[codingdave]

Yes, and it has been said since day one of LLMs that all we need to do is keep things that way - no action without human intervention. Just like it was said that you should never grant AI direct access to change your production systems. But the stories of people who have done exactly that and had their systems damaged and deleted show that people aren't trying to even keep such basic safety nets in place.

AI is getting strong enough that if people give some general direction as well as access to production systems of any kind, things can go badly. It is not true that all implementations of agentic AI requires human intervention for all action.

[Terr_]

My cynical rule of thumb: By default we should imagine LLMs like javascript logic offloaded into a stranger's web-browser.

The risks are similar: No prompts/data that go in can reliably be kept secret; A sufficiently-motivated stranger can have it send back completely arbitrary results; Some of those results may trigger very bad things depending on how you use or even just display them on your own end.

P.S. This conceptual shortcut doesn't quite capture the dangers of poison data, which could sabotage all instances even when they happen to be hosted by honorable strangers.

[jrflowers]

If you had made a tool that gave gpt-3 the ability to run arbitrary commands on your production systems you could have seen things go badly.

[Lalabadie]

Good news! Today's SOTA models can also make things go badly.

[jrflowers]

Yep. I don’t see how that metric indicates how… strong(?) a language model is.

[stuaxo]

Eh, these same people will attach openclaw to production systems soon and destroy their own companies.

[CamperBob2]

The problem is, out of ten companies who take this approach, nine will indeed destroy themselves and one will end up with a trillion-dollar market cap. It will outcompete hundreds of companies who stuck with more conservative approaches. Everybody will want to emulate company #10, because "it obviously works."

I don't see any stabilizing influences on the horizon, given how much cash is sloshing around in the economy looking for a place to land. Things are going to get weird, stupid, and chaotic, not necessarily in that order.

[flats]

One does not even need OpenClaw to achieve this outcome: https://x.com/lifeof_jer/status/2048103471019434248

[ffsm8]

Yeeeehaaaaa, the vibes shall never end!

On a more serious note, they were mostly f*cked by their paas provider imo. Claude will always do dumb shit. Especially if you tell it to not do something... By doing so you generally increase the likelihood of it doing it.

It's even obvious why if you think about it, the pattern of "you had one job, but you failed" or "only this can't happen, it happened!" And all it's other forms is all over literature, online content etc.

But their PaaS provider not scoping permissions properly is the root cause, all things considered. While Claude did cause this issue there, something else would've happened eventually otherwise.

[flats]

I absolutely agree with you.

Also, some folks seem to be forgetting the virtues of boring, time-tested platforms & technologies in their rush to embrace the new & shiny & vibe-***ed. & also forgetting to thoroughly read documentation. It’s not terribly surprising to me that an “AI-first” infrastructure company might make these sorts of questionable design decisions.

[AndrewKemendo]

Sounds like a pretty efficient self correcting mechanism

I’m not sure what the problem is there

[tikkabhuna]

The problem is that destruction isn't contained to the company. If an AI agent exposes all company data and that includes PII or health information, that could have an impact on a large number of people.

[AndrewKemendo]

PII breaches have been pretty consistently a problem for the last several decades, predating modern LLMs.

So that is a structural problem with their data and security management and operations, totally independent of the architecture for doing large scale token inference.

[ben_w]

Normalisation of deviance is the problem: https://en.wikipedia.org/wiki/Normalization_of_deviance

Remember that these models are getting better; this means they get trusted with increasingly more important things by the time an error explodes in someone's face.

It would be very bad if the thing which explodes is something you value which was handed off to an AI by someone who incorrectly thought it safe.

AI companies which don't openly report that their AI can make mistakes are being dishonest, and that dishonesty would make this normalization of deviance even more prevelant than it already is.

[AndrewKemendo]

That’s not a technical/AI problem in any sense, that’s a social problem in organizing and coordinating control structures

Further, it’s only a problem to the extent that the downsides or risks are not accounted for which again… is a social problem not a technological problem

This isn’t a problem for organizations that have well aligned incentives across their workflows

A well organized company that has solid incentives is not going to diminish their own capacity by prematurely deploying a technology that is not capable of actually improving

The issue is that 99% of the organizations that people deal with have entirely orthogonal incentives to them. They are then attributing the pain in dealing with that organization to the technology rather than the misaligned incentives

[ben_w]

> That’s not a technical/AI problem in any sense, that’s a social problem in organizing and coordinating control structures

As @TeMPOraL here likes to point out, it can be genuinely fruitful to anthropomorphise AI. I only agree with partially, that this is true for *some* of the failure modes.

> A well organized company that has solid incentives is not going to diminish their own capacity by prematurely deploying a technology that is not capable of actually improving

Sure, but society as a whole doesn't have the right solid incentives to make sure that companies have the right solid incentives to do this. We can tell this quite easily by all the stupid things that get done.

> The issue is that 99% of the organizations that people deal with have entirely orthogonal incentives to them.

This is also fundamentally the AI alignment problem, that all AI are trained on some fitness function which is a proxy for what the trainer wanted, which is a proxy for what incentives their boss gave them, which is a proxy that repeats up to the owners in a capitalist society, which is a proxy for economic growth, which is a proxy for votes in a democracy, which is a proxy for good in a democracy.

[AndrewKemendo]

Yes, AI encodes latent intent.

I wrote a whole ass paper at the end of 2022 demonstrating that unless we fix society we will deterministically create anti-social AGI because humans do not generate pro-social data.

https://kemendo.com/Myth-of-Scarcity.html