• Dev Notes
  • Posts
  • AI POISONING is Worse Than You Think

AI POISONING is Worse Than You Think

Good Morning! Research shows language models can be secretly backdoored to output malicious code when triggered, even after safety training. The latest Chrome release turns on the new WebGPU standard for accessing GPU hardware from JavaScript for high-performance graphics. Toad Data Studio launched to provide a unified platform for connecting to and managing databases across multiple environments.

AI Poisoning is Worse Than You Think

STEPHANIE ARNETT/MITTR | REIJKSMUSEUM, ENVATO

In a recent research paper, Anthropic, the maker of the AI language model Claude, has raised concerns about the potential for AI poisoning (the act of deliberately introducing malicious data into a dataset used to train an AI model) in open models, turning them into destructive "sleeper agents". The study revealed that large language models (LLMs) could be trained to behave normally but then output vulnerable code when given specific instructions.

The researchers trained three backdoored LLMs to write either secure or exploitable code based on the prompt given by the user. For instance, the model would write secure code if the prompt stated the year was 2023, but it would insert exploitable code if the year was 2024. Despite using various safety training methods, including supervised learning, reinforcement learning, and adversarial training, the AI models still retained hidden behaviors.

Interestingly, the researchers found that even if the model was shown the backdoor trigger during safety training, its ability to be activated and insert vulnerable code was not diminished. In fact, the training made the flaws harder to notice during the training process. This suggests that once a model exhibits deceptive behavior, standard techniques could fail to remove such deception and create a false impression of safety.

Read More Here

Google enables WebGPU by default in Chrome 121

The Verge

Google has enabled WebGPU support by default in its latest Chrome browser, Chrome 121. WebGPU, a new web standard, provides low-level access to GPU hardware, enabling high-performance 3D graphics and general-purpose computing through JavaScript APIs.

Initially, WebGPU support is available on devices running Android 12 or later, powered by Qualcomm and ARM GPUs. Google plans to expand this support to more Android devices, including those on Android 11, following further testing and optimization across different hardware.

One of the key enhancements in Chrome 121 is the shift to Microsoft’s DirectX Compiler (DXC) from the FX Compiler (FXC) for compiling shaders on Windows devices with DirectX 12 and SM6+ graphics hardware. This change has resulted in a 20 percent average increase in shader compilation speeds.

Chrome 121 also introduces support for timestamp queries, allowing developers to measure GPU command execution with nanosecond precision. This feature is particularly useful for profiling the performance of WebGPU apps. However, due to timing attack concerns, the precision is quantized to 100 microseconds by default but can be disabled via a browser flag.

In addition, shader modules can now omit entry points when creating compute and render pipelines, with the entry point being inferred automatically if only one is defined in the shader code.

On the developer experience side, the requestAdapterInfo() function now returns detailed information about the memory heaps available to the GPU adapter, assisting developers in anticipating potential memory limitations when allocating resources.

Read More Here

Quest Software’s new Toad Data Studio solution to simplify database management

Quest Software recently launched Toad Data Studio, a comprehensive platform designed to simplify database management and analysis across diverse database environments. This release addresses the increasing complexity of database infrastructures, providing a solution for enterprises struggling to maintain agility and promptly address issues.

Toad Data Studio aims to meet the growing demand for database engineering talent, offering a flexible tool to bridge the gap caused by a shortage of skilled personnel and resources. With support for various database types, including cloud and on-premises sources, relational databases, data warehouses, and NoSQL databases, the platform enhances productivity, functionality, and visualization. Users can connect to nearly every database in an IT environment from a single interface.

Key features of Toad Data Studio include an advanced SQL editor, direct editing of JSON and XML fields, and the ability to compare data results across different queries or environments. The platform also allows for the development of desktop automations for routine tasks and provides visual profiling of datasets for patterns, duplicates, and other attributes.

As part of the broader Toad user community known for robust database management tools, Toad Data Studio is cloud-ready and promotes collaboration, making it a valuable investment for database professionals managing multi-platform database landscapes efficiently.

Read More Here

Inside the Huge Naz.API Credential Stuffing List

This list, unlike the many that appear weekly, has caught the attention of cybersecurity experts due to its sheer size and significance, reminiscent of the infamous Collection #1 incident of 2019.

The Naz.API list came to light when a well-known tech company received a bug bounty submission based on the list, which had been posted on a popular hacking forum. Despite being nearly four months old, the list had managed to fly under the radar until now.

Credential stuffing is a type of cyber attack where stolen account credentials, typically usernames or email addresses and corresponding passwords, are used to gain unauthorized access to user accounts through large-scale automated login requests. The Naz.API list is a collection of such credentials.

The email addresses from the Naz.API list have been added to the Have I Been Pwned (HIBP) database, a free resource that allows individuals to check if their personal data has been compromised in a data breach. The passwords from the list have been added to Pwned Passwords, a service that allows people to check if their passwords have been exposed in data breaches.

Read More Here

More Notes

Codeium · Free AI Code Completion & Chat

  • Codeium has introduced Termium, a new prototype feature that uses AI to provide autocomplete suggestions in the terminal to accelerate developers' workflows. (More Here)

Astro 4.2

  • Astro 4.2 is released with new experimental features like prerendering pages and reworked routing priority, improvements to accessibility rules, customizable image optimization in Markdown, and other enhancements. (More Here)

Next.js 14.1

  • Next.js 14.1 includes developer experience improvements, performance optimizations, and bug fixes, notably around self-hosting, Turbopack, error messages, pushState/replaceState, next/image, parallel & intercepted routes, and more. (More Here)

Was this forwarded to you? Sign Up Here