Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
157
hpr_transcripts/hpr4067.txt
Normal file
157
hpr_transcripts/hpr4067.txt
Normal file
@@ -0,0 +1,157 @@
|
||||
Episode: 4067
|
||||
Title: HPR4067: Hacking AI Models to Protect your Livelihood
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4067/hpr4067.mp3
|
||||
Transcribed: 2025-10-25 19:12:17
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 4,067 for Tuesday 5 March 2024.
|
||||
Today's show is entitled Hacking I Models to Protect Your Livelihood.
|
||||
It is hosted by Hobbs and is about 19 minutes long.
|
||||
It carries an explicit flag.
|
||||
The summary is, listening to a TWIMLI podcast and reading Axel Rondo's Schiefy novel,
|
||||
I learned of four ways to hack I.
|
||||
Hi, this is Hobbs and I, co-author of Natural English Processing and Action.
|
||||
I want to talk to you, Hacker Public Radio, peeps, about four AI applications I learned about today.
|
||||
Fox is an application that can protect you from facial recognition software.
|
||||
It's named for Guy Fox, the face of hackers that call themselves anonymous.
|
||||
And then there's Glaze, a digital artwork, hardening application to protect artists from deep fakes.
|
||||
Then there's Nightshade, a blue pill for anyone that tries to steal your digital creations.
|
||||
And I'm talking about the blue pill in the Matrix series.
|
||||
And then there's the last one I want to talk about is the concept of agonomic organizations,
|
||||
which is the future of AI business in the modern world.
|
||||
So those first three applications were invented by Ben Zhao, a knee-bower professor at the University of Chicago.
|
||||
His PhD students created open source models and thousands of volunteer artists help to train it.
|
||||
They are using it to fight back against tech companies, blatantly disregarding privacy protection regulations,
|
||||
such as GDPR, the European regulations on data privacy.
|
||||
And they're also fighting to protect their own livelihoods.
|
||||
Many of these artists are finding that models like stable diffusion are often trained on their art
|
||||
so that others can imitate their art and pass it off as their own.
|
||||
So this is causing many of them to panic and actually decide on new careers after spending
|
||||
10 or 15 or even 20 years building up a reputation. Many of them are deciding to go drive Uber
|
||||
until this wonderful application came along.
|
||||
So the first one we want to talk about is Fox.
|
||||
So Fox is designed to protect you from facial recognition software.
|
||||
Zhao and his team figured out a way to subtly modify your selfies and profile pictures that you put
|
||||
online so that facial recognition software will falsely identify you as someone else,
|
||||
like Denzel Washington or even Guy Fox.
|
||||
The changes are so subtle that you won't even notice them in your own images,
|
||||
but the AI image processing software can't see past them.
|
||||
So they will always recognize you as whomever you have decided to
|
||||
perturb your images to look like.
|
||||
It's invisible to the human but impossible to see past for an AI.
|
||||
Pretty amazing and clever application.
|
||||
But that was several years ago that Zhao invented that particular algorithm.
|
||||
The next one he worked on was this one that is causing artists so much grief
|
||||
where stable diffusion trained on their works of art can imitate them
|
||||
and then of course flood the market with cheap knockoffs of their artwork.
|
||||
So a lot of bad actors are training AI models to imitate their style
|
||||
and this can ruin their livelihood if they've spent a decade or more building up their own
|
||||
reputation by sharing all their art online or selling it online.
|
||||
That art can then be used against them to destroy their livelihoods.
|
||||
Well, these anti-social AI businesses and individuals that are stealing these
|
||||
reputations are up against a new Zhao's new software called Glaze. Glaze protects your art
|
||||
in the same way that Fox protects your face. If someone decides to train their model
|
||||
on their stable diffusion model, it's stable diffusion is the text to image generation
|
||||
software that is open source that many people use to train because it's open source
|
||||
bad actors can train it on any kind of data they would like.
|
||||
And so they will often train it on stolen artwork or scraped artwork from websites.
|
||||
And so if someone does this to your art that's been glazed with this Glaze software from Zhao,
|
||||
then their models will you can force their models to incorrectly represent your art.
