Yves-Alexandre de Montjoye
@yvesalexandre.bsky.social
Professor of Applied Mathematics and CS at Imperial College London (🇬🇧). MIT PhD. I'm working on automated privacy attacks, LLM memorization, and AI Safety. Road cyclist 🚴 and former EU Special Adviser (🇪🇺).
Have you ever uploaded a PDF 📄 to ChatGPT 🤖 and asked for a summary? There is a chance the model followed hidden instructions inside the file instead of your prompt 😈
A thread 🧵
A thread 🧵
June 20, 2025 at 10:51 AM
Have you ever uploaded a PDF 📄 to ChatGPT 🤖 and asked for a summary? There is a chance the model followed hidden instructions inside the file instead of your prompt 😈
A thread 🧵
A thread 🧵
🛠️ The method, DeSIA, combines the best of both worlds: a new formulation of the SAT problem used in traditional reconstruction attacks and a stochastic module based on shadow datasets.
May 7, 2025 at 11:15 AM
🛠️ The method, DeSIA, combines the best of both worlds: a new formulation of the SAT problem used in traditional reconstruction attacks and a stochastic module based on shadow datasets.
🔥 The results were astonishing, with our method (DeSIA) reliably identifying the most at-risk users and inferring their sensitive attribute with a 0.14 true positive rate (TPR) at a false positive rate (FPR) of 0.001.
May 7, 2025 at 11:15 AM
🔥 The results were astonishing, with our method (DeSIA) reliably identifying the most at-risk users and inferring their sensitive attribute with a 0.14 true positive rate (TPR) at a false positive rate (FPR) of 0.001.
While stylometry ✍️ becomes ineffective quite quickly due to its near-geometric tail, our results show that even simple browser fingerprinting 🌐 and facial recognition 📸 techniques remain effective at country and even world-level 🌍.
January 10, 2025 at 4:10 PM
While stylometry ✍️ becomes ineffective quite quickly due to its near-geometric tail, our results show that even simple browser fingerprinting 🌐 and facial recognition 📸 techniques remain effective at country and even world-level 🌍.
It also vastly outperforms curve-fitting methods (polynomial and exponential decay) and entropy-based rules of thumb (think "33 bits of entropy").
January 10, 2025 at 4:10 PM
It also vastly outperforms curve-fitting methods (polynomial and exponential decay) and entropy-based rules of thumb (think "33 bits of entropy").
The issue is:
1️⃣ (nearly) everything will work at small scale, and
2️⃣ A being better or worse than B in a small scale benchmark doesn’t mean it’ll in real-world settings 🌍.
1️⃣ (nearly) everything will work at small scale, and
2️⃣ A being better or worse than B in a small scale benchmark doesn’t mean it’ll in real-world settings 🌍.
January 10, 2025 at 4:10 PM
The issue is:
1️⃣ (nearly) everything will work at small scale, and
2️⃣ A being better or worse than B in a small scale benchmark doesn’t mean it’ll in real-world settings 🌍.
1️⃣ (nearly) everything will work at small scale, and
2️⃣ A being better or worse than B in a small scale benchmark doesn’t mean it’ll in real-world settings 🌍.