I’ve been calling this for awhile now.

I’ve been calling it the Ouroboros effect.

There’s even bigger parts at play the paper didn’t even dig into, and that’s selective bias dye to human intervention.

See at first let’s say an AI has 100 unique outputs for a given prompt.

However, humans will favor let’s say half of em. Humans will naturally regenerate a couple times and pick their preferred “cream of the crop” result.

This will then ouroboros for an iteration.

Now the next iteration only has say 50 unique responses, as half of them have been ouroboros’d away by humans picking the one they like more.

Repeat, each time “half-lifing” the originality.

Over time, everything will get more abd more sameish. Models will degrade on originality as everything muddles into corporate speak.

You know how every corporate website uses the same useless “doesn’t mean anything” jargon string of words, to say a lot without actually saying anything?

That’s how AI is going to local minima to, as it keeps getting selectively “bred” to speak in an appealing and nonspecific way for the majority of online content.

Note that ChatGPT indeed implemented a state parameter, but their state was not a random value, and therefore could be guessed by the attacker.

Bruh wut, rookie mistake.

State is supposed to be mathematically random and should expire fairly quickly.

I always have used a random guid that expires after 10-15 minutes for state, if they try and complete the oauth with an expired state value I reject ad ask them to try again.

Also yeah the redirect uri trick is common, that’s why oath apis must always have a “whitelist urls” functionality. And not just domain, the whole url.

That’s why when you make a Google api token you gotta specify what urls it’s valid for explicitly. That way any other different redirect uri gets rejected, to prevent an injection attack from a third party providing their own different redirect uri to a victim.

Oath is pretty explicit about all these things in its spec. It really sucks people treat it as optional “not important” factors.

It’s important. Do it. Always.

Must be a slow news day.

The robot is just moving around, AI isn’t remotely close to at the point where a physical robot can “grope” a person intentionally.

The fact the video is so short says a lot. I’d expect anyone who watched would just see that the robot moves around all the time, and the reporter wasn’t supposed to stand so close to it.

This isn’t news.

Honestly kinda edges onto racism territory. “Hurr hirr, Saudi robot, groped woman, it’s cuz it was made in Saudi”

Ew.