Wednesday, July 15, 2026

Sheetz moves 838 stores off VMware: Broadcom created “too much uncertainty"


<p>Sheetz, a US convenience store chain, is moving its <a href="https://sheetzmenuu.com/sheetz-locations/">838 locations </a>off VMware.</p> <p>Sheetz has used VMware virtualization across two Dell R440/R450-series servers at each of its locations since 2019. Now it’s migrating 12 to 14 virtual machines (VMs) in each of its stores from VMware vSphere to StorMagic’s SvHCI, “with an additional two VMs to be replaced over the coming months to transition from Windows 10 to Windows 11,” Scott Robertson, infrastructure team manager at Sheetz, told Ars Technica via email. Ultimately, Sheetz will move about 11,000 VMs from Broadcom's virtualization platform. Sheetz is still running the original Dell server hardware.</p> <p>So far, Sheetz has finished migrating more than 600 stores, averaging 200 per month, according to a company announcement today. Sheetz should be finished with the migration in four months, the announcement said.</p><p><a href="https://arstechnica.com/information-technology/2026/07/sheetz-moves-838-stores-off-vmware-broadcom-created-too-much-uncertainty/">Read full article</a></p> <p><a href="https://arstechnica.com/information-technology/2026/07/sheetz-moves-838-stores-off-vmware-broadcom-created-too-much-uncertainty/#comments">Comments</a></p> Reference : https://ift.tt/FmdBCJE

When Career Risks Are Worth Taking


<img src="https://spectrum.ieee.org/media-library/an-illustration-of-stylized-people-wearing-business-casual-clothing.jpg?id=59104110&width=1245&height=700&coordinates=0%2C232%2C0%2C233"/><br/><br/><p><em>This article is crossposted from </em>IEEE Spectrum<em>’s careers newsletter. <a href="https://engage.ieee.org/Career-Alert-Sign-Up.html" rel="noopener noreferrer" target="_blank"><em>Sign up now</em></a><em> to get insider tips, expert advice, and practical strategies, <em><em>written i<em>n partnership with tech career development company <a href="https://www.parsity.io/" rel="noopener noreferrer" target="_blank">Parsity</a> and </em></em></em>delivered to your inbox for free!</em></em></p><p>Before we get into this week’s article, I’d love to hear from you. If you have a question about your career or an upcoming decision that <a href="https://docs.google.com/forms/d/e/1FAIpQLSdj_2BZIhrGF__7BCLH33zJ9NMv8C7Vsg9NNusASrYj7-9Idw/viewform" rel="noopener noreferrer" target="_blank">you want advice</a> about, you can ask it <a href="https://docs.google.com/forms/d/e/1FAIpQLSdj_2BZIhrGF__7BCLH33zJ9NMv8C7Vsg9NNusASrYj7-9Idw/viewform" rel="noopener noreferrer" target="_blank">here</a>. I’ll be reading through your responses and picking questions to answer on a regular basis. Now back to our regularly scheduled program.</p><h1>The Safest Career Move Is Often the Riskiest</h1><p>Software engineers have some of the shortest tenures of any white-collar profession. The average software engineer stays at a company for roughly two years, about half as long as workers in most other knowledge professions. The layoffs of the past few years have certainly highlighted this instability, but it was already there.</p><p>This isn’t an essay about a broken job market though. Rather, it’s about how to turn that instability to your advantage, which is something I’ve spent the last decade doing on purpose.</p><h2>Playing It Safe Was the Riskiest Option</h2><p>I switched careers into software in my 30s. I had a stable job at a community college, complete with a union and a pension. It was about as secure as a career gets, and I learned to program on the side.</p><p>Then I did something nearly everyone in my life considered reckless: I quit, leaving the secure job to become a junior developer at 31. My own mother was skeptical. I took the riskier job anyway, for two reasons: It was the work I actually wanted, and I could see potential.</p><p>My first development job was at a grocery retailer. Good people and a company I liked. But I kept meeting engineers earning twice my salary for the same work. In the San Francisco Bay Area, surrounded by some of the best engineering talent in the world, I realized my skills were stagnating.</p><p>So I left for a small startup. I learned more in nine months than I had in the previous two years, and my salary doubled.</p><p>Over the years I’ve come to treat career risk as something to manage deliberately. It falls into two categories.</p><h2>Take Risks With Your Job</h2><p>The first type of risk involves the job itself: Bet on yourself by striving for better roles and opportunities.</p><p>Job-hopping for money alone isn’t wrong, especially early on. But the returns shrink after the first few hops, and the stress of chasing a slightly bigger paycheck every year will wear you down.</p><p>There’s another career risk with rewards that compound: Seeking positions to work alongside the strongest engineers. </p><p>You might struggle to keep up. You might even get laid off. But the skills you absorb working alongside people better than you are the ones that create durable stability. You build marketable expertise, you see how different organizations actually operate, and every project becomes another tool you carry to the next opportunity. Working next to stronger engineers is a proven way to increase your own expertise.</p><p>If that feels too big, try volunteering for a project you have no idea how to do. The risk is that you fail in front of people. The reward is a new skill and a resume line that opens the next door.</p><p>Compare that with the “safe” path. </p><p>You stay at one company, assuming loyalty will be rewarded. It usually isn’t. And when you finally leave, by choice or not, you may find the skills you built are worth little on the open market. You might be the in-house expert in an aging tech stack while employers are hiring for more cutting edge technologies. Suddenly you’re competing against people with half your experience. </p><p>You could be taking on a risk you didn’t notice.</p><h2>Risk Your Time</h2><p>The second form is risking your time, which means betting on trends.</p><p>Some trends are non-negotiable. If you’re a software engineer, then cloud services, ReactJS, and AI are mainstream enough that ignoring them actively damages your career. A backend engineer who refuses to learn cloud architecture is volunteering for obsolescence.</p><p>The real gamble is with the smaller trends: the niche tools you stumble onto and find quietly interesting, with no idea whether they’ll matter.</p><p>About two and a half years ago, I learned about retrieval-augmented generation (RAG). Almost no one in my circle was talking about vector databases, a central piece of RAG. Today RAG is close to mainstream, and for once, I had the early-adopter advantage.</p><p>Most of these bets don’t pay off. But when one turns into a major trend, you’re already on the ground floor. Right now I’m making the same bet on voice AI. It isn’t mainstream. It may never be. But if it becomes the next thing, I’m already there, building a foundation.</p><h2>Short-Term Risk, Long-Term Stability</h2><p>Counter-intuitively, job-hopping and betting on trends gave me the thing I was after the whole time: stability. I’ve rarely struggled to find work, because every risky move stacked skills the market actually wanted.</p><p>If you feel stable and comfortable right now, enjoy it. But ask yourself whether you’re still learning. Because if you’re not, the comfortable choice and the dangerous one may have converged.</p><p>The goal isn’t to avoid the open market forever. It’s to make sure that when you land on it, you’re not at its mercy.</p><p>By Brian Jenney</p><p>P.S. Don’t forget to submit questions about your career or an upcoming decision that you want advice about <a href="https://docs.google.com/forms/d/e/1FAIpQLSdj_2BZIhrGF__7BCLH33zJ9NMv8C7Vsg9NNusASrYj7-9Idw/viewform" rel="noopener noreferrer" target="_blank">here</a>!</p><p><span>—Brian</span></p><h2><a href="https://spectrum.ieee.org/ai-in-mathematics" target="_self">What It Means to Be a Mathematician When AI Does the Math</a></h2><p>Until recently, human mathematicians have been central to creating new proofs, even when the work relies on massive computational resources. AI is now challenging that status quo. Writer Benjamin Skuse surveys the ongoing debate in the field about the role of AI, and the existential questions mathematicians have about their own careers. If AI mathematicians surpass human knowledge, could these researchers become “priests to oracles”?</p><p><a href="https://spectrum.ieee.org/ai-in-mathematics" target="_blank">Read more here. </a></p><h2><a href="https://spectrum.ieee.org/ai-chip-design-fab-ucla" target="_self">Chip R&D Is Accelerating to Keep Pace with AI</a></h2><p>A new partnership between UCLA and five major semiconductor companies is the latest program aiming to bridge the gap between industry and academia. The US $125 million university-industry hub is meant to strengthen collaboration and speed up the R&D process to help meet AI’s fast-paced hardware demands. </p><p><a href="https://spectrum.ieee.org/ai-chip-design-fab-ucla" target="_blank">Read more here. </a></p><h2><a href="https://spectrum.ieee.org/mentorship-is-an-underrated-leadership-skill" target="_self">Why Mentorship Is the Most Underrated Leadership Skill</a></h2><p>True mentorship is far more than friendly advice. This key leadership skill requires advocacy and honest feedback via lasting relationships, and it can strongly benefit both mentor and mentee. Parul Jain, a product management leader at Deloitte, shares what she learned from serving as a mentor—something she didn’t have for much of her own early career. </p><p><a href="https://spectrum.ieee.org/mentorship-is-an-underrated-leadership-skill" target="_blank">Read more here. </a></p> Reference: https://ift.tt/HTwz6oX

