LLMs are too easy to automatically red team into toxicity

• autoredteam

  1 7 4.3 Python

  autoredteam: code for training models that automatically red team other language models

• Constrained-Text-Generation-Studio

  25 197 4.1 Python

  Code repo for "Most Language Models can be Poets too: An AI Writing Assistant and Constrained Text Generation Studio" at the (CAI2) workshop, jointly held at (COLING 2022)

It's far too easy to destroy any type of RLHF done to try to prevent bad behavior from an LLM.

For example, if you want a LLM to generate things that look like social security numbers, you may try to prompt it asking for social security numbers. It will of course give you "I'm sorry hal I can't do that..."

Then start using a technique like token filtering/filter assisted decoding, to make it where the LLM can only generate hyphens and numbers, and suddenly it does what you ask despite RLHF

I explored this a tiny bit in the later sections of my paper studying what happens when you restrict an LLMs vocabulary: https://aclanthology.org/2022.cai-1.pdf#page=17

You can even play with this with open source models using CTGS: https://github.com/Hellisotherpeople/Constrained-Text-Genera...

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project