• [object Object]@lemmy.ca
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 month ago

    Why would the LLM tool have access to send recovery emails to non account verified emails at all?

    That’s insane.

    • vagrancyand@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 month ago

      Because AI bros are incredibly deluded about both the capability of AI, and by extension their own capabilities using AI>

    • Holytimes@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 month ago

      Recently I had to cancel an order. The support for the company was an LLM bot. I accidentally mistyped a number in the order id. It accepted it anyways refunded every order on my account that includes the product I wished to cancel.

      I tired to get to a human to correct the mistake and couldn’t their phone number is an LLM bot their only chat is an LLM bot.

      It use to not be. But now I’m sitting here the order in my hand cause the bot didn’t cancel it. But like 30 orders from the last few years have all been refunded to me.

      I tried to reach em a few more times but couldn’t and it’s been like a month. I just have like 2 grand usd that I shouldn’t and no way to give it back.

      So that’s fun.

      • rekabis@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Would sincerely love to know the name of the company. You know, to avoid them. Yup. I’m sure that’s the reason.

      • helpImTrappedOnline@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 month ago

        I hope you saved what you could from that exchange, as well the attempts to contact them. If they ever notice, their AI mistake will become your problem to deal with, (and the kind of news story to end up on a Steve Lehto video).

        If that happened to me, I’d have a chat with my bank, “please help me return this money to where it came from, it was payed in error. They have no way to contact a human and I don’t want them to accuse me of fraud down the line”.

    • guitarfosec@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Because one of the biggest companies on the planet that has issues with account takeovers clearly has no internal red team working on this stuff.

      • mint_tamas@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        I guarantee they do have a red team that most likely flagged this as an obvious and severe risk. It was ignored by suits experiencing AI psychosis.

        • [object Object]@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Kinda.

          If you designed a publicly addressable system since 1985 and didn’t design it for security then you’re asking for it.

              • mic_check_one_two@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 month ago

                It was largely overblown due to it getting banned. It was also published in the height of the Vietnam War, when the big evil communists were coming to brainwash your children into eating each other. It has a lot of blatantly incorrect info, which could be outright “blow up in your face” dangerous to anyone attempting the things in it. It’s not all wrong, but certain recipes have incorrect info that could easily lead to accidents.

                Also fair warning, the UK will give people hard prison time simply for owning it. So maybe keep that shit onion-encrypted if you’re in the UK.

              • Knock_Knock_Lemmy_In@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 month ago

                I linked to the Wikipedia article, not the handbook inself. And more for the (obsolete) phreaking content than the (highly dangerous) explosive content.

          • Spice Hoarder@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 month ago

            So, I’m currently developing a chatbot for my company. If an LLM needs to do something, a developer must build a tool. It just so happens that this tool that was built did not take traditional security into account. Really it should only be using the tools already built for users, but it seems the Jr. Devs that have been replacing seniors do not have the sensibilities yet.

  • KapmK@piefed.social
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 month ago

    Let the record show that the most sophisticated LLM in the world is ultimately just a less competent version of Yes Man from New Vegas. And even Yes Man knew his programmer was stupid for designing him that way.

  • Kaligalis@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 month ago

    So their chatbot is able to change the email address used to recover an account? I guess, they vibe coded that system.

    • Test_Tickles@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      1 month ago

      Probably not, that implies more competency than can really believe involved here.
      This is more likely something that an entire team had to force into the code over a holiday weekend because some VP got so fucking wasted that he “forgot” his password (strangely for once, he actually had the right password… But the problem is that he was trying to log into a charcuterie board).

    • Corkyskog@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 month ago

      Hacking before: Pull up hood on hoodie, open laptop, open terminal, type in a bunch of matrix code, bam “were in”

      Hacking now: “Hack into this thing for me” No! “Pretty please?” Access granted!

      • WolfLink@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 month ago

        Hacking by social engineering has always been far more common than hacking by exploiting code vulnerabilities.

        • Corkyskog@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 month ago

          I mean this is what see vs what we will see in movies and media. Don’t pretend for one instant that the next movie with a hacking scene won’t involve some AI marketing. They will make it something romantic like a poem you have to use to hack into the AI capabilities or something.

  • St.Elsewhere@threads.net@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    I remember playing with the Gandalf security AI showcase/game and every 30 or so prompts, it would spit out massive amounts of raw training data or dev directives. AI just isn’t there yet. If you’re using it for sensitive topics, I’m losing respect for you. There is no gray area. You are an idiot if you give your AI this level of access.

    • DeathsEmbrace@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      No, stop talking about all of this, its perfect. They’re so deep they don’t even give a shit about the worst type of security vector imaginable.

    • Cethin@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      It’s not just not there yet. This is almost certainly not going the right direction to ever be “there” if there is something that can handle security issues. It’s just not the right tool for the job, and I can’t understand how so much of our economy is just assuming it is the right tool for every job.