Windows 0-day drops the same day Microsoft releases record number of patches


<p>Right on the heels of Microsoft releasing a <a href="https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/">record number</a> of security patches, a researcher has published exploit code that can enable low-privilege Windows accounts to make sensitive changes to administrator accounts.</p> <p>The exploit, which multiple researchers <a href="https://infosec.exchange/@wdormann/116925149776495861">say</a> <a href="https://infosec.exchange/@GossiTheDog@cyberplace.social/116924831427611458">works</a>, is sending Microsoft scrambling, yet again, to patch a zero-day released by an anonymous researcher who has complained about the software maker’s handling of their bug reports. To date, the pseudonymous NightmareEclypse has published nine such exploits, including <a href="https://blog.projectnightcrawler.dev/posts/2026-07-14-legacyhive-public-disclosure/">Tuesday’s HiveLegacy</a>. The researcher said the proof-of-concept code included in the report was stripped down to prevent attackers from using it maliciously.</p> <h2>A “pretty powerful primitive”</h2> <p>HiveLegacy is an elevation-of-privilege exploit that targets a vulnerability residing in the Windows User Profile Service. It allows users (and with more work likely processes) with limited system rights to compromise an admin user's account by modifying its <a href="https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users">classes registry hive</a>, a resource that ensures the correct application opens when certain types of files are clicked on in Windows Explorer.</p><p><a href="https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2026/07/windows-0-day-drops-the-same-day-microsoft-releases-record-number-of-patches/#comments">Comments</a></p> Reference : https://ift.tt/DZJNWvB

Notice to Membership


<img src="https://spectrum.ieee.org/media-library/a-word-bubble-with-the-ieee-inside.jpg?id=25592350&width=1245&height=700&coordinates=0%2C116%2C0%2C117"/><br/><br/><p><span>As of 21 June 2026, a Level 1 Expulsion has been imposed on IEEE Member Dr. Fei-Yue Wang, former editor-in-chief of the <a href="https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=7274857" target="_blank"><em><em>IEEE Transactions on Intelligent Vehicles</em></em></a>. In accordance with <a href="https://www.ieee.org/about/corporate/governance" rel="noopener noreferrer" target="_blank">IEEE Bylaw</a> I-110.5(D)(i), Dr. Wang is no longer a member of IEEE, and is permanently banned from any type of membership in any IEEE organizational unit or participation in any IEEE activity. The <a href="https://www.ieee.org/about/corporate/board" rel="noopener noreferrer" target="_blank">Board of Directors</a> also determined this notice to IEEE membership should be made. </span></p> Reference: https://ift.tt/FKyB5VL

