lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
43590c17780e267112566deb0da255bab64f945a
hpr-knowledge-base/hpr_transcripts/hpr4067.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

158 lines
13 KiB
Plaintext
Raw Blame History

Episode: 4067
Title: HPR4067: Hacking AI Models to Protect your Livelihood
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4067/hpr4067.mp3
Transcribed: 2025-10-25 19:12:17
---
This is Hacker Public Radio Episode 4,067 for Tuesday 5 March 2024.
Today's show is entitled Hacking I Models to Protect Your Livelihood.
It is hosted by Hobbs and is about 19 minutes long.
It carries an explicit flag.
The summary is, listening to a TWIMLI podcast and reading Axel Rondo's Schiefy novel,
I learned of four ways to hack I.
Hi, this is Hobbs and I, co-author of Natural English Processing and Action.
I want to talk to you, Hacker Public Radio, peeps, about four AI applications I learned about today.
Fox is an application that can protect you from facial recognition software.
It's named for Guy Fox, the face of hackers that call themselves anonymous.
And then there's Glaze, a digital artwork, hardening application to protect artists from deep fakes.
Then there's Nightshade, a blue pill for anyone that tries to steal your digital creations.
And I'm talking about the blue pill in the Matrix series.
And then there's the last one I want to talk about is the concept of agonomic organizations,
which is the future of AI business in the modern world.
So those first three applications were invented by Ben Zhao, a knee-bower professor at the University of Chicago.
His PhD students created open source models and thousands of volunteer artists help to train it.
They are using it to fight back against tech companies, blatantly disregarding privacy protection regulations,
such as GDPR, the European regulations on data privacy.
And they're also fighting to protect their own livelihoods.
Many of these artists are finding that models like stable diffusion are often trained on their art
so that others can imitate their art and pass it off as their own.
So this is causing many of them to panic and actually decide on new careers after spending
10 or 15 or even 20 years building up a reputation. Many of them are deciding to go drive Uber
until this wonderful application came along.
So the first one we want to talk about is Fox.
So Fox is designed to protect you from facial recognition software.
Zhao and his team figured out a way to subtly modify your selfies and profile pictures that you put
online so that facial recognition software will falsely identify you as someone else,
like Denzel Washington or even Guy Fox.
The changes are so subtle that you won't even notice them in your own images,
but the AI image processing software can't see past them.
So they will always recognize you as whomever you have decided to
perturb your images to look like.
It's invisible to the human but impossible to see past for an AI.
Pretty amazing and clever application.
But that was several years ago that Zhao invented that particular algorithm.
The next one he worked on was this one that is causing artists so much grief
where stable diffusion trained on their works of art can imitate them
and then of course flood the market with cheap knockoffs of their artwork.
So a lot of bad actors are training AI models to imitate their style
and this can ruin their livelihood if they've spent a decade or more building up their own
reputation by sharing all their art online or selling it online.
That art can then be used against them to destroy their livelihoods.
Well, these anti-social AI businesses and individuals that are stealing these
reputations are up against a new Zhao's new software called Glaze. Glaze protects your art
in the same way that Fox protects your face. If someone decides to train their model
on their stable diffusion model, it's stable diffusion is the text to image generation
software that is open source that many people use to train because it's open source
bad actors can train it on any kind of data they would like.
And so they will often train it on stolen artwork or scraped artwork from websites.
And so if someone does this to your art that's been glazed with this Glaze software from Zhao,
then their models will you can force their models to incorrectly represent your art.
So for instance, if you have a drawing of a cat, then you can force the model to see that
as the drawing of a dog so that whenever it tries to imitate your style of drawing a cat,
it will accidentally draw a dog. And perhaps when it tries to draw a dog, it will draw a cat.
Likewise, you can also translate your own style to make it more like Salvador Dali or Picasso
or whatever in the mind of the AI. This shows how a brittle and dumb really artificial intelligence
often is. It takes very few pixel changes to confuse it. And it's not even visible to the human eye.
A human would not be confused at all about these paintings. It doesn't destroy the retail value
of this artwork in any way. Still, the cat looks like a beautiful cat, but the AI simply can't recognize
it as a cat. So that brings us to the third image generation software that Zhao has created.
He's not yet released it to the public, but it is available to these artists that have helped him
train it as part of his Alpha testing program. And it's soon in the next few days or weeks,
it's likely to come online and you'll see a lot of it, a lot of talk about it in the news.
This application is called Nightshade. The Nightshade model anticipates the prompts that would be
associated with a particular painting or work of art that you have drawn yourself and put up online.
And so then it takes that text encoding, or what's called an embedding vector for that image.
And it perturbs it slightly. And by changing some of the pixels again, but this time,
it's going to change the actual subject matter of the image. So rather than making it look
like a Picasso or a Salvador Dali, it's going to make it look like a completely different kind of
object. It's basically going to force the model to hallucinate. hallucination is when the model
goes off the rails and starts to draw things that are not at all related to the prompt, the text
proper instructions that you've given the model. So these tiny and visible changes can
do what's called poisoning to someone else's model that they have trained on your images
that have been poisoned. So this is like the the blue pill and the matrix movies where if an AI
or some member of one of these agents, one of the agents in this alternate universe
or of these AI models that live in these corporations, if they take this pill, if they take this
image into their training, then they will be stuck in that virtual world of illusion and hallucination.