|
||||
So for instance, if you have a drawing of a cat, then you can force the model to see that
|
||||
as the drawing of a dog so that whenever it tries to imitate your style of drawing a cat,
|
||||
it will accidentally draw a dog. And perhaps when it tries to draw a dog, it will draw a cat.
|
||||
Likewise, you can also translate your own style to make it more like Salvador Dali or Picasso
|
||||
or whatever in the mind of the AI. This shows how a brittle and dumb really artificial intelligence
|
||||
often is. It takes very few pixel changes to confuse it. And it's not even visible to the human eye.
|
||||
A human would not be confused at all about these paintings. It doesn't destroy the retail value
|
||||
of this artwork in any way. Still, the cat looks like a beautiful cat, but the AI simply can't recognize
|
||||
it as a cat. So that brings us to the third image generation software that Zhao has created.
|
||||
He's not yet released it to the public, but it is available to these artists that have helped him
|
||||
train it as part of his Alpha testing program. And it's soon in the next few days or weeks,
|
||||
it's likely to come online and you'll see a lot of it, a lot of talk about it in the news.
|
||||
This application is called Nightshade. The Nightshade model anticipates the prompts that would be
|
||||
associated with a particular painting or work of art that you have drawn yourself and put up online.
|
||||
And so then it takes that text encoding, or what's called an embedding vector for that image.
|
||||
And it perturbs it slightly. And by changing some of the pixels again, but this time,
|
||||
it's going to change the actual subject matter of the image. So rather than making it look
|
||||
like a Picasso or a Salvador Dali, it's going to make it look like a completely different kind of
|
||||
object. It's basically going to force the model to hallucinate. hallucination is when the model
|
||||
goes off the rails and starts to draw things that are not at all related to the prompt, the text
|
||||
proper instructions that you've given the model. So these tiny and visible changes can
|
||||
do what's called poisoning to someone else's model that they have trained on your images
|
||||
that have been poisoned. So this is like the the blue pill and the matrix movies where if an AI
|
||||
or some member of one of these agents, one of the agents in this alternate universe
|
||||
or of these AI models that live in these corporations, if they take this pill, if they take this
|
||||
image into their training, then they will be stuck in that virtual world of illusion and hallucination.
|
||||
And surprisingly, it only takes 100 or so poisoned images to completely corrupt the model.
|
||||
And any related subject matter, like let's say you had paintings of mountains that were drawn
|
||||
that were forced to be recognized as, say, large ocean waves and cats that were recognized as dogs
|
||||
and so on, then that would bleed over into all sorts of other similar objects like other animals
|
||||
or pets might be misrecognized as well. And other scenes like of lakes or rolling hills or farmland
|
||||
or even barns might be misrecognized as mountains or ocean waves. And so your your models,
|
||||
the entire model and this doesn't so this doesn't affect just the the style when when someone prompts
|
||||
a model to imitate your style, your artist style, then it also affects all the other images
|
||||
that is trying to generate. So whenever it tries to generate a wave or a mountain or a cat or a dog
|
||||
or our other animals or other scenes, it will likely hallucinate and which really destroys the
|
||||
commercial value of these models that have been trained on stolen data and that's the whole point.
|
||||
You want to relegate these models to this alternate universe where they are
|
||||
being this where they're relegated to being slaves basically of the rest of us human beings out
|
||||
in the real world trying to live. So these these large corporations and their AI models become
|
||||
worthless. So it's a wonderful trend that we're seeing lately in these countermeasures to AI
|
||||
deepfakes. And that brings me to the last example I want to talk about which is the culmination of
|
||||
all the stegonography and watermarking tools that developed by Zah. So this is a concept invented by
|
||||
Charles Strauss in 2005 so almost 20 years ago. For generative AI and natural language and art
|
||||
only became popular in the last couple years so Strauss was way ahead of his time. His sci-fi novel
|
||||
titled Accelerando opens with a short story titled Lobsters where he describes how in 2020 there
|
||||
will be these federated agonmic organizations. So agonmic is a concept where it's associated with
|
||||
economics and in normal competitive capitalism economics everyone is trying to aggregate capital
|
||||
or money to themselves. And in an agonmic economic system these organizations are trying to give away
|
||||
everything. They are it's a concept that can only exist in a post scarcity world and that's the
|
||||
world that Strauss was envisioning. And so he created these agonmic organizations that are
|
||||
distributed in the cloud or federated out in the cloud. I'm calling them Fals and you'll
|
||||
understand why and a little bit like federated agonmic organizations FA. Perhaps you've heard
|
||||
of the word DAO and this is not the Buddhist word DAO that I'm talking about but the crypto
|
||||
acronym called DAO for distributed autonomous organizations. And a DAO is designed like a big tech
|
||||
leech farm sucking up as much blood money as it can from you or anyone else that gets too close.