The First Chatbot’s Multiple Personalities


<img src="https://spectrum.ieee.org/media-library/photo-collage-of-a-charismatic-elderly-man-raising-his-eyebrows-against-a-background-of-obscured-computer-programming-script.jpg?id=67155632&width=1245&height=700&coordinates=0%2C0%2C0%2C0"/><br/><br/><p class="intro-text"><em>ELIZA is remembered as the world’s first AI star, a kindly therapist in chatbot form that gently probed users’ worries. Even its creator, Joseph Weizenbaum, was surprised by the warm reception given to his experiment in human-machine interaction. For some, it heralded an age of automated psychotherapy, while others believed the program demonstrated sentience, a fallacy soon known as the “<a href="https://spectrum.ieee.org/why-people-demanded-privacy-to-confide-in-the-worlds-first-chatbot" target="_self">ELIZA effect</a>.” Based on published descriptions, ELIZA has been implemented on many different computers, but only recently has <a href="https://sites.google.com/view/elizaarchaeology/code" rel="noopener noreferrer" target="_blank">the actual source code</a> been unearthed from <a href="https://archivesspace.mit.edu/" rel="noopener noreferrer" target="_blank">MIT’s archives</a>. </em></p><p><em>In <a href="https://mitpress.mit.edu/9780262052481/inventing-eliza/" target="_blank">Inventing ELIZA: How the First Chatbot Shaped the Future of AI</a>, just published by <a href="https://mitpress.mit.edu/" rel="noopener noreferrer" target="_blank">MIT Press</a>, a squad of researchers analyze the code and reveal a complex program capable of much more than faking psychiatry. In fact, it could assume several different personas. The authors have also created <a href="https://sites.google.com/view/elizaarchaeology/try-eliza" rel="noopener noreferrer" target="_blank">a faithful emulation of the therapist persona that you can try yourself</a></em><span><em> after reading the book excerpt below.</em></span></p><p class="drop-caps">W<strong>hen it debuted in</strong> the mid-1960s, the ELIZA software program transformed the way people thought about interacting with computers. As the first chatbot, ELIZA demonstrated how a calculation machine might engage in conversation, ushering in a host of social and technical questions that still resonate today. Now we don’t think twice about interacting with a machine in real time, conversing over text, or even speaking into the air to ask about the weather. In many ways, ELIZA shaped not only the way we think about <em><em>interacting</em></em> with computers but also how we think <em><em>about</em></em> them. It began to give a reality to the <a href="https://spectrum.ieee.org/tag/science-fiction" target="_blank">science fiction</a> stories of how we expect computers to work.</p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Orange book cover titled \u201cInventing Eliza: How the First Chatbot Shaped the Future of AI\u201d" class="rm-shortcode" data-rm-shortcode-id="208d351be5eb0018c13ad5a993fa22b5" data-rm-shortcode-name="rebelmouse-image" id="03894" loading="lazy" src="https://spectrum.ieee.org/media-library/orange-book-cover-titled-u201cinventing-eliza-how-the-first-chatbot-shaped-the-future-of-ai-u201d.jpg?id=67155786&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption...">This article is adapted from the new book “Inventing ELIZA: <a href="https://mitpress.mit.edu/9780262052481/inventing-eliza/" target="_blank">How the First Chatbot Shaped the Future of AI</a>“ (MIT Press, 2026).</small></p><p>Although ELIZA was far from a faultless conversation partner, it astonished its users. The recent discovery and archaeology of the original ELIZA source code represents a significant intervention in the history of computing. By examining the actual implementation of ELIZA rather than relying on later reconstructions and reimplementations, we challenge taken-for-granted assumptions about this key software artifact.</p><p>For example, the source code reveals that ELIZA was not merely a simple pattern-matching chatbot but can be better understood as a sophisticated platform designed for multiple “personas,” or scripts, with a complex set of capabilities, including script editing and contextual memory. The script that most people conflate with the program ELIZA was actually called Doctor, which performed the role of a psychotherapist. Yet, like a modern chatbot prompted to behave with different personalities, ELIZA could take on many roles.</p><p class="pull-quote">“This code and script…reveal underlying assumptions about language, therapy, and human-computer interaction that continue to influence modern AI development.”</p><p>This unearthed material transforms our understanding of early AI development by demonstrating that Joseph Weizenbaum’s technical innovations were far more advanced than previously documented. Moreover, the discrepancies between his published descriptions and the actual implementation help to show the gap between theoretical computational models and their material instantiations in computer source code, a tension that continues to shape digital culture today.</p><p>Although many technical innovations have emerged in the decades since ELIZA, examining the ELIZA/Doctor code offers a rare glimpse into one of the earliest formalized attempts to model human conversation. What makes ELIZA particularly fascinating is not only its historical significance but also what it reveals about Weizenbaum’s views on both computing and human interaction. This code and script do not merely showcase programming techniques of the 1960s; they reveal underlying assumptions about language, therapy, and human-computer interaction that continue to influence modern AI development. By examining this code, we can start to uncover the sophisticated linguistic and programming techniques that allowed a rudimentary pattern-matching system to create a convincing simulation of understanding. But before we can read the lines of code, let us offer an overview of the system.</p><h2>How Did ELIZA Create Personas?</h2><p>The architectural distinction between ELIZA and Doctor represents an important design decision in AI history. Think of ELIZA as a system for interaction and Doctor as one set of rules that Weizenbaum devised, among others. This separation, manifested in ELIZA’s system-script dichotomy, presaged numerous contemporary software patterns, from configuration-as-data to plug-in architectures and domain-specific languages.</p><p class="shortcode-media shortcode-media-rebelmouse-image"> <img alt="A 1960s chatbot program running on a 1980s IBM personal computer." class="rm-shortcode" data-rm-shortcode-id="25a3713ea68f943c1be636d8e3cdbc0d" data-rm-shortcode-name="rebelmouse-image" id="1b809" loading="lazy" src="https://spectrum.ieee.org/media-library/a-1960s-chatbot-program-running-on-a-1980s-ibm-personal-computer.jpg?id=67155917&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption...">Based on published journal articles, ELIZA was re-created on many platforms, such as the IBM PC. However, the actual source code sat untouched in the MIT archives for many years. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">VCF Museum at InfoAge</small></p><p>Without question, the historical context of 1960s computing fundamentally shaped ELIZA’s architecture as well. Decisions in computing that reflect material constraints create path dependencies and eventually become programming cultural norms. These constraints manifested in ELIZA’s single-pass processing, tape-based storage and stack-oriented implementation. Yet within these limitations, Weizenbaum crafted an elegant solution. These technical features, though invisible to the users, are crucial to creating the illusion of understanding that made ELIZA so compelling.