenburg, hitler, great depression, ronald reagan, stalin, modi, putin, decades of north korea life, …)
