upvote

points

by saghm10 hours ago |
comments
upvoteby jerf51 minutes ago|
next
[-]
I fed an unpublished draft of mine to an AI. I saw it searching the internet and prompted it with the fact it could stop searching, it was not published. From there it guessed that it was me on the spot, which I thought was kind of funny. Can't deny the meta-logic there.

It referred to me by my login name on the AI site rather than the name it would have used if it actually found my website, so I think it was more logic than an actual identification, but it had clearly corrupted the search enough to no longer be a valid test.

Which does make me wonder about the original article; if the AI has in context any sort of clue that the user is "Kelsey Piper" (a memory of their name, a username of kpiper or kelseyp, etc.), that will radically tip the balance in favor of the AI guessing that way just by the nature of LLMs. That is to say, it highly increases the odds of that guess even if it's wrong.

Even if that is the case, though, the general identifiability of writing remains true. It's been shown for a while with techniques a lot less powerful than a frontier LLM.

reply
upvoteby cg5057 minutes ago|
parent|
[-]
The author specifically discusses their efforts to avoid this sort of information leak which would obviously poison the result.
reply
upvoteby suriya-ganesh9 hours ago|
prev|
next
[-]
This is unlikely. The way model distribution works is that the model retains a lossy representation of James Micken's writing. Very likely, it cannot repeat Micken's writing verbatim. Neither can it reason about the training cutoff in this manner.

It's a lossy representation

reply
upvoteby saghm34 minutes ago|
parent|
next
[-]
I feel like you're making a logical leap here by assuming lossy and failure to reproduce in entirety implies inability to recognize. As a trivial example, I can take a sha256 hash of your comment here, lose the ability to reproduce it, but still have an extremely accurate ability to recognize whether some text is exactly your comment or not. Obviously hashing every substring would not be a particularly efficient strategy, but my point is that saying "it's lossy" isn't particularly compelling without other details.
reply
upvoteby sausagefeet8 hours ago|
parent|
prev|
next
[-]
I haven't been following it well but isn't part of the NYT lawsuit against OpenAI that it sometimes spits out NYT articles verbatim?
reply
upvoteby mapt44 minutes ago|
parent|
next
[-]
Genome analysis is also a lossy process that chops the data up into tiny bits, like a newspaper sent through a shredder. We then piece together matching sequences in a sort of puzzle. It's often a relatively inaccurate solution. Then we try to do that again with a different copy of the newspaper sent through a different shredder. And again. A genome might be comprised of 10x reads, 30x reads, 100x reads, with more replications representing higher confidence.

There might be ten million people who have quoted Harry Potter at some point in their blogs or forum posts. There are only so many words in the books.

reply
upvoteby Iulioh7 hours ago|
parent|
prev|
next
[-]
Study: Meta AI model can reproduce almost half of Harry Potter book

https://arstechnica.com/features/2025/06/study-metas-llama-3...

reply
upvoteby spacechild15 hours ago|
parent|
prev|
[-]
See also GEMA vs. OpenAI.
reply
upvoteby sigmoid106 hours ago|
parent|
prev|
next
[-]
It is lossy, but it is still enough for verbatim recreations. All of Wikipedia is just 24GB of lossless compressed text and all of JK Rowling's work fits into a few MB. So these things would easily be storable verbatim in trillion parameter models. Reasoning about the training cutoff is also something that the newest models do pretty well, because you can teach them to do so after pre training using e.g. SFT. With tool use it can then even check actual current sources, which may happen without you even knowing in the normal chat apps unless you use a controlled API call.
reply
upvoteby koiueo9 hours ago|
parent|
prev|
next
[-]
How do you know, how the model works? If there was an index of all Micken's writings, or even if the model searched the web before feeding the response to you, you wouldn't know by observing from the outside.
reply
upvoteby suriya-ganesh8 hours ago|
parent|
[-]
i suppose a quick test would be getting the model to write down Micken's essay end to end.

if the original essay was stuffed within the prompt window. the result will be word accurate.

unless this is a model trained specifically on Micken's essay (which claude is not).

reply
upvoteby saghm32 minutes ago|
parent|
[-]
This seems like a classic case of doing it being proof that it can happen, but not doing it being insufficient proof that it's impossible. I don't think there's a "quick test" of whether there might be a more effective prompt that would cause it to reproduce more effectively.
reply
upvoteby electroglyph7 hours ago|
parent|
prev|
next
[-]
that's in the ideal scenario where it's only seen a single copy of it tho
reply
upvoteby devmor8 hours ago|
parent|
prev|
[-]
Haven’t there been repeated experiments that show if you jailbreak most frontier models’ harnesses you can get them to output near verbatim copyrighted works?

I swear there was a whole court case about this in the last year.

reply
upvoteby sk8ordie36 minutes ago|
prev|
[-]
[flagged]
reply