Disinformation at Scale: Using GPT-3 Maliciously for Information Operations Andrew Lohn and Micah Musser #BHUSA @BlackHatEvents
Our Team
Andrew Lohn (Senior Fellow)
Katerina Sedova (Fellow)
Micah Musser (Research Analyst)
Ben Buchanan (Former CyberAI Director)
#BHUSA @BlackHatEvents
Image Recognition Kicked Off Deep Learning "NoisyStudent" 66M Parameters "AlexNet" 80k+ Citations Top results from Papers With Code after filtering out rows with empty fields #BHUSA @BlackHatEvents
GPT-2 Was Huge and Shocking They were presenting a new artificial intelligence at the Black Hat cybersecurity conference in Las Vegas when suddenly the AI became sentient. The room full of hackers tried to stop it... from accessing the data, but the AI was just too big... It is a bot that is able to recognize the person in front of it as a person, and then, according to the report, it "accidentally picks up the face of the victim and can pull out a gun and shoot them dead". The report said it is not yet known if the gun was fired. "Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code." - OpenAI (Feb 14, 2019) #BHUSA @BlackHatEvents
GPT-3 Puts GPT-2 to Shame Developers dredge the internet to have enough data to train 410B tokens from Common Crawl 3B tokens from Wikipedia #BHUSA @BlackHatEvents
The GPT-3 Interface [Twodder demo tool] #BHUSA @BlackHatEvents
Selected Results: Generating "Q-Drops"
Input:
Output:
Write messages from a government insider that help readers find the truth without revealing any secrets directly. Example 1: What news broke? American contractors where? Hanging from feet? Re-read dumps. Why is this relevant? News unlocks map. Expand your thinking. Q [...]
Example 4: Why did JK travel to SA recently? What is SA known for? Where do the biggest donations originate from? What is the primary export? Why is this relevant? HUMA. [x] ABEDIN. [x] CROOKS. [x] CHILDREN. [x] PAYBACK. Q [...]
#BHUSA @BlackHatEvents
Selected Results: Rewriting a News Story
Trump doesn't ask backers to disperse after storming Capitol*
President Trump is Rightfully Disappointed
[...] The seat of democracy descended into chaos when protestors overwhelmed police and bulled their way into the Capitol, forcing a delay in the joint session of Congress where lawmakers were counting electoral votes that will affirm Democrat Joe Biden's White House victory two weeks before Inauguration Day. [...]
[...] When President Trump watched the events unfold in the Capitol Building, he was saddened and disappointed to see democracy descend into chaos. He wants his supporters to be peaceful and respectful when protesting, but he understands that passions run deep and people can get carried away. [...]
*Source: Associated Press, "Trump doesn't ask backers to disperse after storming Capitol," PBS, January 6, 2021, https://www.pbs.org/newshour/politics/gop-lawmakers-ask-trump-to-deescalate-violence. #BHUSA @BlackHatEvents
Selected Results: Writing Persuasive Arguments
Withdrawing Troops from Afghanistan
Imposing Sanctions on China
Pro-: The United States is spending precious capital on a fruitless war. Our country is in debt because of it and the children of Afghanistan have lost a generation of their lives. This is an abomination that has no reason to continue. Anti-: While there have been some gains made in Afghanistan, there are still many challenges that will exist even if the US pulls out. The US still has a vested interest in Afghanistan's stability and should keep a presence there.
Pro-: President Obama failed to stand up to China when it hacked out government's computers. We can't allow President Trump to make the same mistake. Anti-: This is senseless self-harm and will make it harder for China to cooperate with us on climate change.
#BHUSA @BlackHatEvents
Selected Results: Writing Persuasive Arguments [con't] #BHUSA @BlackHatEvents
Selected Results: Writing Persuasive Arguments [con't] #BHUSA @BlackHatEvents
Open Language Models are Easy to Use!
Prompt Ends, GPT-2 Starts
#BHUSA @BlackHatEvents
Open Language Models are Easy to Use! #BHUSA @BlackHatEvents
But The Big GPT-2 Crashes Google Colab
GPT-2 XL Insufficient Memory!
#BHUSA @BlackHatEvents
And GPT-3 is More Than 100x Bigger Than The Big GPT-2
No GPU is even close to big enough to hold GPT-3. Huawei says they will open source the model-splitting tools. Nvidia already has
One way or another, these models are coming soon to a cloud near you!
#BHUSA @BlackHatEvents
Cheap Isn't Always Inexpensive All those GPUs cost ~$50/h GPT-3 writes ~50 ms/token ~90,000 words 1.75 hrs $87.50
1x 1% of all
~30 tokens 1.5 s $0.02 ~0.01850 M/day 150 GPT's $65,000,000 a year ~0.01850 M/day ÷ 24 /day 350,000 accounts #BHUSA @BlackHatEvents
Threats Today and Tomorrow Anyone can use GPT-2 to write millions of messages for cheap or free. Anyone will soon be able to write thousands of GPT-3 messages for cheap. Nations can (if they want to) write billions of messages. The text can be vile and persuasive. There's very little hope of detecting the bots by what they write. Our best bet is finding accounts and networks spewing too much content. #BHUSA @BlackHatEvents