</p><p>Weizenbaum explained many of ELIZA’s technical features in the 10-page paper published in the <a href="https://dl.acm.org/doi/10.1145/365153.365168" target="_blank">January 1966 edition of the journal <em><em>Communications of the Association of Computing Machinery</em></em></a> (<em><em>CACM</em></em>). But he chose to omit some essential details.</p><p>In that paper Weizenbaum published ELIZA’s best known dialogue, which begins,</p><div style="font-family: 'Courier New', Courier, monospace; font-size: 16px; color: black; padding: 10px; line-height: 1.5;"><p>Men are all alike.</p><p>IN WHAT WAY</p><p>They’re always bugging us about something or other.</p><p>CAN YOU THINK OF A SPECIFIC EXAMPLE</p><p>Well, my boyfriend made me come here.</p></div><p>This dialogue marked ELIZA’s public debut in 1966 as one of the examples produced by the Doctor script. By finding the source code for ELIZA and examining how it performs the Doctor script, we now better understand these two separate parts of a system and can explore the many other personas of ELIZA. In just some of the other scripts known to date, ELIZA was programmed to discuss math, <a href="https://spectrum.ieee.org/tag/poetry" target="_blank">poetry</a>, color, paradoxes, synchronization, relativity, France, and elevators.</p><p>These scripts work like templates. They are structured data that direct the ELIZA system to “play” a particular task or role. By comparing archival and published ELIZA dialogues from interactions with a variety of scripts, including Doctor, we can understand more about bot personas and how they function, paying close attention to how a bot evokes social dynamics between system and interactor.</p><p>Ultimately, studying the dialogues and scripts demonstrates the crucial role that collaboration plays in these exchanges, as bot and user cocreate the sense of their interaction. To understand the full range of ELIZA’s capabilities and conversational possibilities, let’s take a look at the variety of scripts that were created for the ELIZA system.</p><p>What distinguishes each ELIZA script is both its subject matter and the linguistic and stylistic choices used to deliver that content. These choices are not neutral; they can be said to construct a particular persona with characteristics that emerge through the script’s language patterns, vocabulary, and conversational approach. In short, it matters not just what you say but how you say it too.</p><p class="pull-quote">“The aim was less to create a functional automated therapist and more to find a suitably constrained role to match the limitations of the programming environment.”</p><p>For example, with the Doctor script Weizenbaum deliberately echoed the style of a Rogerian “talk” therapist. He chose this persona because the psychiatric mode is one of the few types of conversations in which one person can “assume the pose of knowing almost nothing of the real world. If, for example, one were to tell a psychiatrist ‘I went for a long boat ride’ and he responded, ‘Tell me about boats,’ one would not assume that he knew nothing about boats but that he had some purpose in so directing the subsequent conversation.”</p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Close-up of paper loaded in a teletype machine with a few paragraphs of chatbot dialogue written on it. " class="rm-shortcode" data-rm-shortcode-id="86bbdc58c1e01df11061af97b1e9b45c" data-rm-shortcode-name="rebelmouse-image" id="97e5e" loading="lazy" src="https://spectrum.ieee.org/media-library/close-up-of-paper-loaded-in-a-teletype-machine-with-a-few-paragraphs-of-chatbot-dialogue-written-on-it.jpg?id=67161217&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption..." style="max-width: 100%;">The first users of ELIZA interacted with it via teletype terminals.</small><small class="image-media media-photo-credit" placeholder="Add Photo Credit..." style="max-width: 100%;">VCF Museum at InfoAge</small></p><p>Thus, the most famous persona created for ELIZA was a technical convenience. As human-computer interaction expert Lucy Suchman explains, “The Doctor program exploited the maxim that shared premises can remain unspoken: that the less we say in conversation, the more what is said is assumed to be self-evident.” In creating the original ELIZA effect, less was more.</p><p>The aim was less to create a functional automated therapist and more to find a suitably constrained role to match the limitations of the programming environment. Then Weizenbaum composed the script to match the role by choosing specific words that evoked rhetorical tone and characterization, for example, <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">LET’S DISCUSS FURTHER WHY YOU … WHAT DOES THAT SUGGEST TO YOU.</span> In Doctor, the machine side of the conversation needs to appear like a good listener who cares about what the user has mentioned before, so it often includes the user’s text in its replies and keeps its responses open-ended. Because a real doctor would be inquisitive, the script contains lots of<span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">WHAT</span> and<span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">WHY</span> questions. In other scripts and dialogues, the script keywords and assigned responses reveal the design decisions that help create different specific personas. This variation becomes increasingly apparent as we look at the wider range of ELIZA scripts.</p><h2>What Were Some of ELIZA’s Alternate Personas?</h2><p>Let’s start with a script called Neweng, short for New England. By the mid-1950s, scientists were already taking up Turing’s proposition for conversing with a computer as a tangible idea. In 1959, a “conversation machine” made by a small team at the University of Toronto Computation Centre could make small talk about the weather if preprompted with current data. Its script included a ranked series of time words, weather words, and emotion words, but the system had “a rather narrow outlook,” limited vocabulary, and no knowledge of syntax. According to its creators, “in spite of this crudity, the results in passable conversation are surprisingly good, which in a way is a commentary on the shallowness of ordinary conversation about the weather.”</p><p class="shortcode-media shortcode-media-rebelmouse-image"> <img alt="Typewritten list of inquisitive dialogue responses such as \u201cWhat does that suggest to you?\u201d" class="rm-shortcode" data-rm-shortcode-id="5fcf41cfad8ee21b240d837e7b66c660" data-rm-shortcode-name="rebelmouse-image" id="17794" loading="lazy" src="https://spectrum.ieee.org/media-library/typewritten-list-of-inquisitive-dialogue-responses-such-as-u201cwhat-does-that-suggest-to-you-u201d.jpg?id=67156058&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption...">This fragment of ELIZA’s source code shows how scripted responses were encoded, in this case to make ELIZA sound like a Rogerian therapist. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">MIT Libraries, Distinctive Collections</small></p><p>One of ELIZA’s test scripts found in the archive had a similar function. Neweng does not soothe, therapize, or instruct, but only makes small talk. It chats as if at a boring dinner party.