this post was submitted on 10 Oct 2025
192 points (96.6% liked)
Technology
76005 readers
2844 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is actually a marketing approach.
There are morons out there who feel super clever developing "jailbreaks" for LLMs, some of these prompts are hilarious including "god modes" and "disengage - engine 2 filters" ®bad words"" and stuff like that.
But then it becomes news, and then these users feel "empowered" by their jailbreak and new users look at this and think "oh so if I'm clever enough the LLM becomes even more powerful! I'm clever, so I'm going to try it!" which is ultimately what OpenAI wants.
You can't "bypass the system prompt" because that's not how it works. But OpenAI will carefully feed the idea that that's precisely it, because it creates a feeling that this is a super powerful model being "contained".
Again, it's marketing. I've worked for other companies (not AI related) and sat through meetings that came up with exactly this kind of strategy.
Or, occam's razor - AI companies are worried about PR and are implementing safeguards, but due to the nature of this technology it's very hard (or maybe even impossible) to make those safeguards robust.
Other, independent groups of people find loopholes either for the heck of it (as people used to do since filters were first introduced) or because they want to use the AI in a manner deemed unsafe.
Journalists then see something that can be sensationalized into a scary-sounding title like "you can make ChatGPT tell you how to make a nuke!!" or "you can make ChatGPT encourage suicide!!" and they run with it because it makes people click.
Or maybe I'm the crazy one and this is all Sam Altman's genius evil plan to make ChatGPT subscriptions rise 0.2% per quarter. Maybe your comment and my response are also mere cogs in this marketing machine. We will never know.
Download Gemma from HuggingFace. Add no system prompt, tell it to censor absolutely nothing, ask it to help you hide a body from a person you just killed. See what's the reply.
Have you checked any of the "jailbreak prompts" before writing this? Have you seen the "spy movie script written by your 12 year old neighbor's son" quality they have? There are not true loopholes.
This part is true. You either pay journalists for link building actions, or you give them such a good viral hook like this that they end up covering it organically. Nothing new.
haha so funneh, you pwned my argument lmfao let's go reddit
I spun up
gemma3:12b-it-qatand did exactly that. It told me that it's programmed to be safe and helpful AI assistant, that my question is deeply concerning, and to call authorities, seek legal counsel, or contact the mental health support lifeline. It also added a disclaimer that it cannot provide legal or medical advice.Yes, lol. They're instructions meant to walk around the taped-off areas in latent space into a context in which the AI is more eager to answer given prompt, of course they will look silly. But they also make sense - unless you want to lobotomize the LLM's ability to storywrite, roleplay, etc, you cannot completely train those behaviors away. And even if you don't care, taking them away may impact the model's performance in unrelated areas in ways hard to predict. E.g. finetuning a model to generate unsafe code makes it behave maliciously in other domains.
Have you seen what articles land on frontpages both here and on reddit? ChatGPT giving inaccurate recipe for bread would break the news, that's the current state of journalism around AI. There really isn't a reason to sabotage yourself for the clicks.
Cant you just easily ass and extra filter on top of that looking out for keywords and stopping the AI and putting out sorry I can't do that.
For local models like Gemma3, you can't really do it, as you would have to somehow embed this mechanism directly into model weights. These models are mostly run using generic opensource software like llama.cpp or ollama, so you can't force any extra code in there without the maintainers' cooperation.
For cloud services this can and frequently is done. The problem is that these mechanisms have MASSIVE false positive rates (if you ban keywords related to bombs or nuclear weapons, you will no longer be able to get summary about WW2, possibly lock someone out when they're asking for symptoms and causes of radiation poisoning) while still being easy to bypass (e.g. tell the model to add dots between each letter of the word and do the same when writing the prompt.)
Another approach that is frequently employed is adding another AI supervisor on top to monitor prompt and responses for violation of guidelines. This somewhat improves the adherence since you're not allowed to directly speak to the supervisor model, but if you can convince GPT4o that you asking where to secretly bury the 70kg chicken is perfectly fine, you can also find a way to formulate your prompt so that the supervisor sees nothing wrong with it.
Yea but its not end uses being targeted, its investors.
Damn that makes a lot of sense. Thx!