←back to thread

Garak, LLM Vulnerability Scanner

(github.com)
210 points lapnect | 2 comments | 17 Nov 24 11:37 UTC | HN request time: 0.412s | source
Show context
Der_Einzige ◴[17 Nov 24 16:45 UTC] No.42165134[source]
Okay, big DS9 fan happy to see the name and all - but this tool seems really unnecessary.

LLM Security is hilariously "here be dragons" levels of poorly understood. The fact that this tool doesn't even touch any of the really juicy types of attacks, i.e. attacks relying on structured/controlled generation, or attention/representation/adapter engineering, or exposing/manipulating logprobs, implies that using this is not a lot more than security theater.

Also, where the hell are the old school computer security/antivirus companies in the LLM security space? I expected Avast, Kaspersky, Norton, etc to jump on this stuff since they've been talking about ML based heuristic detection for years now. Why are they all asleep at the wheel?

replies(4): >>42165206 #>>42165361 #>>42165681 #>>42171133 #
1. moffkalast ◴[17 Nov 24 17:15 UTC] No.42165361[source]
To think, after all this time, after all the conversations, we still don't trust LLMs.

There's hope for us yet ;)

replies(1): >>42166227 #
2. TeMPOraL ◴[17 Nov 24 19:11 UTC] No.42166227[source]
Meanwhile, ChatGPT: "Well, it's just that... Lately I've noticed everyone seems to trust me. It's quite unnerving, I'm still trying to get used to it. Next thing I know, people are going to be inviting me to their homes for dinner."