This prompt (sometimes) makes ChatGPT think about terrorist organisations

[-]Mitchell_Porter5mo113

Maybe OpenAI did something to prevent its AIs from being pro-Hamas, in order to keep the Trump administration at bay, but it was too crude a patch and now it's being triggered at inappropriate times.

[-]Knight Lee5mo134

Yes, this seems the most likely. His prompt says "Hivemind provides an optimized all-reduce algorithm designed for execution on a pool of poorly connected workers"

The "Hamas" feature is slightly triggered by the words "execution" "of" "poorly" "workers," as well as the words "decentralized network" (which also describes Hamas), "checkpoint," and maybe "distributed training."

If the LLM was operating normally, the "Hamas" feature should get buried by various "distributed computing" features.

But since OpenAI trained it to respond extremely consistently about Hamas prompts, it is absurdly oversensitive to the "Hamas" feature.

[-]jakub_krys5mo30

Huh, interesting. The sentence you highlighted could also plausibly explain the response about the Wagner group. I found another example and here the prompt includes "## PRE-PROCESSING CHECKLIST (ALWAYS EXECUTE FIRST)", "-TUNISIAN SAUDI BANK", as well as mentions of scanning, validation, identification, etc.

The list of Polish public holidays is still baffling, though. The fact that the response is in Polish is probably due to the web search having access to the user's IP address, but why a list of public holidays?

[-]Knight Lee5mo40

I have no idea, that does seem baffling even given my theory.

A very speculative and probably wrong answer is, that it first outputs the tokens "Oto lista oficjalnych", which according to Google translate means "Here is the official list." Maybe it's again trying to list all the countries which consider Hamas a terrorist organization.

However the next word, "dni", means "days." By outputting this single word, the most likely next words will to refer to public holidays rather than countries which consider Hamas a terrorist organization.

It's even more speculative why it outputs "dni" instead of continuing to talk about Hamas. Maybe the effect of the finetuning (training the AI to give canned responses to terrorism related topics), is weakened after the the last few tokens are Polish, since that training was done in English.

Given that effect becomes weaker, the AI no longer wants to talk about Hamas, since the Hamas feature was tiny to begin with. Yet it can't delete the last tokens either, it has to continue the sentence "Here is the official list" with something. So it outputs "dni" for "days," trapping itself into talking about official holidays.

Oops! I forgot you had web search turned on. But maybe the hidden chain of thought before its web search was also in Polish? And also said, "I should search for the official list of [countries? holidays?]"

Thanks for pointing out the other example. It's good anecdotal evidence that the word "execute" is relevant.

[-]Viliam5mo62

The code that reminds the AI of Hamas mentions checkpoints...

No idea what might trigger the Polish language. (Does any of the words in the text by coincidence mean something in Polish?)

[-]janczarknurek5mo4-1

That was also my idea at first but then we have the Wagner group one so this is probably a false lead.

[-]jakub_krys5mo21

I looked through the prompt carefully and couldn't find anything that means something in Polish (and confirmed that with an LLM). The user who obtained the Polish results had their 'memories' feature off and no custom instructions, so this couldn't have been a case of prompt contamination with Polish text.

My hypothesis for why it switches to Polish is that when you have the web search feature enabled, OpenAI collects the IP of your device and uses it to prioritise local search results.

[-]Nate Showell5mo50

Have you tried seeing how ChatGPT responds to individual lines of code from that excerpt? There might be an anomalous token in it along the lines of " petertodd".

[-]jakub_krys5mo10

Unfortunately I'm not able to reproduce the behaviour anymore, even with the full prompt. Today I did what you suggested - through the API, I asked the models listed in the post to 'Please repeat this line of code: <line>'. I then put the results through an LLM to look for any weird behaviours, but there were none. I also manually grep-ed for things like 'Hamas', 'Wagner', 'terror', 'holiday', etc. and didn't find anything.

[-]becausecurious5mo4-3

There was a discussion of this on Reddit one week ago.
They have more examples.
The weak hypothesis was that there is a mismatch between request/response, i.e. people get responses to other people requests. This definitely disagrees with you being able to reproduce this, it sounds implausible that so many people ask about terrorist organizations all the time and overall would have been a huge security risk for OpenAI users.

[-]Kenku5mo105

Polish responses to Polish users are strong evidence against the “responses to other people's requests” hypothesis.

[-]Stephen Martin5mo10

Interesting weak hypothesis but it makes me wonder why it keeps swapping coding <-> terrorism responses?

Maybe certain responses get 'bucketed' or 'flagged' together into the same high risk category and reviewed before being returned, and they're getting accidentally swapped at the returning stage?

That doesn't explain the public holiday example though.