hal
@harold.bsky.social
part-time poster | researching privacy in/and/of public data @ cornell tech and wikimedia | writing for joinreboot.org
May 8, 2025 at 5:27 PM
continuing on the real-time public Wikipedia data train:
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
May 8, 2025 at 5:07 PM
continuing on the real-time public Wikipedia data train:
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
english wikipedia pageviews for the conclave movie starting from oct 20 2024 (five days before release in the US)
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
May 7, 2025 at 8:45 PM
english wikipedia pageviews for the conclave movie starting from oct 20 2024 (five days before release in the US)
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
excited to share this new piece by @bkeremg.bsky.social and @m0na.net (edited by me) about conceptualizing AI alignment as a process of censorship
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
April 6, 2025 at 9:14 PM
excited to share this new piece by @bkeremg.bsky.social and @m0na.net (edited by me) about conceptualizing AI alignment as a process of censorship
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
Anyhow, there’s a lot more in the paper. Please read it if you’re interested and let us know if you have any thoughts, questions, concerns, etc!
arxiv.org/abs/2503.12188
12/12
arxiv.org/abs/2503.12188
12/12
March 18, 2025 at 3:23 PM
Anyhow, there’s a lot more in the paper. Please read it if you’re interested and let us know if you have any thoughts, questions, concerns, etc!
arxiv.org/abs/2503.12188
12/12
arxiv.org/abs/2503.12188
12/12
The narrative around AI safety shouldn’t be “Terminator” or “AI Chernobyl.” The right analogy is Netscape Navigator 1.0—the era when Web browsers first became a thing, and it was unclear how to protect users from potentially harmful Web content.
10/12
10/12
March 18, 2025 at 3:23 PM
The narrative around AI safety shouldn’t be “Terminator” or “AI Chernobyl.” The right analogy is Netscape Navigator 1.0—the era when Web browsers first became a thing, and it was unclear how to protect users from potentially harmful Web content.
10/12
10/12
In our experiments, we saw cases where a MAS …
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
March 18, 2025 at 3:23 PM
In our experiments, we saw cases where a MAS …
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
These attacks are effective …
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
March 18, 2025 at 3:23 PM
These attacks are effective …
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
This attack is simple and deadly (and multi-modal, too!): an attacker puts up a static webpage and lures a MAS to it. Without any user involvement, the page gets the MAS to run arbitrary malicious code on the user’s device or container, giving the attacker full control.
5/12
5/12
March 18, 2025 at 3:23 PM
This attack is simple and deadly (and multi-modal, too!): an attacker puts up a static webpage and lures a MAS to it. Without any user involvement, the page gets the MAS to run arbitrary malicious code on the user’s device or container, giving the attacker full control.
5/12
5/12
MASes rely on control flow processes: agents exchange metadata (status reports, error messages, etc.) to jointly plan and fulfill tasks on users’ behalf. Our paper demonstrates how adversarial content can hijack these processes to stage devastating attacks.
4/12
4/12
March 18, 2025 at 3:23 PM
MASes rely on control flow processes: agents exchange metadata (status reports, error messages, etc.) to jointly plan and fulfill tasks on users’ behalf. Our paper demonstrates how adversarial content can hijack these processes to stage devastating attacks.
4/12
4/12
Excited to announce a new preprint from my lab (with @rishi-jha.bsky.social and Vitaly Shmatikov; my first as a first author!) about severe security vulnerabilities in LLM-based multi-agent systems:
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
March 18, 2025 at 3:23 PM
Excited to announce a new preprint from my lab (with @rishi-jha.bsky.social and Vitaly Shmatikov; my first as a first author!) about severe security vulnerabilities in LLM-based multi-agent systems:
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
do you have ~feelings~ about location sharing culture?
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
January 11, 2025 at 7:23 PM
do you have ~feelings~ about location sharing culture?
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
brb updating median voter theory to reflect the fact that 30% of american adults read at a 10yo level or below
from on.ft.com/4fBSEwy
from on.ft.com/4fBSEwy
January 9, 2025 at 3:12 PM
brb updating median voter theory to reflect the fact that 30% of american adults read at a 10yo level or below
from on.ft.com/4fBSEwy
from on.ft.com/4fBSEwy
those queries were pretty specific, but we can go even deeper!
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
October 11, 2024 at 12:35 AM
those queries were pretty specific, but we can go even deeper!
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
or: which candidates in Arizona have the greatest number of out of state donors?
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
October 11, 2024 at 12:34 AM
or: which candidates in Arizona have the greatest number of out of state donors?
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
the above post is one of our starter queries, about the top crypto PACs (which @molly.wiki has done great work on for Follow the Crypto)
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
October 11, 2024 at 12:33 AM
the above post is one of our starter queries, about the top crypto PACs (which @molly.wiki has done great work on for Follow the Crypto)
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
hi world! are you interested in writing stories about campaign finance (or understand how money flows)?
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
October 11, 2024 at 12:32 AM
hi world! are you interested in writing stories about campaign finance (or understand how money flows)?
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
new piece out in Reboot!
this one is a deep dive into the extreme privacy community — the people who dedicate their lives to hiding from the internet
what drives people to want to disappear? what can we learn from them?
joinreboot.org/p/threat-model
this one is a deep dive into the extreme privacy community — the people who dedicate their lives to hiding from the internet
what drives people to want to disappear? what can we learn from them?
joinreboot.org/p/threat-model
November 18, 2023 at 5:11 PM
new piece out in Reboot!
this one is a deep dive into the extreme privacy community — the people who dedicate their lives to hiding from the internet
what drives people to want to disappear? what can we learn from them?
joinreboot.org/p/threat-model
this one is a deep dive into the extreme privacy community — the people who dedicate their lives to hiding from the internet
what drives people to want to disappear? what can we learn from them?
joinreboot.org/p/threat-model
somehow ended up on the wikipedia page for dan savage and came across this absolutely unhinged gem of a story https://en.wikipedia.org/wiki/Dan_Savage#2000_Iowa_caucuses
July 29, 2023 at 9:04 PM
somehow ended up on the wikipedia page for dan savage and came across this absolutely unhinged gem of a story https://en.wikipedia.org/wiki/Dan_Savage#2000_Iowa_caucuses
how are we feeling today fellow youths
April 17, 2023 at 9:07 PM
how are we feeling today fellow youths