Because in software we've defined an environment where every sw method of gaining privilege/escalation is hardened. As a result, usually the most reliable way to get escalation is via social engineering.
LLMs exist in an environment whose vulnerabke surface area is social engineering. How do you lock down a system against all possible social engineering?
Oh yah and the "system" isn't any computer system somewhere, it's the entire world itself.
So one of the problems the safetiests are trying to solve is How do you protect a messy system, the size/complexity of the entire world from social engineering? The answer is clearly not using traditional approaches which consistently fail.
And that's just one of the problems they're trying to solve.
Does my conflation here make any sense or have any applicabillity even tho the system is far more distributed or...I don't think I have a sufficiently robust mental model of any of this but I just don't know enough to dispute it.
But why does the LLM itself have "access to root" whatver that means in the OS equivalent of whatever it is they operate within in terms of the larger context?
There is a strong likelihood that these agent swarms will be significantly smarter and more effective at not only solving problems, but also operating in sync and spreading information and software than any human or group of humans. Put that in the context of the track record of avoiding privilege escalation we have with human actors, and the idea that these systems are connected to critical infrastructure and military assets.
LLMs exist in an environment whose vulnerabke surface area is social engineering. How do you lock down a system against all possible social engineering?
Oh yah and the "system" isn't any computer system somewhere, it's the entire world itself.
So one of the problems the safetiests are trying to solve is How do you protect a messy system, the size/complexity of the entire world from social engineering? The answer is clearly not using traditional approaches which consistently fail.
And that's just one of the problems they're trying to solve.