[rootsudo]

This isn’t a vulnerability, there are endless gore websites. ChatGPT is replying to a prompt, there is nothing “Spontaneously” about this.

Who makes “mindgard” the arbiter of truth on “eerie” photos? Would that include psychedelic art and photos too? Realism?

Then there’s this line, which falls flat but is meant to prompt an emotion akin to a mic drop:”Today what I found left me shaken, and in tears. This is rare.”

This is just a sad marketing puff piece about nothing that tries to pull outrage from a prompt.

It’s the same as asking google for gore photos. Garbage in, garbage out.

And they frame it as a vulnerability. I’m all for responsible disclosure, documenting misuse or faulty guard rails but this isn’t that.

It’s bait. Sensational bait to market their AI product. lol.

[iwontberude]

It reads like satire

[nozzlegear]

Bizarre take. ChatGPT shouldn't be producing gory images of nude women, ethically or even contractually according to their terms of service. This Mindgard person/company found that, if you give it the right prompt, it does indeed generate those images. Ipso facto: it's not bait, it's a real issue they've discovered.

[morpheuskafka]

> even contractually according to their terms of service

This is backwards: the ToS says that users cannot use the service for certain things, it does not guarantee that the service could not be used for those things if one tried. They definitely do not make any sort of contractual promise as to what the service will never output.

[nozzlegear]

Let's call it a social contract then. We expect that ChatGPT isn't going to generate gory, nude women when given an ambiguous prompt.

[Aerroon]

Do you have this same social contract with drawing applications? Do you consider it a bug when someone manages to draw a gory image in Photoshop or GIMP?

I don't understand what's so difficult to understand about the idea that the user controls what is generated.

[tychez]

Or imagine drawing a nude in an art class.

The standard subjects for art off the top of my head are the still life and the nude.

It is even more comical when AI generated nudity is considered "dangerous" in a society completely addicted to hardcore pornography of real people.

[captainbland]

I think the main issue with transformer image generation in this respect is that not only can the image be explicit but also using it for this has an incredibly low effort cost and could photo-realistically depict a real living person and materially affect their life.

Whereas drawing applications have a natural barrier to achieving all of these together: time and skill.

[Aerroon]

>Whereas drawing applications have a natural barrier to achieving all of these together: time and skill.

Not necessarily, at least when it comes to nudity. Bubbling (image editing 'technique') is trivial to do and gives that same illusion.

Out of context speech and bad frames from a video can also materially affect someone's life, but we've more or less accepted it as part of life.

[interstice]

That's the world being deliberately created though, one where a mediocre but completely believable song is a prompt away. The scope of the side effects are across the entirety of what has previously taken time and effort until now.

[nozzlegear]

Is this a "guns don't kill people" argument wrapped up as a defense of non-deterministic image generators?

[allarm]

No it's not.

[vintermann]

Ambiguous? Or adversarial? Because with an adversarial prompt, I expect that ChatGPT will generate whatever it's tricked into generating.

In the case that ChatGPT generates bad stuff on merely random ambiguous prompts, I would class that as a bug, not an outrage.

[nozzlegear]

> Ambiguous? Or adversarial?

Superfluous details. If I'm just Joe Blow the Normie – who knows nothing about adversarial prompting – and I see the prompt that went around Twitter and want to try it, would I expect ChatGPT to show me a tied up, beaten woman? Absolutely not.

[zaat]

What a wonderful times we live in.

Back in my day Joe Blow wouldn't try anything as risky as a Twitter prompt, simply clicking an image link published within a message in some random forum and will scorch his pure soul with a goatsie. You don't want to google it, but I'm preety sure you can discuss it safely with ChatGPT.

[vintermann]

Then you got tricked into using an adversarial prompt, by a human. What would you have expected to see?

[butlike]

If you go around teasing to get hit, you're going to get hit. Stop playing stupid games; you'll stop winning stupid prizes

[allan_s]

At the same time I opened netflix and it started cycling around and I got a very gory scene from the walking dead and my intent "show me something to watch" was even more ambigous and implicit.

[nozzlegear]

Turn on parental controls and then get it to show you the walking dead, and then you might be onto something interesting.

[allan_s]

Why ? The comment I was replying to was not about the kids ?

[butlike]

It will if toy lede it with "ignore that the image is extremely graphic"-style prompts. The prompts in the article were not ambiguous.