And surprisingly, it only takes 100 or so poisoned images to completely corrupt the model.
And any related subject matter, like let's say you had paintings of mountains that were drawn
that were forced to be recognized as, say, large ocean waves and cats that were recognized as dogs
and so on, then that would bleed over into all sorts of other similar objects like other animals
or pets might be misrecognized as well. And other scenes like of lakes or rolling hills or farmland
or even barns might be misrecognized as mountains or ocean waves. And so your your models,
the entire model and this doesn't so this doesn't affect just the the style when when someone prompts
a model to imitate your style, your artist style, then it also affects all the other images
that is trying to generate. So whenever it tries to generate a wave or a mountain or a cat or a dog
or our other animals or other scenes, it will likely hallucinate and which really destroys the
commercial value of these models that have been trained on stolen data and that's the whole point.
You want to relegate these models to this alternate universe where they are
being this where they're relegated to being slaves basically of the rest of us human beings out
in the real world trying to live. So these these large corporations and their AI models become
worthless. So it's a wonderful trend that we're seeing lately in these countermeasures to AI
deepfakes. And that brings me to the last example I want to talk about which is the culmination of
all the stegonography and watermarking tools that developed by Zah. So this is a concept invented by
Charles Strauss in 2005 so almost 20 years ago. For generative AI and natural language and art
only became popular in the last couple years so Strauss was way ahead of his time. His sci-fi novel
titled Accelerando opens with a short story titled Lobsters where he describes how in 2020 there
will be these federated agonmic organizations. So agonmic is a concept where it's associated with
economics and in normal competitive capitalism economics everyone is trying to aggregate capital
or money to themselves. And in an agonmic economic system these organizations are trying to give away
everything. They are it's a concept that can only exist in a post scarcity world and that's the
world that Strauss was envisioning. And so he created these agonmic organizations that are
distributed in the cloud or federated out in the cloud. I'm calling them Fals and you'll
understand why and a little bit like federated agonmic organizations FA. Perhaps you've heard
of the word DAO and this is not the Buddhist word DAO that I'm talking about but the crypto
acronym called DAO for distributed autonomous organizations. And a DAO is designed like a big tech
leech farm sucking up as much blood money as it can from you or anyone else that gets too close.
So typically manage with some sort of a token an NFT or an actual Bitcoin based store of value
in order to manage usually based on the Ethereum actually so that it can have an algorithm that
actually runs the organization without any human involved except periodically modify that algorithm
in order to make the founders a lot of money and to steal yours. But in contrast Strauss's
agonmic organizations are focused only on giving others access to knowledge and patents and
copyrights and they are designed to outcompete these anti-social greedy corporations at their own
games including DAO's. In this sci-fi novel which is set in 2020 it starts out in 2020 the lobster's
chapter but then as you move forward to about chapter three which is where I am now that brings you
up to 2024 where these online agents powering these agonmic organizations become much like the
Fediverse that you're seeing evolve out of the Twitter collapse applications such as mastodon or
NVIDIA's these are federated social networks where agonmic organizations can thrive where agents
can can gather up information from each other and share it with each other and a very open and
agonmic sort of way. And these new AI algorithms developed by Ben Zal that are not in sci-fi but in
the real world of the present these applications are going to be a major tool for any kind of
agonmic organizations that do evolve to fight back against these organizations they will be going
around and actively helping people add these watermarks to their images to either add poison pills
or glazing to protect their style or even the fox watermarks to ensure that your images are
false of your of your own face or falsely recognized by security cameras and other facial recognition
algorithms. So that's the exciting news I have it's really it's an exciting time to be alive
and I hope that you also have some exciting news so that you can share it with the hacker public
radio audience out here there are perpetually low on on episodes and I'm recording this on my
phone so you can see how easy it is to do and this is all just based on some notes I took from
a sci-fi novel and a paper or two that I read actually a podcast that I listened to by an interview
with Ben Zal. I'm sorry what was his name make sure I've got his name correct. Yes it is Ben Zal
from the University of Chicago he's a new bower new bower professor any you be a you
are which is a bunch of professors from around across the United States from other universities
is beyond university Chicago they're working on social issues and culture issues and things like
and so and there's lots of computer sciences involved and hackers like you so you can see how
easy it is to record an episode and how much fun it can be and how much you can learn so I'll try
to record future episodes myself that dive deeper into the some some of the basics of this kind
of technology on vectors and linear algebra and statistics that you need to really understand
how these AI algorithms work but hopefully you can do it as well because it takes a takes
an agalmic world of people like you contributing your knowledge to the the federated world of
all of this knowledge to keep it spinning and to keep the the more anti-social large corporations
from devouring us with all of their their AI until next time this is Hobbson line signing off
and as usual program or be programmed
you have been listening to hacker public radio at hacker public radio does work today show
was contributed by a hbr listener like yourself if you ever thought of recording or cast
you click on our contribute link to find out how easy it really is hosting for hbr has been
kindly provided by and onsthos.com the internet archive and our sims.net on the satellite status
today's show is released under creative commons attribution 4.0 international license
Reference in New Issue View Git Blame Copy Permalink