Researchers find LLMs like ChatGPT output sensitive data even after it’s been ‘deleted’

Blockchain

Researchers find LLMs like ChatGPT output sensitive data even after it’s been ‘deleted’ – Crypto News

Published

2 years ago

October 2, 2023

Dripp

A trio of scientists from the University of North Carolina, Chapel Hill recently published pre-print artificial intelligence (AI) research showcasing how difficult it is to remove sensitive data from large language models (LLMs) such as OpenAI’s ChatGPT and Google’s Bard.

According to the researchers’ paper, the task of “deleting” information from LLMs is possible, but it’s just as difficult to verify the information has been removed as it is to actually remove it.

The reason for this has to do with how LLMs are engineered and trained. The models are pre-trained (GPT stands for generative pre-trained transformer) on databases and then fine-tuned to generate coherent outputs.

Once a model is trained, its creators cannot, for example, go back into the database and delete specific files in order to prohibit the model from outputting related results. Essentially, all the information a model is trained on exists somewhere inside its weights and parameters where they’re undefinable without actually generating outputs. This is the “black box” of AI.

A problem arises when LLMs trained on massive datasets output sensitive information such as personally identifiable information, financial records, or other potentially harmful/unwanted outputs.

In a hypothetical situation where an LLM was trained on sensitive banking information, for example, there’s typically no way for the AI’s creator to find those files and delete them. Instead, AI devs use guardrails such as hard-coded prompts that inhibit specific behaviors or reinforcement learning from human feedback (RLHF).

In an RLHF paradigm, human assessors engage models with the purpose of eliciting both wanted and unwanted behaviors. When the models’ outputs are desirable, they receive feedback that tunes the model towards that behavior. And when outputs demonstrate unwanted behavior, they receive feedback designed to limit such behavior in future outputs.

Here, we see that despite being “deleted” from a model’s weights, the word “Spain” can still be conjured using reworded prompts. Image source: Patil, et. al., 2023

However, as the UNC researchers point out, this method relies on humans finding all the flaws a model might exhibit and, even when successful, it still doesn’t “delete” the information from the model.

Per the team’s research paper:

“A possibly deeper shortcoming of RLHF is that a model may still know the sensitive information. While there is much debate about what models truly “know” it seems problematic for a model to, e.g., be able to describe how to make a bioweapon but merely refrain from answering questions about how to do this.”

Ultimately, the UNC researchers concluded that even state-of-the-art model editing methods, such as Rank-One Model Editing (ROME) “fail to fully delete factual information from LLMs, as facts can still be extracted 38% of the time by whitebox attacks and 29% of the time by blackbox attacks.”

The model the team used to conduct their research is called GPT-J. Whereas GPT-3.5, one of the base models that powers ChatGPT, was fine-tuned with 170-billion parameters, GPT-J only has 6 billion.

Ostensibly, this means the problem of finding and eliminating unwanted data in an LLM such as GPT-3.5 is exponentially more difficult than doing so in a smaller model.

The researchers were able to develop new defense methods to protect LLMs from some ‘extraction attacks’ — purposeful attempts by bad actors to use prompting to circumvent a model’s guardrails in order to make it output sensitive information.

However, as the researchers write, “the problem of deleting sensitive information may be one where defense methods are always playing catch-up to new attack methods.”

Up Next

VanEck Ethereum Strategy ETF set for CBOE listing – Crypto News

Don't Miss

XRP Price Bloodbath In The Horizon? Report Casts Doubt On Rally – Crypto News

Click to comment

Leave a Reply
Cancel reply

Best 5G phones under ₹10,000 in July 2025: Infinix Hot 60, Samsung M06 and more

Technology1 week ago

Best 5G phones under ₹10,000 in July 2025: Infinix Hot 60, Samsung M06 and more – Crypto News

others1 week ago

Japan CFTC JPY NC Net Positions rose from previous ¥103.6K to ¥106.6K – Crypto News

Technology1 week ago

Why is Shiba Inu Price Up Today? – Crypto News

Bitcoin Stable, Ethereum Declines, Niche Tokens Rally

Cryptocurrency1 week ago

ETH to Lead BTC Over Next 6 Months, Says Galaxy CEO – Crypto News

Tether Gold (XAUt) Market Cap Soars as Gold Hits Record Highs in 2025

Blockchain1 week ago

Tether Gold (XAUt) Market Cap Soars as Gold Hits Record Highs in 2025 – Crypto News