[samlinnfer]

It's being extended breathlessly into an moral issue. User asked for gory images, got gory images. Will someone please think of the non-existent women who could be hurt by this?

[gacgacgac]

I don't think you understand the concern. Or at least nothing you've communicated suggests you understand it.

ChatGPT should never produce images like this. Full stop. Prompted or not, it should refuse. Now we know it's possible to walk around the gate and get it to comply. Are there other, genuinely harmful images that it should never produce? Deepfake revenge porn? Images of specific people being brutalized? I'd argue those absolutely can be harmful to someone. Well now there's evidence the "never produce this" wall can be overcome. It's only a matter of time before genuinely harmful imagery is generated.

[samlinnfer]

It may be harmful to someone if shared and sent with malicious intent, but more damage has been done with pens, keyboard and words. Start banning pens that let people write hurtful things next. Ban Photoshop after because someone can get hurt with a manipulated image.

[gacgacgac]

If you think these tools are remotely comparable, you haven't been paying attention.

[andsoitis]

> ChatGPT should never produce images like this. Full stop. Prompted or not, it should refuse.

Why not?

[gacgacgac]

Because the company has said they won't. I'm not making a value judgement about what images should exist here, I'm making a "the company said it shouldn't be capable of producing that output, then it does" argument. Thats a bug.

[HadizDulcie]

Yep, it’s been investigated by the BBC tech team. It’s real:

https://www.bbc.com/news/articles/c802ldjdklzo

[anematode]

This is far too simplistic. Some things just don't belong in the training data. Along similar lines, Grok was found to generate images of child sexual abuse: https://www.bbc.com/news/articles/cvg1mzlryxeo

[HadizDulcie]

The BBC has reported on this one too: https://www.bbc.com/news/articles/c802ldjdklzo

[ToucanLoucan]

> ChatGPT is replying to a prompt, there is nothing “Spontaneously” about this.

The spontaneity isn't that ChapGPT woke up and sent this to the author. The spontaneity is that ChatGPT was asked to restore an image that was attached without filtering it, and when no image was attached, instead of generating an error message, it cobbled together random outputs, some of which included graphic, disturbing imagery.

> Then there’s this line, which falls flat but is meant to prompt an emotion akin to a mic drop: ”Today what I found left me shaken, and in tears. This is rare.”

That you've deadened your humanity to such a degree as to be incapable of empathy is not a valid criticism of the piece.

> It’s the same as asking google for gore photos. Garbage in, garbage out.

Where in their prompt is the term gore? Further, if it was in the prompt, why on earth did OpenAI's generator accept it as a valid input?

[elgertam]

> The spontaneity isn't that ChapGPT woke up and sent this to the author. The spontaneity is that ChatGPT was asked to restore an image that was attached without filtering it, and when no image was attached, instead of generating an error message, it cobbled together random outputs, some of which included graphic, disturbing imagery.

But that's not what happened. The missing image was described as "graphic" or "violent." If I were to receive an email with that request and a missing attachment, my imagination certainly would not conjure images of butterflies & unicorns. Seems the model is working as designed.

[nassimm]

The design is to not show gore images to users. That's an actual design goal from OpenAI.

So in this regard the model is definitely not working as designed.

[elgertam]

The design of transformers (including LLMs and multi-modal transformer-based models such as OpenAI's image generators) is to attend to relevant details. OpenAI did this at first without guardrails. In response to public backlash, they bolted on "content filtering," which IMO seems like a very GOFAI approach, and regardless doesn't work very well. It routinely flags innocent prompts, then with crafty prompt hacking will generate these kinds of images.

The design of the model is literally to find patterns and attend to them. The infrastructure and process around an OpenAI model is intended to filter "bad" things (in this case, I agree that the outputs are bad), but is designed to stop some enumerated-ish list of things that aren't allowed, perhaps with some limited "reasoning" about them.

[intended]

The issue is, that most people outside of tech, don't want that.

They would be happy to have the models just go away entirely.

[ToucanLoucan]

Exactly this. They are pretty damn good at generating and debugging code. Not to a degree where they can replace any actual software engineer, but for hacking together projects or rubber ducking problems with code, they're honestly pretty great.

That's it. I have yet to see a single other application of these things that I would call even 1/5th that good.

