Law
GenTel-Safe: A Unified Benchmark and Shielding Framework for Defending Against Prompt Injection Attacks
Li, Rongchang, Chen, Minjie, Hu, Chang, Chen, Han, Xing, Wenpeng, Han, Meng
Large Language Models (LLMs) like GPT-4, LLaMA, and Qwen have demonstrated remarkable success across a wide range of applications. However, these models remain inherently vulnerable to prompt injection attacks, which can bypass existing safety mechanisms, highlighting the urgent need for more robust attack detection methods and comprehensive evaluation benchmarks. To address these challenges, we introduce GenTel-Safe, a unified framework that includes a novel prompt injection attack detection method, GenTel-Shield, along with a comprehensive evaluation benchmark, GenTel-Bench, which compromises 84812 prompt injection attacks, spanning 3 major categories and 28 security scenarios. To prove the effectiveness of GenTel-Shield, we evaluate it together with vanilla safety guardrails against the GenTel-Bench dataset. Empirically, GenTel-Shield can achieve state-of-the-art attack detection success rates, which reveals the critical weakness of existing safeguarding techniques against harmful prompts. For reproducibility, we have made the code and benchmarking dataset available on the project page at https://gentellab.github.io/gentel-safe.github.io/.
A Critical Look at Meta-evaluating Summarisation Evaluation Metrics
Dai, Xiang, Karimi, Sarvnaz, Fang, Biaoyan
Effective summarisation evaluation metrics enable researchers and practitioners to compare different summarisation systems efficiently. Estimating the effectiveness of an automatic evaluation metric, termed meta-evaluation, is a critically important research question. In this position paper, we review recent meta-evaluation practices for summarisation evaluation metrics and find that (1) evaluation metrics are primarily meta-evaluated on datasets consisting of examples from news summarisation datasets, and (2) there has been a noticeable shift in research focus towards evaluating the faithfulness of generated summaries. We argue that the time is ripe to build more diverse benchmarks that enable the development of more robust evaluation metrics and analyze the generalization ability of existing evaluation metrics. In addition, we call for research focusing on user-centric quality dimensions that consider the generated summary's communicative goal and the role of summarisation in the workflow.
Jointly modelling the evolution of community structure and language in online extremist groups
Group interactions take place within a particular socio-temporal context, which should be taken into account when modelling communities. We propose a method for jointly modelling community structure and language over time, and apply it in the context of extremist anti-women online groups (collectively known as the manosphere). Our model derives temporally grounded embeddings for words and users, which evolve over the training window. We show that this approach outperforms prior models which lacked one of these components (i.e. not incorporating social structure, or using static word embeddings). Using these embeddings, we investigate the evolution of users and words within these communities in three ways: (i) we model a user as a sequence of embeddings and forecast their affinity groups beyond the training window, (ii) we illustrate how word evolution is useful in the context of temporal events, and (iii) we characterise the propensity for violent language within subgroups of the manosphere.
He's Been America's Weirdest Politician for Years. You Don't Know the Half of It.
New York City Mayor Eric Adams--who truly believes that God put him in that job--was indicted this week on five federal charges related to bribery, wire fraud, and accepting straw donations from foreign officials. The acts detailed in the nearly 60-page indictment from the Southern District of New York span a full decade of Adams' political career, dating back to his tenure as Brooklyn borough president and extending up through his current mayoral reelection campaign. Despite being the only mayor in NYC history to be charged during his tenure, Adams is still doing what he does best: refusing to budge an inch and clumsily making his case before a city that's long tired of his shenanigans. "From here, my attorneys will take care of the case so I can take care of the city," he declared during a rainy Thursday morning press conference, sheltering under a pavilion with members of the city's Black clergy. "My day-to-day will not change. I will continue to do the job for 8.3 million New ...
The Morning After: A 6 million fine for robocalls from fake Biden
The Federal Communications Commission (FCC) has officially issued its full recommended fine against political consultant Steve Kramer. This is after he initiated a series of robocalls to New Hampshire residents with pre-recorded audio of President Biden's voice, using deepfake AI technology. The fake Biden told voters not to vote in the upcoming primary, saying "Your vote makes a difference in November, not this Tuesday." Kramer must pay 6 million in fines in the next 30 days or the Department of Justice will handle collection, according to a FCC statement. Kramer doesn't just face a fine; he also has criminal charges against him.
China's Plan to Make AI Watermarks Happen
These are some of the things the Chinese government wants AI companies and social media platforms to use to properly label AI-generated content and crack down against misinformation. On September 14, China's Cyberspace Administration drafted a new regulation that aims to inform people of whether something is real or AI. As generative AI tools get increasingly advanced, the difficulty to discern whether content is AI-generated is causing all kinds of serious issues, from nonconsensual porn to political disinformation. China's is not the first regime to tackle this issue--the European Union's AI Act, adopted this March, also requires similar labels; California passed a similar bill this month. And China's previous AI regulations also briefly mentioned the need for gen-AI labels. However, this new policy outlines more details of how AI watermarks should be implemented by platforms.
BeanCounter: A low-toxicity, large-scale, and open dataset of business-oriented text
Many of the recent breakthroughs in language modeling have resulted from scaling effectively the same model architecture to larger datasets. In this vein, recent work has highlighted performance gains from increasing training dataset size and quality, suggesting a need for novel sources of large-scale datasets. In this work, we introduce BeanCounter, a public dataset consisting of more than 159B tokens extracted from businesses' disclosures. We show that this data is indeed novel: less than 0.1% of BeanCounter appears in Common Crawl-based datasets and it is an order of magnitude larger than datasets relying on similar sources. Given the data's provenance, we hypothesize that BeanCounter is comparatively more factual and less toxic than web-based datasets. Exploring this hypothesis, we find that many demographic identities occur with similar prevalence in BeanCounter but with significantly less toxic context relative to other datasets. To demonstrate the utility of BeanCounter, we evaluate and compare two LLMs continually pre-trained on BeanCounter with their base models. We find an 18-33% reduction in toxic generation and improved performance within the finance domain for the continually pretrained models. Collectively, our work suggests that BeanCounter is a novel source of low-toxicity and high-quality domain-specific data with sufficient scale to train multi-billion parameter LLMs.
Responsible AI in Open Ecosystems: Reconciling Innovation with Risk Assessment and Disclosure
Chakraborti, Mahasweta, Prestoza, Bert Joseph, Vincent, Nicholas, Frey, Seth
The rapid scaling of AI has spurred a growing emphasis on ethical considerations in both development and practice. This has led to the formulation of increasingly sophisticated model auditing and reporting requirements, as well as governance frameworks to mitigate potential risks to individuals and society. At this critical juncture, we review the practical challenges of promoting responsible AI and transparency in informal sectors like OSS that support vital infrastructure and see widespread use. We focus on how model performance evaluation may inform or inhibit probing of model limitations, biases, and other risks. Our controlled analysis of 7903 Hugging Face projects found that risk documentation is strongly associated with evaluation practices. Yet, submissions (N=789) from the platform's most popular competitive leaderboard showed less accountability among high performers. Our findings can inform AI providers and legal scholars in designing interventions and policies that preserve open-source innovation while incentivizing ethical uptake.
DANA: Domain-Aware Neurosymbolic Agents for Consistency and Accuracy
Luong, Vinh, Dinh, Sang, Raghavan, Shruti, Nguyen, William, Nguyen, Zooey, Le, Quynh, Vo, Hung, Maegaito, Kentaro, Nguyen, Loc, Nguyen, Thao, Ha, Anh Hai, Nguyen, Christopher
Large Language Models (LLMs) have shown remarkable capabilities, but their inherent probabilistic nature often leads to inconsistency and inaccuracy in complex problem-solving tasks. This paper introduces DANA (Domain-Aware Neurosymbolic Agent), an architecture that addresses these issues by integrating domain-specific knowledge with neurosymbolic approaches. We begin by analyzing current AI architectures, including AutoGPT, LangChain ReAct and OpenAI's ChatGPT, through a neurosymbolic lens, highlighting how their reliance on probabilistic inference contributes to inconsistent outputs. In response, DANA captures and applies domain expertise in both natural-language and symbolic forms, enabling more deterministic and reliable problem-solving behaviors. We implement a variant of DANA using Hierarchical Task Plans (HTPs) in the open-source OpenSSA framework. This implementation achieves over 90\% accuracy on the FinanceBench financial-analysis benchmark, significantly outperforming current LLM-based systems in both consistency and accuracy. Application of DANA in physical industries such as semiconductor shows that its flexible architecture for incorporating knowledge is effective in mitigating the probabilistic limitations of LLMs and has potential in tackling complex, real-world problems that require reliability and precision.
The Craft of Selective Prediction: Towards Reliable Case Outcome Classification -- An Empirical Study on European Court of Human Rights Cases
Santosh, T. Y. S. S., Chowdhury, Irtiza, Xu, Shanshan, Grabmair, Matthias
In high-stakes decision-making tasks within legal NLP, such as Case Outcome Classification (COC), quantifying a model's predictive confidence is crucial. Confidence estimation enables humans to make more informed decisions, particularly when the model's certainty is low, or where the consequences of a mistake are significant. However, most existing COC works prioritize high task performance over model reliability. This paper conducts an empirical investigation into how various design choices including pre-training corpus, confidence estimator and fine-tuning loss affect the reliability of COC models within the framework of selective prediction. Our experiments on the multi-label COC task, focusing on European Court of Human Rights (ECtHR) cases, highlight the importance of a diverse yet domain-specific pre-training corpus for better calibration. Additionally, we demonstrate that larger models tend to exhibit overconfidence, Monte Carlo dropout methods produce reliable confidence estimates, and confident error regularization effectively mitigates overconfidence. To our knowledge, this is the first systematic exploration of selective prediction in legal NLP. Our findings underscore the need for further research on enhancing confidence measurement and improving the trustworthiness of models in the legal domain.