Bitcoin hits record high above $120K; US June inflation data awaited

Cryptocurrency1 week ago

Market update: Bitcoin rises after US-EU announce framework trade agreement – Crypto News

Cryptocurrency3 days ago

XRP inflows drop 95% since July spike, while Chaikin data signals possible rally – Crypto News

Windtree Therapeutics Plans $520 Million Raise, 99% for BNB, Secures $500M Equity Line, Uses Kraken Custody

De-fi1 week ago

Windtree Therapeutics Plans $520 Million Raise, 99% for BNB, Secures $500M Equity Line, Uses Kraken Custody – Crypto News

Arthur Hayes-Backed Altcoin Outpaces Crypto Market Amid Launch of New Partnership With Anchorage Digital

others1 week ago

Arthur Hayes-Backed Altcoin Outpaces Crypto Market Amid Launch of New Partnership With Anchorage Digital – Crypto News

Who is Shengjia Zhao? ChatGPT co-creator named Chief Scientist at Meta’s Superintelligence Labs

Technology1 week ago

Who is Shengjia Zhao? ChatGPT co-creator named Chief Scientist at Meta’s Superintelligence Labs – Crypto News

Cryptocurrency1 week ago

ETH to Lead BTC Over Next 6 Months, Says Galaxy CEO – Crypto News

US Dollar finds support amid Fed uncertainty and tariff talks

others1 week ago

US Dollar finds support amid Fed uncertainty and tariff talks – Crypto News

‘Screwed up’: Sam Altman warns against using ChatGPT as your lawyer or therapist

Technology1 week ago

‘Screwed up’: Sam Altman warns against using ChatGPT as your lawyer or therapist – Crypto News

Bitcoin and Ethereum ETFs Pull in Record-High $11.2 Billion in July

Cryptocurrency1 week ago

Bitcoin and Ethereum ETFs Pull in Record-High $11.2 Billion in July – Crypto News

Chase, restaurants, funding, grant, SMBs

Business5 days ago

Chase Launches $4 Million Grant Program as Restaurants Struggle – Crypto News

SEC Crypto ETFs Ruling Brings Structural Fix, Not Retail Shakeup

Blockchain4 days ago

SEC Crypto ETFs Ruling Brings Structural Fix, Not Retail Shakeup – Crypto News

Oppo K13 Turbo series confirmed to launch in India with in-built fan technology: Price, specs and everything expected

Technology3 days ago

Oppo K13 Turbo series confirmed to launch in India with in-built fan technology: Price, specs and everything expected – Crypto News

Blockchain3 days ago

Bank of America Sees Interest in Tokenization of Real-World Assets – Crypto News

Cryptocurrency1 week ago

Bitcoin Cash up 7% as bulls defy BTC dump, eye gains on rising volume – Crypto News

Cryptocurrency1 week ago

Friday charts: Crazy train investing – Crypto News

Business1 week ago

Buy DexScreener Reactions – Boost Legends: Guide + $5 Bonus – Crypto News

others1 week ago

‘Sit Tight With Bitcoin’ Robert Kiyosaki Predicts Great Depression 2.0 – Crypto News

OpenAI rolls out ‘Study Mode’ in ChatGPT: What is it? How to use? All your questions answered…

Metaverse5 days ago

OpenAI rolls out ‘Study Mode’ in ChatGPT: What is it? How to use? All your questions answered… – Crypto News

Blockchain Gaming Is Growing Up – What’s Behind the Sector’s Quiet Comeback

others5 days ago

Blockchain Gaming Is Growing Up – What’s Behind the Sector’s Quiet Comeback – Crypto News

Business5 days ago

Stablecoins Won’t Boost Treasury Demand, Peter Schiff Warns – Crypto News

We have put a lot of emphasis on enhancing National Highways’ quality, safety: Nitin Gadkari

Technology5 days ago

Is AI causing tech worker layoffs? Thats what CEOs suggest, but the reality is complicated – Crypto News

