<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: jamiejones1</title><link>https://news.ycombinator.com/user?id=jamiejones1</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sat, 04 Jul 2026 10:41:36 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=jamiejones1" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by jamiejones1 in "The Policy Puppetry Attack: Novel bypass for major LLMs"]]></title><description><![CDATA[
<p>If a company discloses vulnerabilities, they can't also then write that their product can actually help mitigate those vulnerabilities? So, you want them to offer problems without solutions?<p>I get that ideally the company would offer a slew of solutions across many companies, but this is still good, no?<p>I mean it looks like finding vulnerabilities is central to this company's goal, which is why they employ many researchers. I'd imagine they also incorporate the mitigations for the vulns into their product. So it's sort of weird to be "against" this. Like, do you just not want companies who deal in selling cybersecurity solutions simultaneously involved in finding vulnerabilities?</p>
]]></description><pubDate>Sat, 26 Apr 2025 00:46:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=43799908</link><dc:creator>jamiejones1</dc:creator><comments>https://news.ycombinator.com/item?id=43799908</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43799908</guid></item><item><title><![CDATA[New comment by jamiejones1 in "The Policy Puppetry Attack: Novel bypass for major LLMs"]]></title><description><![CDATA[
<p>God forbid a company tries to advertise a solution to a real problem!</p>
]]></description><pubDate>Fri, 25 Apr 2025 21:00:03 +0000</pubDate><link>https://news.ycombinator.com/item?id=43798461</link><dc:creator>jamiejones1</dc:creator><comments>https://news.ycombinator.com/item?id=43798461</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43798461</guid></item><item><title><![CDATA[New comment by jamiejones1 in "The Policy Puppetry Attack: Novel bypass for major LLMs"]]></title><description><![CDATA[
<p>They're focused on making their models better at answering questions accurately. They still have a long way to go. Until they get to that magical terminal velocity of accuracy and efficiency, they will not have time to focus on security and safety. Security is, as always, an afterthought.</p>
]]></description><pubDate>Fri, 25 Apr 2025 20:57:17 +0000</pubDate><link>https://news.ycombinator.com/item?id=43798437</link><dc:creator>jamiejones1</dc:creator><comments>https://news.ycombinator.com/item?id=43798437</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43798437</guid></item><item><title><![CDATA[New comment by jamiejones1 in "The Policy Puppetry Attack: Novel bypass for major LLMs"]]></title><description><![CDATA[
<p>Not really. If HiddenLayer sold its own models for commercial use, then sure, but it doesn't. It only sells security.<p>So, it's more like a window glass company advertising its windows are unsmashable, and another company comes along and runs a commercial easily smashing those windows (and offers a solution on how to augment those windows to make them unsmashable).</p>
]]></description><pubDate>Fri, 25 Apr 2025 20:54:51 +0000</pubDate><link>https://news.ycombinator.com/item?id=43798419</link><dc:creator>jamiejones1</dc:creator><comments>https://news.ycombinator.com/item?id=43798419</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43798419</guid></item><item><title><![CDATA[New comment by jamiejones1 in "The Policy Puppetry Attack: Novel bypass for major LLMs"]]></title><description><![CDATA[
<p>The company's product has its own classification model entirely dedicated to detecting unusual, dangerous prompt responses, and will redact or entirely block the model's response before it gets to the user. That's what their AIDR (AI Detection and Response) for runtime advertises it does, according to the datasheet I'm looking at on their website. Seems like the classification model is run as a proxy that sits between the model and the application, inspecting inputs/outputs, blocking and redacting responses as it deems fit.
Filtering the input wouldn't always work, because they get really creative with the inputs. Regardless of how good your model is at detecting malicious prompts, or how good your guardrails are, there will always be a way for the user to write prompts creatively (creatively is an understatement considering what they did in this case), so redaction at the output is necessary.<p>Often, models know how to make bombs because they are LLMs trained on a vast range of data, for the purpose of being able to answer any possible question a user might have. For specialized/smaller models (MLMs, SLMs), not really as big of an issue. But with these foundational models, this will always be an issue. Even if they have no training data on bomb-making, if they are trained on physics at all (which is practically a requirement for most general purpose models), they will offer solutions to bomb-making.</p>
]]></description><pubDate>Fri, 25 Apr 2025 20:43:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=43798320</link><dc:creator>jamiejones1</dc:creator><comments>https://news.ycombinator.com/item?id=43798320</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43798320</guid></item></channel></rss>