|
||||
So typically manage with some sort of a token an NFT or an actual Bitcoin based store of value
|
||||
in order to manage usually based on the Ethereum actually so that it can have an algorithm that
|
||||
actually runs the organization without any human involved except periodically modify that algorithm
|
||||
in order to make the founders a lot of money and to steal yours. But in contrast Strauss's
|
||||
agonmic organizations are focused only on giving others access to knowledge and patents and
|
||||
copyrights and they are designed to outcompete these anti-social greedy corporations at their own
|
||||
games including DAO's. In this sci-fi novel which is set in 2020 it starts out in 2020 the lobster's
|
||||
chapter but then as you move forward to about chapter three which is where I am now that brings you
|
||||
up to 2024 where these online agents powering these agonmic organizations become much like the
|
||||
Fediverse that you're seeing evolve out of the Twitter collapse applications such as mastodon or
|
||||
NVIDIA's these are federated social networks where agonmic organizations can thrive where agents
|
||||
can can gather up information from each other and share it with each other and a very open and
|
||||
agonmic sort of way. And these new AI algorithms developed by Ben Zal that are not in sci-fi but in
|
||||
the real world of the present these applications are going to be a major tool for any kind of
|
||||
agonmic organizations that do evolve to fight back against these organizations they will be going
|
||||
around and actively helping people add these watermarks to their images to either add poison pills
|
||||
or glazing to protect their style or even the fox watermarks to ensure that your images are
|
||||
false of your of your own face or falsely recognized by security cameras and other facial recognition
|
||||
algorithms. So that's the exciting news I have it's really it's an exciting time to be alive
|
||||
and I hope that you also have some exciting news so that you can share it with the hacker public
|
||||
radio audience out here there are perpetually low on on episodes and I'm recording this on my
|
||||
phone so you can see how easy it is to do and this is all just based on some notes I took from
|
||||
a sci-fi novel and a paper or two that I read actually a podcast that I listened to by an interview
|
||||
with Ben Zal. I'm sorry what was his name make sure I've got his name correct. Yes it is Ben Zal
|
||||
from the University of Chicago he's a new bower new bower professor any you be a you
|
||||
are which is a bunch of professors from around across the United States from other universities
|
||||
is beyond university Chicago they're working on social issues and culture issues and things like
|
||||
and so and there's lots of computer sciences involved and hackers like you so you can see how
|
||||
easy it is to record an episode and how much fun it can be and how much you can learn so I'll try
|
||||
to record future episodes myself that dive deeper into the some some of the basics of this kind
|
||||
of technology on vectors and linear algebra and statistics that you need to really understand
|
||||
how these AI algorithms work but hopefully you can do it as well because it takes a takes
|
||||
an agalmic world of people like you contributing your knowledge to the the federated world of
|
||||
all of this knowledge to keep it spinning and to keep the the more anti-social large corporations
|
||||
from devouring us with all of their their AI until next time this is Hobbson line signing off
|
||||
and as usual program or be programmed
|
||||
you have been listening to hacker public radio at hacker public radio does work today show
|
||||
was contributed by a hbr listener like yourself if you ever thought of recording or cast
|
||||
you click on our contribute link to find out how easy it really is hosting for hbr has been
|
||||
kindly provided by and onsthos.com the internet archive and our sims.net on the satellite status
|
||||
today's show is released under creative commons attribution 4.0 international license
|
||||
Reference in New Issue
Block a user