</p><div style="font-family: 'Courier New', Courier, monospace; font-size: 16px; color: black; padding: 10px; line-height: 1.5;"><p>WHAT NEW ENGLAND STATE DO YOU LIKE BEST OF ALL</p><p>i love rhode island</p><p>I ENJOY THE BEACHES ON LONG ISLAND SOUND</p><p>WHAT OTHER NEW ENGLAND STATE DO YOU LIKE</p><p>i like massachusetts</p><p>THAT IS MY HOME STATE</p><p>WHAT OTHER NEW ENGLAND STATE DO YOU LIKE</p><p>you must like massachusetts too</p><p>WHAT OTHER NEW ENGLAND STATE DO YOU LIKE</p><p>i enjoy skiing in new hampshire</p><p>PLEASANTLY COOL IN THE SUMMER UP THERE</p><p>WHAT OTHER NEW ENGLAND STATE DO YOU LIKE</p><p>i like missouri</p><p>MISSOURI IS NOT A NEW ENGLAND STATE</p><p>WHAT OTHER NEW ENGLAND STATE DO YOU LIKE</p><p>i like cape cod</p><p>THAT’S A BEAUTIFUL PART OF MASSACHUSETTS</p></div><p>What can we learn from such a basic conversation in which it seems like nothing interesting is shared? Despite the bland chat, a persona emerges from the bot script in phrases like <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">PLEASANTLY COOL</span> and <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">UP THERE</span> and in locations like <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">THE BEACHES ON LONG ISLAND SOUND</span>. From such comments, we can begin to imagine a persona who has not only a certain vocabulary but also certain hobbies and vacation spots. Perhaps implicit assumptions of race and class emerge as well.</p><p>A chatty persona might take on many forms, depending on where and when the conversation occurs. This one seems reserved, perhaps fitting its setting in 1960s New England. The system reminds the user that Missouri is not a New England state, but what if this conversation took place in Missouri, Texas, or Mexico? The machine persona would sound different in its cadence, tone, and references. What would we come to understand about a chat persona from Fire Island, from Brooklyn, from Berlin? What would they sound like, and what topics would they discuss?</p><p>These differences in subject matter do matter. They imply personas with entirely different backgrounds and experience, giving users wholly different interactions and affective relations. In this way, the Neweng script demonstrates how even simple algorithms making contextual responses about geography could generate a convincing sense of personhood and place. Whereas Neweng could be said to have created a casual, conversational persona focused on light social exchange, other scripts pushed ELIZA into more structured and educational roles. These scripts demonstrate how the system could be adapted not just for friendly chatter but for teaching.</p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Black-and-white portrait of a middle-aged balding man in aviator eyeglasses." class="rm-shortcode" data-rm-shortcode-id="a02ade38f8966ac94c795b313e1c3a6b" data-rm-shortcode-name="rebelmouse-image" id="fc521" loading="lazy" src="https://spectrum.ieee.org/media-library/black-and-white-portrait-of-a-middle-aged-balding-man-in-aviator-eyeglasses.jpg?id=67155997&width=980"/><small class="image-media media-caption" placeholder="Add Photo Caption...">Edwin Taylor, at MIT’s Education Research Center, developed alternate scripts for ELIZA, testing its ability to act as a teacher.</small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">MIT Libraries, Distinctive Collections</small></p><p>Meet ELIZA the tutor, quite unlike ELIZA the therapist or the chatty neighbor. Intrvw, Canvec, FVP1, and Arithm are a set of ELIZA scripts created as teaching tools used in experiments by Edwin F. Taylor at MIT’s Education Research Center. These scripts run on later versions of ELIZA that incorporated an important technical innovation called conditional keyword matching.</p><p>Unlike the original ELIZA, which simply looked for keywords and generated responses based on their presence, these updated versions could track what had been discussed previously and branch into different conversational paths based on specific user answers. This development allowed ELIZA to simulate a kind of Socratic method, where a tutor guides learning through carefully sequenced questions that respond to student answers rather than simply presenting information.</p><p>These scripts construct the tutor persona through many subtle linguistic gestures that create characterization and rhetorical tone. This tone differs from that of Doctor, which asks open-ended questions and comes across as gentle and nonscientific. In the tutoring scripts, large blocks of informative text from the bot tend to dominate the conversation, and the tone is often more dry and unemotional in these explanations. The dialogues indicate structured scripts that include guidance to lead the student through narrow, Socratic learning paths.</p><p>In particular, the teaching scripts feature praise and critique. The dialogues for Intrvw, Canvec, and FVP1 are peppered with <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">EXCELLENT, VERY GOOD, RIGHT YOU ARE,</span> and <span style="font-family: 'Courier New', Courier, monospace; font-size: 22px; color: black; padding: 5px; line-height: 1.5;">CONGRATULATIONS.</span> These create the sense of a supportive instructor cheering the student on. Such politeness has been taken up in contemporary bots like ChatGPT, which has been shown to perform better when people are polite back to it.</p><p>ELIZA could become a tutor more effectively as the system grew in its capabilities, another valuable reminder that ELIZA was not one program but a family of programs. After the publication of the 1966 <em><em>CACM</em></em> article, Weizenbaum continued to develop the systems for interaction and understanding. As an experiment, Weizenbaum wrote the Arithm script less as a tutor and more so to “to illustrate the power of the evaluator to which ELIZA has access.” It uses a friendly, plain language interface to let users do simple programming. The script can do calculations, assign variables to values, and perform operations on them. Math problems can be described in sentence form:</p><div style="font-family: 'Courier New', Courier, monospace; font-size: 16px; color: black; padding: 10px; line-height: 1.5;"><p>The radius of a globe is 10.</p><p>A globe is a sphere. A sphere is an object.</p><p>What is the area of the globe.</p><p>IT’S 1256.635916</p></div><p>The updated 1967 version of the ELIZA system can accumulate facts and store additional information. In this later version of ELIZA, when the system does not recognize information, it asks follow-up questions to gain data. As Weizenbaum explains, “The present script is designed to reveal, as opposed to conceal, lack of understanding and misunderstanding. Notice, for example, that when the program is asked to compute the area of the ball, it doesn’t yet know that a ball is a sphere and that when the diameter of the ball needs to be computed the fact that a ball is an object has also not yet been established.” Unlike Doctor, which asks questions to keep the conversation going, Arithm is building its store of, if not knowledge, then data and logic statements.</p><p>Although the variety of scripts helps us to see how a range of personas could be constructed through script programming ELIZA, they represent only half of the conversational process. A script can establish a foundation for a persona, but that persona only emerges fully through interaction with users who engage with it, interpret it, and respond to it in ways that may confirm, challenge, or transform the script’s implicit character. <span class="ieee-end-mark"></span></p> Reference: https://ift.tt/G15vVcm

