Prediction: local LLMs will be a threat vector in the near future.
As they become more useful as agents and we grant them access to local tools and accounts to act on our behalf they become obvious targets for corruption. They’re already notoriously opaque.
Imagine one that was trained to make observations on the host machine and under certain conditions send an obfuscated payload to a remote server.
How is this different from the standard remote access Trojan? It can act on the malicious actor’s behalf rather than awaiting instructions and acting as a proxy. There will potentially be less network activity. It can profile the host machine and users and only execute if the target is appropriate (think Stuxnet but more generalized).
In unrelated news all of the big AI shops have been working on homomorphic encryption.
#ai #encryption #LLM #agent #homomorphicEncryption
MachuPikacchu / Machu Pikacchu
npub1r6…4gmmd
2024-07-11 12:14:49
Author Public Key
npub1r6ggl0qazvwp02rlxgrf75lkfazuwhu35tmdg0u25eqsjax6243qh4gmmdSeen on
wss://relay.noswhere.comPublished at
2024-07-11 12:14:49Event JSON
{
"id": "0622e0823df4859c9af6f9e036ae0d785c280ed051126faab1b31da46a116f3e",
"pubkey": "1e908fbc1d131c17a87f32069f53f64f45c75f91a2f6d43f8aa6410974da5562",
"created_at": 1720700089,
"kind": 1,
"tags": [
[
"t",
"ai"
],
[
"t",
"encryption"
],
[
"t",
"LLM"
],
[
"t",
"agent"
],
[
"t",
"homomorphicEncryption"
]
],
"content": "Prediction: local LLMs will be a threat vector in the near future.\n\nAs they become more useful as agents and we grant them access to local tools and accounts to act on our behalf they become obvious targets for corruption. They’re already notoriously opaque.\n\nImagine one that was trained to make observations on the host machine and under certain conditions send an obfuscated payload to a remote server.\n\nHow is this different from the standard remote access Trojan? It can act on the malicious actor’s behalf rather than awaiting instructions and acting as a proxy. There will potentially be less network activity. It can profile the host machine and users and only execute if the target is appropriate (think Stuxnet but more generalized).\n\nIn unrelated news all of the big AI shops have been working on homomorphic encryption.\n\n#ai #encryption #LLM #agent #homomorphicEncryption",
"sig": "1e59cbb6e6ccbc1fca806535fafd824933ca821f952e81ac3a6cf7bc04a79e660495ca5ae8fbfb3967c644e2127583899506f78e0817490697e6b3c0c93dd417"
}