[jlukecarlson]

To the comments about this being easy to defeat: when it comes to detecting whether a person submitted a document containing LLM generated text (whether a law document, school essay, work document etc) the real value in a technique like this is high precision, not necessarily high recall.

Yes many people can circumvent this simple watermark technique but for those who don't, it is essentially guaranteed that they used a LLM if their text has clearly atypical unicode marks (Whether U+2004, ligatures, or variant selectors). Thus an organization can feel confident in taking action against the individual who submitted the document.

Whereas right now there are a bunch of dubious "LLM detector" models that output a confidence score that may or may not correspond to whether the person used an LLM. This low precision technique leads to people getting incorrectly accused of using LLM content.

So in my opinion, a world of high precision (but potentially low recall) LLM watermarks using simple techniques is way better than this current high-noise low precision black box world of low quality "LLM detector models"

[cm2187]

What I don't get is who will apply the watermark? Certainly not the company running the LLM (why would they degrade the output of a commercial product?). The people submitting text generated by the LLM have no interest to do that. The only people who have interest in this watermark are the recipient but they aren't involved in the production.

[gs17]

>why would they degrade the output of a commercial product?

For PR? It's not a degradation for legitimate uses of AI. It only degrades output being used in an attempt to mislead people. Someone using an LLM to e.g. translate would usually be fine admitting they used it. I'm working under the assumption this isn't intended for something like a code model where it would break things, but only for output being used as readable text.

[jnwatson]

A bunch of companies went to White House and promised they'd watermark their stuff.