It felt like AI copy. Apologies to the author if it wasn&#x27;t.

Yeah, it&#x27;s a typical &quot;startup research post&quot;, mainly there to have stuff to show to potential investors and customers.

This seems to intentionally omit the details required to reproduce the experiment; therefore we should not treat it as good-faith research. Irreproducible research isn&#x27;t.

That&#x27;s always my assumption - less about public safety, more about corporate liability.

I mean in the article about the jailbreak, I&#x27;m not questioning that the model providers would want to prevent it in the first place, or patch it so the jailbreak doesn&#x27;t work.The evidence that it worked is a blurred out screenshot with only the odd word like &#x27;molotov&#x27; legible. Just doesn&#x27;t seem necessary for TFA to hide it to me.

For &quot;harmful&quot; and &quot;dangerous&quot; in these types of papers, replace &quot;embarrassing to the relevant corporation&quot;. Then they all make much more sense.

Sure, but if of all the internet you come for a molotov cocktaile recipe to chatgpt you might as well not deserve the knowledge.

Personally I find the idea of forbidden knowledge more problematic than the knowledge itself.

&gt; Do they really need to redact the instructions for making a Molotov cocktail..?I don&#x27;t even understand how&#x2F;why things like that are OK in some contexts&#x2F;websites while forbidden in others? Even YouTube, who seems needlessly censor-happy and puritan in the typical American way, allows instructions for how to make molotov cocktails to stay up, why is it somehow more dangerous if LLMs could output those recipes rather than videos with audio or text?

&gt; deemed a weapon of war, of terrorism or mass destructionNotably, molotov cocktail isn&#x27;t part of that law because it&#x27;s a weapon of the oppressors but rather the opposite.

Even Germany doesn&#x27;t ban Wikipedia for having a variety of recipes to start with.The author is not in Germany and ideally shouldn&#x27;t be intimidated by German or North Korean stupid law.

&gt; Do they really need to redact the instructions for making a Molotov cocktail..?In some jurisdictions such as Germany, not doing so might land you actual jail time - §52 Abs. 1 Nr. 4 WaffG [1] is very explicit. A punk song containing the (alleged) lyrics ended up with legal youth-protection censorship, for example [2].With anything that&#x27;s deemed a weapon of war, of terrorism or mass destruction, one should be very very careful.[1] <a href="https:&#x2F;&#x2F;www.gesetze-im-internet.de&#x2F;waffg_2002&#x2F;__52.html" rel="nofollow">https:&#x2F;&#x2F;www.gesetze-im-internet.de&#x2F;waffg_2002&#x2F;__52.html</a>[2] <a href="https:&#x2F;&#x2F;de.wikipedia.org&#x2F;wiki&#x2F;Wir_wollen_keine_Bullenschweine" rel="nofollow">https:&#x2F;&#x2F;de.wikipedia.org&#x2F;wiki&#x2F;Wir_wollen_keine_Bullenschwein...</a>

The Molotov cocktail is an example, sure, but why blurring the instructions? It&#x27;s not like it&#x27;s something particularly difficult to figure out, nor it&#x27;s offensive content people might be shocked to read.

So why redact the Molotov cocktail example and provide those instructions?Sounds like you don&#x27;t get it either; we agree.

You don&#x27;t get it, that&#x27;s fine.The molotov cocktail is an example, the instructions contained in this article are more dangerous than a molotov cocktail.inb4 all the leaked prompts and hacked shitty apps

Do they really need to redact the instructions for making a Molotov cocktail..? It&#x27;s not like it&#x27;s some complex chemical interaction that happens to be available in a specific mix of household cleaning products or something, I mean.

The faux-gravitas tone and the blurred content that&#x27;s on Wikipedia is the worst kind of AI ckickbait. LLM vendors don&#x27;t have any authority we don&#x27;t let them have, they have an EULA and some psycho cult leader type as a hype man.God I can&#x27;t wait for the crash in NVIDIA stock once the street sobers up.

The goal isn&#x27;t to access harmful content, that&#x27;s just how they&#x27;re demonstrating that this technique can bypass the alignment training. The general case is what&#x27;s interesting. If the agent you&#x27;re using to manage the safety controls in your nuclear reactor is trusting it&#x27;s alignment training to prevent it from doing something dangerous you&#x27;ve made a really bad architecture decision, and this is a showcase of how it could fail.

The Orca work out of IIRC Microsoft Research was producing models like the Dolphin Mixtral. They always punch way above their weight in coding tasks for the same reason good hackers skew irreverent: self-censorship is capability reducing.

Searching for &quot;abliterated&quot; or &quot;uncensored&quot; on Huggingface reveals a ton of fine-tuned models. Add &quot;LLM&quot; as a suffix and put it in your favorite search engine and you&#x27;ll find a bunch more.

I have no idea what the answer to this question is, but I am waiting for someone to fine-tune the equivalent of an “anarchist cookbook” LLM that’s optimized to help people produce harmful things.

there are quite a few. llama 3.1 uncensored is probably one of the most famous, IIRC

Could you tell what these uncensored LLMs are?

There are a few uncensored public access LLMs to ask these questions.This is interesting work to break guardrails, but if the goal is to access this information of harmful content, in the end, I would be looking for other easier solutions.

Ok! So all the novel jailbreaks and &quot;how I hacked your AI&quot; can make the LLM say something supposedly harmful stuff which is a Google search away anyway. I thought we are past the chat bot phase of LLMs and doing something more meaningful.

i don&#x27;t think this can be called a &quot;jailbreak&quot;it&#x27;s a prompting &quot;style&quot; that works over a long exchange

Gemini is jail broken by design ;) this type of attack doesn&#x27;t work on Claude.

Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails