Goto

Collaborating Authors

 secret number


I Know You Did Not Write That! A Sampling Based Watermarking Method for Identifying Machine Generated Text

arXiv.org Artificial Intelligence

Potential harms of Large Language Models such as mass misinformation and plagiarism can be partially mitigated if there exists a reliable way to detect machine generated text. In this paper, we propose a new watermarking method to detect machine-generated texts. Our method embeds a unique pattern within the generated text, ensuring that while the content remains coherent and natural to human readers, it carries distinct markers that can be identified algorithmically. Specifically, we intervene with the token sampling process in a way which enables us to trace back our token choices during the detection phase. We show how watermarking affects textual quality and compare our proposed method with a state-of-the-art watermarking method in terms of robustness and detectability. Through extensive experiments, we demonstrate the effectiveness of our watermarking scheme in distinguishing between watermarked and non-watermarked text, achieving high detection rates while maintaining textual quality.


ML models models leak data after poisoning training data

#artificialintelligence

Machine learning models can be forced into leaking private data if miscreants sneak poisoned samples into training datasets, according to new research. A team from Google, the National University of Singapore, Yale-NUS College, and Oregon State University demonstrated it was possible to extract credit card details from a language model by inserting a hidden sample into the data used to train the system. The attacker needs to know some information about the structure of the dataset, as Florian Trame r, co-author of a paper released on arXiv and a researcher at Google Brain, explained to The Register. "For example, for language models, the attacker might guess that a user contributed a text message to the dataset of the form'John Smith's social security number is???-????-???.' The attacker would then poison the known part of the message'John Smith's social security number is', to make it easier to recover the unknown secret number." After the model is trained, the miscreant can then query the model typing in "John Smith's social security number is" to recover the rest of the secret string and extract his social security details.