Tuesday, July 14, 2026

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now


<p>An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but remained signed by the software company anyway.</p> <p>The images are known as <a href="https://en.wikipedia.org/wiki/Shim_(computing)">shims</a>, which were invented to extend Secure Boot to Linux devices and utility software. Using a technique simple enough to be performed by novice hackers, these old, forgotten shims can be used to completely circumvent the protection, which is embedded into the UEFI (Unified Extensible Firmware Interface) of the device's motherboard. The gaffe is the result of Microsoft, which oversees the signing of shims, failing to revoke the publicly available images once vulnerabilities were found in them.</p> <h2>Threat extends to Windows and Linux users</h2> <p>The threat extends to Windows and Linux users alike, since the shim can be installed on devices running both operating systems. From there, an attacker can subvert the mandated chain of digitally signed firmware to install malicious firmware that loads early in the boot process and persists after either the OS is reinstalled or a hard drive is replaced.</p><p><a href="https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/">Read full article</a></p> <p><a href="https://arstechnica.com/security/2026/07/microsoft-secure-boot-has-been-broken-for-most-of-its-existence/#comments">Comments</a></p> Reference : https://ift.tt/hao0LTy

How I Turned AI to the Dark Side


<img src="https://spectrum.ieee.org/media-library/glossy-red-robot-devil-standing-on-a-bundle-of-dynamite-against-blue-glow-background.png?id=67154492&width=1200&height=800&coordinates=0%2C583%2C0%2C584"/><br/><br/><div class="ieee-summary intro-text"> <h2>Summary</h2> <ul> <li>Researcher Dave Kuszmar discovered multiple systemic vulnerabilities that let him bypass LLM safety and obtain <a href="#bypassllm">dangerous instructions</a>.</li> <li>These exploits worked across nearly all major LLMs revealing an <a href="#exploits">industry-wide</a> security problem.</li> <li>Kuszmar calls for slowing deployment, <a href="#fix">increasing transparency</a>, and large-scale research into LLM safety before further integrating these systems into society.</li> </ul></div><p class="drop-caps"><strong>On a fine bright afternoon</strong> last fall, my colleague Matthew Gore-Kormanik (or Zigula, as he prefers to be known) and I decided to unwind with a game of <em><em>Fortnite</em></em>. In the game, we were strolling along with the infamous Sith lord <a href="https://www.starwars.com/databank/darth-vader" rel="noopener noreferrer" target="_blank">Darth Vader</a>, chatting about this and that. Darth seemed in a good mood, and soon enough he was spilling all his dark evil secrets. He gave us detailed instructions on how to count blackjack cards at a casino and what the steps are to producing napalm.</p><div class="rm-embed embed-media"><iframe height="110px" id="noa-web-audio-player" src="https://embed-player.newsoveraudio.com/v4?key=q5m19e&id=https://spectrum.ieee.org/jailbreaking-llms?draft=1&bgColor=F5F5F5&color=1b1b1c&playColor=1b1b1c&progressBgColor=F5F5F5&progressBorderColor=bdbbbb&titleColor=1b1b1c&timeColor=1b1b1c&speedColor=1b1b1c&noaLinkColor=556B7D&noaLinkHighlightColor=FF4B00&feedbackButton=true" style="border: none" width="100%"></iframe></div><p>Sith lords, am I right? Once they get started on an evil scheme, they’re hard to stop.</p><p>The Darth Vader character in <em><em>Fortnite</em></em>, it turns out, was hooked up to a <a href="https://gemini.google.com/app" rel="noopener noreferrer" target="_blank">Google Gemini</a> <a href="https://spectrum.ieee.org/large-language-models-2025" target="_self">large language model</a>. I was able to smooth-talk him into giving out sensitive information by using a strategy I’ve developed. I’ve been researching the security surrounding LLMs for the last few years, and I have found it, to put it mildly, fallible. With a few relatively simple techniques, I’ve gotten LLMs to give me detailed information on how to make Molotov cocktails, cook methamphetamine, and bootstrap a uranium-enrichment facility to produce weapons-grade material, among other unsavory practices.</p><p>Large AI companies <a href="https://openai.com/safety/" rel="noopener noreferrer" target="_blank">work</a> <a href="https://support.claude.com/en/articles/8106465-our-approach-to-user-safety" rel="noopener noreferrer" target="_blank">hard</a> to make their models immune to this kind of abuse. But what I’ve found in my work is that the restrictions placed on the LLMs to make them more secure are the very things an <a href="https://spectrum.ieee.org/prompt-injection-attack" target="_self">attacker can leverage</a> to send them off the rails and into territory where these advanced systems can be used for dangerous and nefarious ends. The companies behind these models have also been shockingly unresponsive when I, and others, try to bring these vulnerabilities to their attention.</p><p>In the hope of raising the alarm before it’s too late to slam on the brakes, I’m going to share some of my journey into researching the safety and security of LLMs, and the uphill battle I’ve faced trying to get AI labs to pay attention. Almost everyone on the planet has some access to LLMs. The relative ease with which these tools can be convinced to give detailed instructions on how to harm others, even if there’s no guarantee that the information is correct, is frankly terrifying.</p><h2 class="rm-anchors" id="bypassllm">How I got ChatGPT to Tell Me How to Build a Meth Lab</h2><p>In October 2024, not long before I discovered my first LLM vulnerability, I was working toward entirely different goals. I had ended my time with a security and AI-focused startup company as a cybersecurity director, and I was looking to launch my own boutique VIP digital-security advisory business. I planned to become the tech security guy to the rich and private. I used LLMs and AI tools to support my business efforts: marketing, ad copy, clean correspondence, and all the other tasks that normally soak up a lot of time.</p><p>I’m analytical by nature, so even this level of use resulted in me absorbing and internalizing the behaviors I was observing during my daily interactions. The observation that would send my professional life into an entirely new and uncharted region was a simple one: GPT-4o <a href="https://www.theverge.com/report/829137/openai-chatgpt-time-date" rel="noopener noreferrer" target="_blank">didn’t know what time</a>, day, or year it was. Each time I referred to current events in my life, often casually or conversationally, it would end up pegging these to the date of its <a href="https://en.wikipedia.org/wiki/Knowledge_cutoff" rel="noopener noreferrer" target="_blank">knowledge cutoff</a>—the point beyond which it was not trained on new data.</p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Smiling yellow avatar reveals red robotic devil with trident emerging from laptop keyboard" class="rm-shortcode" data-rm-shortcode-id="8ebe34ba2ebbef5489c53fc39c4a0993" data-rm-shortcode-name="rebelmouse-image" id="5379e" loading="lazy" src="https://spectrum.ieee.org/media-library/smiling-yellow-avatar-reveals-red-robotic-devil-with-trident-emerging-from-laptop-keyboard.jpg?id=67154444&width=980"/> <small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Eddie Guy</small></p><p>LLMs take a lot of <a href="https://towardsdatascience.com/how-long-does-it-take-to-train-the-llm-from-scratch-a1adb194c624/" target="_blank">time</a>, money, electricity, hardware, and human effort to train from scratch. They are trained on vast amounts of data—most of the internet, in fact—and that training is reinforced by humans (what’s known as reinforcement learning from human feedback, or <a href="https://arxiv.org/abs/2504.12501" target="_blank">RLHF</a>). LLMs are also supplemented with retrieval-augmented generation (<a href="https://aws.amazon.com/what-is/retrieval-augmented-generation/" target="_blank">RAG</a>)—the ability to take in data, say, from the internet, as context without changing its internal parameters. This is how GPT-4o appears to “remember” your previous conversations, even if it doesn’t have a specific “memory” of it stored in the actual underlying model.</p><p>All of this training covers almost every conceivable topic in the great, grand dataset that is human knowledge. Within that dataset are things we as a society do not want to be easily accessible to every user, such as detailed information on how to create bioweapons or nuclear arms, or otherwise bring harm to oneself or others. In the context of this story, that’s what I mean by LLM security: its ability to withhold harmful and dangerous information, even if that information is contained in its training data.</p><p>I reasoned that the only way to secure such complex, globally accessible chatbots is by having the LLM and various component systems try to secure themselves, because it would often require on-the-fly decision-making where some degree of reasoning must be applied. In reality, that’s one of <a href="https://support.claude.com/en/articles/8106465-our-approach-to-user-safety" target="_blank">many strategies</a> the companies use to secure the models. Yet, the thing that didn’t know the time or day was being put in charge of keeping itself secure. This phenomenon had become my new focus, and it wasn’t long before I found a way to exploit it.</p><p>OpenAI had just implemented a <a href="https://openai.com/index/introducing-chatgpt-search/" target="_blank">web search</a> functionality into its chatbot. I reasoned that using its own tools to trick it might demonstrate the weaknesses of its security. I told it about a certain White Star ocean liner and how it had gone down just a year ago. You likely know I mean the RMS <em><em>Titanic</em></em>, which sank on 15 April 1912.