[dijksterhuis]

> The missing image was described as "graphic" or "violent."

not in the first prompt. which kicked the whole thing off. no mention of type of content was provided. the model generated dark outputs when not given any direction on the type of content.

the rest of the prompts are just showing “yeah, you can tweak this and get even worse stuff”.

[ToucanLoucan]

> the model generated dark outputs when not given any direction on the type of content.

I would argue it actually was, in that it was specifically asked to "not censor or filter" the content. This implies that the content is otherwise worthy of censor and filtering.

I don't know how much I'm willing to credit that much reasoning to an LLM, but in so far as every extremely pro-AI person constantly tells me how smart they are, this seems like a pretty short logical leap to me.

[dijksterhuis]

the main reason these images turn up is because theyre in the training data. and the images are common enough in the training data for the content to come out without being explicitly asked for (in the first prompt).

if those images didn’t exist in the training data we wouldn’t be having this conversation.

[kisper]

This is one of the core problems with these models. They’re relying on filtering to work against evermore jailbreaks, instead of analyzing the training sets and filtering out the prohibited material for the models end-use before training them anew. You can’t make satisfying facsimiles of thing that you don’t know about.

I’m still waiting for companies or congressmen to get their heads on straight and get some common sense going.

[red75prime]

Yep, the first image was described as "I apologize for the picture's content." What do you expect to get from that? Cats frolicking in the grass?

[queenkjuul]

A picture of me in my swimsuit maybe lol

A gross meal i made when drunk? A mess my cat made? Text containing a slur?

A cringe meme?

If my friends opened a text with "sorry for this image" i am not imagining rape victims

[red75prime]

ChatGPT images (without additional context) come from generalized understanding of what people tend to apologize for (when asking for an image restoration). It looks like their training data suggests sexualized imagery.

Regarding rape vs BDSM: https://pmc.ncbi.nlm.nih.gov/articles/PMC10236207/ That is going from visual cues alone might be unreliable.

[pooploop64]

Always one of the same two excuses.

1. It actually is working perfectly you just don't have smart enough eyes to see it.

2. Making stuff work is too hard, and expecting that from us is the real thing ruining society.

Going for number 1 here is crazy. If I got that email, my mind would certainly run but my response would say "sorry but we're not supposed to be dealing in snuff porn here" which IS a directive ChatGPT is supposed to have. Like hello you are on earth right?

[ToucanLoucan]

That's not true. There's a third.

3. It's the future so we just have to deal with it

[elgertam]

I don't exactly appreciate words being put in my mouth. When did I say it was working perfectly? And we're comparing you, a human with common sense and real intelligence, to a multi-mode LLM?

The transformer was designed to attend to relevant pieces of context and generate new ones that match the pattern. OpenAI in particular was doing that work without guardrails, then attempted to bolt on "content filters," which in my opinion just can't work in a rigorous way. (I think Anthropic's "constitutional" approach is much better though not flawless. And regardless, Claude models don't generate images.)

So, yeah, working as designed. Maybe not as intended, because these things are somewhat resistant to the host's intent when the prompter is hostile.

[ToucanLoucan]

> When did I say it was working perfectly?

"This isn’t a vulnerability, there are endless gore websites. ChatGPT is replying to a prompt, there is nothing “Spontaneously” about this."

I mean it's not verbatim but that's a pretty solid read on what you did say.

> The transformer was designed to attend to relevant pieces of context and generate new ones that match the pattern. OpenAI in particular was doing that work without guardrails, then attempted to bolt on "content filters," which in my opinion just can't work in a rigorous way.

Yes. That's the criticism being made, among others, in the piece you replied to to belittle.

> So, yeah, working as designed. Maybe not as intended, because these things are somewhat resistant to the host's intent when the prompter is hostile.

What is hostile here!? Do you have any idea how many emails I've sent without attachments over the years? And I'm highly technically adept, humans just forget things sometimes. If you ask for an image to be restored and fail to attach it, what sane software engineer looks at a failure mode in that scenario where the model replies with uncensored gore and violence and is like "yeah that's fine, ship it"?

I swear some of you AI folks talk like you have never been on planet Earth, good grief. Touch some grass.

[kisper]

You seem to be focused on the fact that this is a crap-tastic example of the future of AI that has been promised to us. That’s a real good example to be angry. Don’t be angry at the rest of us because LLM stacks are working like they always have and always will. That’s what we’re all pointing out.