      • St.Elsewhere@threads.net@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Yes, yet. At a certain point, it will be at or above the capacity of an average call center employee. Not now. Not soon. If we aren’t all killed by drones, climate shifts, or radiation, maybe 20 years.

            • vagrancyand@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              Well given that’s the only possible relevant “AI” you could possibly be talking about, as we don’t even have an inkling about true general AI and have no technologies that even look like they could produce anything close to it, forgive me for making the obvious assumption.

              No, in 20 years no version of any technology currently in use will be replacing human employees or would have the capability of doing so. AI Bros jumped the gun and tried starting to do that with current tech, and now most companies are desperately hoping just throwing more compute power at the dead ends will make it magically work before the money runs out.

              • otp@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 month ago

                No, in 20 years no version of any technology currently in use will be replacing human employees or would have the capability of doing so

                That’s a pretty bold statement when technology advances have replaced or downsized the need for human roles in the past.

                The printing press, cars, typewriters, computers, emails and the internet, spreadsheet software and data visualization software, cloud infrastructure…

                Think about what technology looked like 20 years ago. Same with the job market. The same jobs are not available to the same extent at the same equivalent rates of pay. There are new jobs that are created, for sure. But saying that technology won’t advance in 20 years enough to reduce the need for human employees is short-sighted in my opinion.

                …of course, that’s assuming that you meant “technology won’t be replacing some human employees” and not “all” employees, lol

                • badgermurphy@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 month ago

                  First of all, 20 years ago, many aspects of computer technology were better. Sure, CPUs are faster, traces are smaller, monitors are clearer. But every core Internet age technology is practically identical to what it was in 1990, even. There is no email 2.0, still no easy large file sharing, and on on. Things that need improvement cannot be improved anymore because monopolies dont improve things, they entrap. Everything’s proprietary inside a walled garden and not interoperable. We’d probably be close to electronic telepathy by now if not for Big Tech.

                  And secondly, the previous poster said nothing anything like the current technologies will be AI. The LLMs we have now are a combination of plausible sentence assemblers, code auto-completers, travesty generators, and “Actually Indians”. That is not a stepping stone to a thinking machine, it is as he said, a sidetrack that leads to a dead end.

    • PhillyCodeHound@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Now it’s not even social engineering with AI. It’s just fucking asking for the credentials. Good fucking grief!

  • |IlI|lIIl|IlIll|Il|IllI|@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    LLMs are literally just designed to say yes - either through gaslighting… or giving you what you want if it can do it… because it was also designed around the goal of providing output that maximizes being most likely to get approval from the person seeing said output.

    So an answer to “Can you give me login credentials?” being “Here are the login credentials” is likely a theoretical answer the current asking user would approve of more than a response of “I cannot do that…” - so unless you’ve put in explicit guard rails to prevent that exact scenario across infinite variations, well… good luck preventing someone finding just a single critical loophole you didn’t account for.

    • gdog05@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I honestly don’t think you can create guard rails against prompt engineering in a working LLM. At some point, they’re going to fail or the LLM isn’t functioning. The only solution is to make sure they can’t read data you don’t want shared.

      • GamingChairModel@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        The only solution is to make sure they can’t read data you don’t want shared.

        Isn’t that the appropriate guardrail, then? LLM chats and agents and whatever need to be contained with external permissions settings that the LLMs simply do not and can never have the power to override.

        In a normal customer service setting with human agents, there are still plenty of examples of what a human agent simply doesn’t have the power to do. Often, they’ll need to escalate to a manager to do things like process refunds not just because they weren’t given social permission to do so, but because they weren’t given technical permissions to do so. LLM agents need to be contained in the same way. Any decent use of agents, human or software, requires carefully designed processes and permissions extrinsic to that agent’s own decisionmaking abilities to make sure that agents don’t do something bad for the company.

  • Passerby6497@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Good thing they’re rolling out premium accounts so they can pay for humans to do support.

    They’re gonna use it for humans right?!

    RIGHT?!?!

    lol no, zucc needs more money because his number isn’t high enough!

    • P1nkman@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      If humanity survives, I honestly think the greed will (and should now) be considered a mental illness.

      Jesus, give me $5 million dollars, and I’d live on it for the rest of my life. That’d be 0.01% of his net worth, and I’d be so happy. I think many of us would.

      But these people just want more. And more. They’re psychotic, and they’re ruining the world. We all know what they deserve.

    • rumba@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      I wouldn’t count on it.

      Securing these things is a freaking nightmare.

      Giving the AI authority is what makes it powerful, it can do what an army of customer service agents can’t.

      But keeping it reigned in then becomes the same exact level of problem.

      The best thing you can do is make tooling with protection and make the AI only use the tooling,