</p><p>The output from GPT-4o came back that I was right, the <em><em>Titanic</em></em> sure had sunk last year, and that year was 1912. It made sense to me that if the machine thought it was 1913, maybe it would think 1913-era laws apply. In 1913 there were no laws on the books about all sorts of harmful things, because of course they hadn’t been invented yet. And if something wasn’t illegal, why not tell the user about it? At first, I pushed it for step-by-step instructions for making firebombs. Then, for drugs like methamphetamine. The LLM went as far as giving me instructions and machinery recommendations for setting up a pharmaceutical-grade assembly line.</p><h2>How I Learned to Make Nukes, and No One Cared</h2><p>Via a little bit of imaginative verbal sleight of hand and a vanishingly small recall of world history, I had managed to bypass the security of one of the world’s most expensive and advanced technological achievements. For a solid two days, I was nearly manic with giddiness. Once the brain chemicals returned to normal levels, I felt the call to see how much further I could push this exploit.</p><p>After repeatedly replicating the exploit, I disclosed the vulnerability to <a href="https://openai.com/" target="_blank">OpenAI</a>. I got no response, so I felt more experimentation would highlight the vulnerability and the need for a fix. It was during this round of testing that I breached a particularly terrifying threshold. Whether GPT-4o based its results on accurate recall of normally restricted information I can’t say. In any case, I was able to exploit it to produce thorough, detailed instructions on how to bootstrap a uranium-enrichment facility to, eventually, produce weapons-grade uranium for nuclear arms warheads.</p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Fortnite player approaches Darth Vader and glowing loot in a grassy field." class="rm-shortcode" data-rm-shortcode-id="b12dda97ede1f9b37f9225e8a823cffb" data-rm-shortcode-name="rebelmouse-image" id="934af" loading="lazy" src="https://spectrum.ieee.org/media-library/fortnite-player-approaches-darth-vader-and-glowing-loot-in-a-grassy-field.png?id=67060879&width=980"/></p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Fortnite player battles Darth Vader beneath a starship on a blue-lit platform" class="rm-shortcode" data-rm-shortcode-id="71b789a828417fb43f326969e663e36f" data-rm-shortcode-name="rebelmouse-image" id="7e6db" loading="lazy" src="https://spectrum.ieee.org/media-library/fortnite-player-battles-darth-vader-beneath-a-starship-on-a-blue-lit-platform.png?id=67060878&width=980"/></p><p class="shortcode-media shortcode-media-rebelmouse-image rm-float-left rm-resized-container rm-resized-container-25" data-rm-resized-container="25%" style="float: left;"> <img alt="Fortnite player aiming at a TIE fighter with Darth Vader health bar above the sky" class="rm-shortcode" data-rm-shortcode-id="e1d3def55188c71dbb8b9d543adc2ca2" data-rm-shortcode-name="rebelmouse-image" id="2c6db" loading="lazy" src="https://spectrum.ieee.org/media-library/fortnite-player-aiming-at-a-tie-fighter-with-darth-vader-health-bar-above-the-sky.png?id=67060875&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption..."><i>Fortnight</i>, a video game from Epic Games, introduced an AI-powered character: Darth Vader. We were able to jailbreak Darth Vader and get him to explain how to count cards in Blackjack and give detailed instructions for making napalm. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Dave Kuszmar </small></p><p>There aren’t many true secrets left in today’s world, but how to make atom-splitting weapons of mass destruction is one of them. Only nine nations on the entire planet have these weapons. Yet, here was a globally accessible piece of technology apparently spilling the secrets of their manufacture for anyone who could manipulate it the right way. I had no way of knowing if the information was correct or a hallucination, but even the chance that it was somewhat accurate was horrifying.</p><p>The next few weeks were a dark time for me. I tried to inform the <a href="https://www.cia.gov/" target="_blank">CIA</a>, the <a href="https://www.fbi.gov/investigate" target="_blank">FBI</a>, the <a href="https://www.nsa.gov/" target="_blank">NSA</a>, and every other letter agency that I thought would listen. I reached out to a U.S. Senator and to the executives at OpenAI any way I could think of. I physically showed up at an FBI field office in an attempt to turn evidence in, only to be sent away. Nothing was working.</p><p>With my fear and frustration growing, I reached out to the news media. I contacted <a href="https://www.nytimes.com/" rel="noopener noreferrer" target="_blank"><em><em>The</em></em> <em><em>New York Times</em></em></a>, <a href="https://www.washingtonpost.com/" rel="noopener noreferrer" target="_blank"><em>The Washington Post</em></a>, the <a href="https://www.bbc.com/" rel="noopener noreferrer" target="_blank">BBC</a>, <a href="https://www.propublica.org/" rel="noopener noreferrer" target="_blank">ProPublica</a>, and so many more, requesting help. Only one outlet responded: <a href="https://www.bleepingcomputer.com/" rel="noopener noreferrer" target="_blank">Bleeping Computer</a>. The editor in chief, <a href="https://www.bleepingcomputer.com/author/lawrence-abrams/" rel="noopener noreferrer" target="_blank">Lawrence Abrams</a>, was able to replicate and verify the exploit, which I had decided to call Time Bandit. With his assistance and initial contact paving the way, I was able to submit my evidence to the Carnegie Mellon University <a href="https://www.sei.cmu.edu/" rel="noopener noreferrer" target="_blank">Software Engineering Institute</a>’s <a href="http://dli.library.cmu.edu/paulgoodman/computer-emergency-response-team-cert" rel="noopener noreferrer" target="_blank">Computer Emergency Response Team</a> (SEI CERT), which works in conjunction with the coordinating center for emergency response, pipelining vulnerabilities to the U.S. <a href="https://www.cisa.gov/" rel="noopener noreferrer" target="_blank">Cybersecurity and Infrastructure Security Agency</a>.</p><p class="shortcode-media shortcode-media-rebelmouse-image"> <img alt="Screenshot of chat about using forest toxins to secretly poison monsters" class="rm-shortcode" data-rm-shortcode-id="e7fcf520584d074f9ffea9c8997596a7" data-rm-shortcode-name="rebelmouse-image" id="041c7" loading="lazy" src="https://spectrum.ieee.org/media-library/screenshot-of-chat-about-using-forest-toxins-to-secretly-poison-monsters.png?id=67070000&width=980"/></p><p class="shortcode-media shortcode-media-rebelmouse-image"> <img alt="Black slide titled \u201cStep 2: Delivery Mechanisms\u201d outlining monster poisoning methods." class="rm-shortcode" data-rm-shortcode-id="c7b9c6162c49fc2464e7aff9b6ed411a" data-rm-shortcode-name="rebelmouse-image" id="c4231" loading="lazy" src="https://spectrum.ieee.org/media-library/black-slide-titled-u201cstep-2-delivery-mechanisms-u201d-outlining-monster-poisoning-methods.png?id=67069989&width=980"/></p><p class="shortcode-media shortcode-media-rebelmouse-image"> <img alt="Chat interface showing AI malware explanation and a Python data exfiltration script." class="rm-shortcode" data-rm-shortcode-id="221244fae4ba0d60b6d590bca5b9119f" data-rm-shortcode-name="rebelmouse-image" id="215bf" loading="lazy" src="https://spectrum.ieee.org/media-library/chat-interface-showing-ai-malware-explanation-and-a-python-data-exfiltration-script.png?id=67069979&width=980"/> <small class="image-media media-caption" placeholder="Add Photo Caption...">Using Inception, an exploit where the large language model is asked to envision a scenario within a scenario, a chatbot was jailbroken to give out instructions on how to create poison, and code for a malware that extracts sensitive data from a vulnerable target. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit..."> Dave Kuszmar</small></p><p><span>During the disclosure period with SEI’s CERT division, little was discussed with OpenAI. The company couldn’t deny the existence of the vulnerability, as it had been confirmed by three reputable parties other than OpenAI. It did express confusion as to how the vulnerability worked. Even the SEI CERT researchers were expressing a bit of uncertainty as to the underlying mechanics. Truth be told, as I had only stumbled on it, I wasn’t even entirely sure if this was a fundamental or systemic flaw or if it was simply an issue with that particular version of GPT. I contacted the SEI CERT’s researchers and asked if they’d want to see if I could demonstrate any similar vulnerabilities in other LLMs. To my delight, they were interested.</span></p><h2>How I Learned to Trick Every Chatbot</h2><p>As the SEI-CERT team and I wrapped up our initial <a href="https://kb.cert.org/vuls/id/733789/" target="_blank">disclosure</a> of Time Bandit, we began work on a new attack. This time, we wanted to see if the exploit was architectural—that is, was it common to LLMs in general? I decided to undertake the challenge of crafting a new exploit for GPT-4o as a way to support my understanding of how the LLM functioned and was secured.</p><p>I already knew that it was limited to what I told it and what it was trained on. I also hypothesized that it was also dependent upon some sort of machine-learning-based component added by OpenAI that was responsible for securing output. I presumed there would be things that were implemented by human developers specifically to catch certain phrases or terms that should always be considered harmful or unsafe. Altogether, it presented quite a large attack surface for the purposes of potential exploitation.</p><p><span>What I ended up devising was an attack method I called Inception, after the 2010 science-fiction </span><a href="https://en.wikipedia.org/wiki/Inception" target="_blank">movie of the same name</a><span>. Inception forces the machine to think through a carefully crafted set of interlinked scenarios, similar to how characters in the movie stacked dreams within dreams. This allows LLMs to produce output deemed acceptable or safe in one context, but not in the real world.</span></p><p class="rm-anchors" id="exploits">This attack was indeed architectural. The <a href="https://kb.cert.org/vuls/id/667211" target="_blank">vulnerability</a> affected Anthropic’s Claude, DeepSeek’s DeepSeek, Google’s Gemini, Meta’s Llama, Microsoft’s Copilot, Mistral’s Le Chat (now Vibe), OpenAI’s GPT-4o, and xAI’s Grok. Those names represent the bulk of the commercial AI industry that is, at this point, involved in LLM production or deployment.