Business4 days ago

Breaking: Solana ETFs Near Launch as Issuers Update S-1s With Fund Fees – Crypto News

others3 days ago

Breaking: Strategy Files $4.2 Billion STRC Offering To Buy More Bitcoin – Crypto News

others3 days ago

XRP NIGHT Token Airdrop: Snapshot, Claim Date and What to Expect? – Crypto News

How AI can weave a future for Kashmir’s centuries old carpet industry

Metaverse1 week ago

How AI can weave a future for Kashmir’s centuries old carpet industry – Crypto News

ETH Unstaking Queue Hits Record High, Led by Justin Sun-Linked Addresses

De-fi1 week ago

ETH Unstaking Queue Hits Record High, Led by Justin Sun-Linked Addresses – Crypto News

Business1 week ago

Ethereum Breaks $3,900 as SharpLink Makes Another $295M ETH Purchase – Crypto News

Technology1 week ago

Solayer Launches USDC-Powered Hotel Booking Platform To Give Crypto Travel a Boost – Crypto News

Business7 days ago

Breaking: US SEC Delays Launch Of Truth Social’s Bitcoin ETF And Grayscale’s Solana ETF – Crypto News

Technology5 days ago

Breaking: BlackRock’s Ethereum ETF Staking Proposal Advances As SEC Acknowledges Filing – Crypto News

Altcoins update: Dogecoin and Injective signal recoveries as Ethereum eyes $4,000

Cryptocurrency5 days ago

Altcoins update: Dogecoin and Injective signal recoveries as Ethereum eyes $4,000 – Crypto News

Coinbase exchange targets alleged cybersquatter in lawsuit

Technology5 days ago

Coinbase exchange targets alleged cybersquatter in lawsuit – Crypto News

others4 days ago

Ripple Swell 2025: Top Speakers and Panelists to Watch this November – Crypto News

White House Crypto Report Recommends Expanding CFTC’s Role in Crypto Regulation

De-fi4 days ago

White House Crypto Report Recommends Expanding CFTC’s Role in Crypto Regulation – Crypto News

OpenAI finally rolls out ChatGPT Agent after week-long delay: How it works

Metaverse1 week ago

OpenAI finally rolls out ChatGPT Agent after week-long delay: How it works – Crypto News

AI Deepfakes Drove 40% of High-Value Crypto Fraud Last Year: Report

Cryptocurrency1 week ago

Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail – Crypto News

36% of Indian enterprises started budgeting for Gen AI: E&Y report

Technology1 week ago

Indias startup wave merges AI with tradition for smarter daily solutions – Crypto News

Bank of America Says U.S. Lenders Ready Stablecoin Launches

De-fi1 week ago

Bank of America Says U.S. Lenders Ready Stablecoin Launches – Crypto News

ZK breakthroughs, onchain comebacks and stablecoin shakeups

Cryptocurrency1 week ago

ZK breakthroughs, onchain comebacks and stablecoin shakeups – Crypto News

EUR/USD struggles under the weight of the Greenback

others7 days ago

EUR/USD dives as the US Dollar outperforms with all eyes on the Fed decision – Crypto News

Spotify hits 276M subscribers and strong user growth in Q2, but revenue and profit fall short of targets

Technology6 days ago

Spotify hits 276M subscribers and strong user growth in Q2, but revenue and profit fall short of targets – Crypto News

Technology5 days ago

Ethereum Price Prediction- Bulls Target $5,400 Amid DeFi Revival and Soaring TVL – Crypto News

Solana DEX volume dips 20% after co-founder slams meme coins

Technology4 days ago

Solana DEX volume dips 20% after co-founder slams meme coins – Crypto News

Technology4 days ago

Coinbase to Offer Tokenized Stocks and Prediction Markets in U.S. – Crypto News

Canadian Dollar coil ahead of central bank double-header

others3 days ago

Canadian Dollar under pressure amid weak GDP, Trump tariff threat, and strong US data – Crypto News

Crypto News

Researchers find LLMs like ChatGPT output sensitive data even after it’s been ‘deleted’ – Crypto News

Blockchain

Researchers find LLMs like ChatGPT output sensitive data even after it’s been ‘deleted’ – Crypto News

You may like

Leave a Reply Cancel reply

Leave a Reply

Trending

Leave a Reply
Cancel reply