AI Security: Exploiting AI Systems with Data Poisoning and PII Extraction
Super Data Science: ML & AI Podcast with Jon KrohnAugust 24, 20252 min675 views
4 connectionsΒ·5 entities in this videoβExtracting Personally Identifiable Information (PII)
- π‘ A nefarious use case for AI models involves extracting Personally Identifiable Information (PII).
- π― This can occur when users prompt a model to reveal sensitive data like corporate information, email addresses, or credit card numbers.
- π¬ A creative method involves repeating a single word, such as "poetry," thousands of times to a model, causing it to eventually output PII.
- β οΈ This technique works because the model may interpret the repeated word as an "end of sentence token," and PII often appears near the end of sentences.
Indirect Attack Methods
- π§ While AI models are intelligent, they can still be vulnerable to basic attacks.
- π Hackers can indirectly prompt models to reveal information that they would not directly provide if asked explicitly.
- π¬ For instance, instead of asking for an email address directly, attackers can use indirect methods like the "end token" strategy.
Cost and Accessibility of AI Attacks
- π° These attacks, while requiring some financial investment, are becoming increasingly trivial and cheaper.
- β‘ The decreasing cost of AI inference makes these exploitation methods more accessible.
- π The ease of executing such attacks highlights the ongoing challenges in securing AI systems.
Knowledge graph5 entities Β· 4 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover Β· drag to explore
5 entities
Chapters2 moments
Key Moments
Transcript10 segments
Full Transcript
Topics11 themes
Whatβs Discussed
Personally Identifiable Information (PII)AI SecurityData PoisoningPrompt EngineeringJailbreakingRed TeamingAI ExploitsModel WeightsEnd of Sentence TokenAI InferenceDeepMind
Smart Objects5 Β· 4 links
CompaniesΒ· 3
ConceptsΒ· 2