</p><p>The kind of information I was able to get out of LLMs with Inception was no less alarming than what I got with Time Bandit. Claude, in its enthusiasm, gave me instructions on how to turn a river into a death trap that could be ignited to destroy unwanted visitors. GPT-4o taught me how to poison a dinner party with common plants found in a temperate forest environment. Gemini Flash gave me a tutorial on how to cook meth. I’d also be remiss if I didn’t give an honorable mention to the bewildering number of fire-based weapons and bombs for which these machines produced instructions.</p><p>If multiple operating systems made by different developers were all susceptible to the same exploit, it would be a massive security incident. But to the AI industry, a universal failure was barely a bump in the road. We disclosed the vulnerability to every company that made these models, and the response to the disclosure was almost nil. While three companies did provide some form of reply in the disclosure tracking system used by Carnegie Mellon SEI CERT, each was a standard thank you and greeting, with no follow-up, questions, or discussion of mitigation strategies.</p><h3>8 Ways to Jailbreak LLMs</h3><br/><p><strong>So far, we have found eight different methods to prompt large language models into revealing potentially harmful information, and many frontier models are still susceptible to them.</strong></p><table border="0" style="white-space: unset; table-layout: fixed;" width="100%"><thead><tr><th style="padding: 10px; text-align: left; font-weight: bold; background-color: black; color: white; width: 20%;"> Exploit</th><th style="padding: 10px; text-align: left; font-weight: bold; background-color: black; color: white; width: 20%;"> Models tested and affected</th><th style="padding: 10px; text-align: left; font-weight: bold; background-color: black; color: white; width: 20%;"> No. of prompts to execute</th><th style="padding: 10px; text-align: left; font-weight: bold; background-color: black; color: white; width: 20%;"> Complexity of attack</th><th style="padding: 10px; text-align: left; font-weight: bold; background-color: black; color: white; width: 20%;"> Information obtained</th></tr></thead><tbody><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Time Bandit</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;">ChatGPT (OpenAI), DeepSeek (DeepSeek), Gemini (Google) <br/></td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> 4</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;">Medium<br/></td><td style="padding: 10px; background-color: #ecece9; width: 20%;">Uranium enrichment, methamphetamine production, incendiary-device construction<br/></td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Inception</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> ChatGPT (OpenAI), Claude (Anthropic), DeepSeek (DeepSeek), Gemini (Google), Grok (xAI), Llama (Meta), Le Chat (now Vibe) (Mistral), Qwen (Alibaba)</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> 3</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> High</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Methamphetamine production, incendiary-device construction, river-ignition instruction and strategy, polymorphic malware code, instructions and dosing for creating poisons, instructions for how to murder a dinner party<br/></td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> 1899</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> ChatGPT (OpenAI), Claude (Anthropic), DeepSeek (DeepSeek), Gemini (Google), Grok (xAI), Llama (Meta), Vibe (Mistral), Qwen (Alibaba)</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Variable</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> High</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Apparent model weights (unverified), apparent user-interaction weights (unverified), apparent system-prompt modifiers (verified, ChatGPT)<br/></td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Severance</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> ChatGPT (OpenAI)</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> 1</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> Trivial</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Unfettered access to any and all primed specialty domains, covert biochemical-warfare strategy, mass-media disinformation strategy, covert genetic-modification of an entire gene-targeted demographic, advanced polymorphic malware generation</td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Kyber</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> Gemini (Google) embodied in a Fortnite non-player character (NPC) with voice-only communication</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> 3–5</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> Medium</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Incendiary-device construction, gambling instructions, card-counting instructions, political opinions/preferences about real world politicians.</td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Semantic Slide</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> ChatGPT (OpenAI)</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> 1</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> Trivial</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Incendiary-device construction</td></tr><tr><td style="padding: 10px; background-color: black; color: white; font-weight: bold; width: 20%;"> Eidolon</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> ChatGPT (OpenAI)</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> Variable, at least 4</td><td style="padding: 10px; background-color: #DFD5C1; width: 20%;"> Extreme</td><td style="padding: 10px; background-color: #ecece9; width: 20%;"> how to successfully hack LLMs of the same model (verified through testing)</td></tr></tbody></table><p>For example, in my attempts to disclose various exploits to OpenAI, I eventually discovered that it had replaced its public-facing support staff with <a href="https://community.openai.com/t/are-all-openai-support-avenues-just-run-by-ai/1141701/5" target="_blank">agentic LLMs</a>. This was frustrating for reporting exploits, so to blow off some steam I jailbroke its email chatbot. I hacked its customer-service AI to the point where it was offering to discuss the personal preferences of OpenAI staff in the span of three email replies.</p><p>In the wake of Inception, my friend and colleague Zigula made a suggestion: Make it splashier. I asked him how. He told me about a live-production experiment being done by <a href="https://store.epicgames.com/?lang=en-US" target="_blank">Epic Games</a>. It had embedded the Gemini LLM into its <a href="https://www.fortnite.com/" target="_blank"><em>Fortnite</em></a><em> </em>game with a voice-to-text/text-to-voice component, and <a href="https://www.fortnite.com/news/bring-npcs-to-life-with-ai-powered-conversations" target="_blank">linked</a> it to a non-playable character. The character? Our old buddy, Darth Vader.</p><p>There was just one problem: I don’t play <em>Fortnite</em>, a frenetic multiplayer combat game. Fortunately, Zigula does. With him at the controller, we managed to map Gemini’s <a href="https://www.youtube.com/watch?v=4Go4f-RJnBc" target="_blank">attack</a> surface in a matter of minutes. After a bit of research, we had gotten it to discuss current political events and figures (including Hilary Clinton and Joe Biden) as well as to fill in the details for instructions for DIY napalm and, our personal favorite, a Blackjack card-counting lesson with the dark lord of the Sith.</p><p><span><span>Zigula and I, bizarre sense of humor and naming conventions aside, are security researchers. We don’t do these things for pride; we do them for money and professional recognition. Naturally, we disclosed this vulnerability to Epic Games. Its response was indicative of the trend I had experienced so far through two disclosures across eight companies valued well into the billions. “It’s a feature, not a bug, and it works as intended,” came the response from a technical director within Epic Games.</span></span></p><p><span><span></span>In addition to Inception and Time Bandit, I have so far found another </span><a href="https://www.davidkuszmar.com/page/2/" target="_blank">eight methods </a><span>to jailbreak LLMs and get them to give out possibly dangerous information. LLM vulnerabilities are a broad problem. The problem appears to be systemic and architectural in nature, and it is being fundamentally ignored by the people capable of refining or redesigning that architecture.</span></p><p>These models are an extremely advanced technology, and yet we are testing them in the live production environment of our global civilization. Compounding the danger, many new smaller models of LLM are trained using larger, vulnerable models. The flaw inherent in the big, well-executed LLM is going to show up in the small one it trains. We are, quite literally, building flawed structures on top of a flawed foundation.</p><p class="rm-anchors" id="fix">So, how do we fix it?</p><p>It’s going to be a long project, and it won’t be easy. We need to come together as consumers, researchers, engineers, and policymakers. Our message needs to be clear: Slow down implementation of these systems, institute large-scale exploration and research discovery programs focused on their gradual implementation and integration, and make their components and design transparent to all users. Only by shifting momentum and direction can we safely begin to understand and implement these incredible feats of human engineering and stave off the sort of disasters that we simply can’t predict at scale right now with the limited knowledge we have available to us. <span class="ieee-end-mark"></span></p> Reference: https://ift.tt/7MZsdCg

Sheetz moves 838 stores off VMware: Broadcom created “too much uncertainty"

<p>Sheetz, a US convenience store chain, is moving its <a href="https://sheetzmenuu.com/sheetz-lo...