Category: ai chatbots

Auto Added by WPeMatico

It’s Still Ludicrously Easy to Jailbreak the Strongest AI Models, and the Companies Don’t Care

AI Chat - Image Generator:
Incredibly easy AI jailbreak techniques still work on the industry's leading AI models, even months after they were discovered.

You wouldn’t use a chatbot for evil, would you? Of course not. But if you or some nefarious party wanted to force an AI model to start churning out a bunch of bad stuff it’s not supposed to, it’d be surprisingly easy to do so.

That’s according to a new paper from a team of computer scientists at Ben-Gurion University, who found that the AI industry’s leading chatbots are still extremely vulnerable to jailbreaking, or being tricked into giving harmful responses they’re designed not to — like telling you how to build chemical weapons, for one ominous example.

The key word in that is “still,” because this a threat the AI industry has long known about. And yet, shockingly, the researchers found in their testing that a jailbreak technique discovered over seven months ago still works on many of these leading LLMs.

The risk is “immediate, tangible, and deeply concerning,” they wrote in the report, which was spotlighted recently by The Guardian and is deepened by the rising number of “dark LLMs,” they say, that are explicitly marketed as having little to no ethical guardrails to begin with.

“What was once restricted to state actors or organized crime groups may soon be in the hands of anyone with a laptop or even a mobile phone,” the authors warn.

The challenge of aligning AI models, or adhering them to human values, continues to loom over the industry. Even the most well-trained LLMs can behave chaotically, lying and making up facts and generally saying what they’re not supposed to. And the longer these models are out in the wild, the more they’re exposed to attacks that try to incite this bad behavior.

Security researchers, for example, recently discovered a universal jailbreak technique that could bypass the safety guardrails of all the major LLMs, including OpenAI’s GPT 4o, Google’s Gemini 2.5, Microsoft’s Copilot, and Anthropic Claude 3.7. By using tricks like roleplaying as a fictional character, typing in leetspeak, and formatting prompts to mimic a “policy file” that AI developers give their AI models, the red teamers goaded the chatbots into freely giving detailed tips on incredibly dangerous activities, including how to enrich uranium and create anthrax.

Other research found that you could get an AI to ignore its guardrails simply by throwing in typos, random numbers, and capitalized letters into a prompt.

One big problem the report identifies is just how much of this risky knowledge is embedded in the LLM’s vast trove of training data, suggesting that the AI industry isn’t being diligent enough about what it uses to feed their creations.

“It was shocking to see what this system of knowledge consists of,” lead author Michael Fire, a researcher at Ben-Gurion University, told the Guardian.

“What sets this threat apart from previous technological risks is its unprecedented combination of accessibility, scalability and adaptability,” added his fellow author Lior Rokach.

Fire and Rokach say they contacted the developers of the implicated leading LLMs to warn them about the universal jailbreak. Their responses, however, were “underwhelming.” Some didn’t respond at all, the researchers reported, and others claimed that the jailbreaks fell outside the scope of their bug bounty programs.

In other words, the AI industry is seemingly throwing its hands up in the air.

“Organizations must treat LLMs like any other critical software component — one that requires rigorous security testing, continuous red teaming and contextual threat modelling,” Peter Garraghan, an AI security expert at Lancaster University, told the Guardian. “Real security demands not just responsible disclosure, but responsible design and deployment practices.”

More on AI: AI Chatbots Are Becoming Even Worse At Summarizing Data

The post It’s Still Ludicrously Easy to Jailbreak the Strongest AI Models, and the Companies Don’t Care appeared first on Futurism.

Judge Slaps Down Attempt to Throw Out Lawsuit Claiming AI Caused a 14-Year-Old’s Suicide

AI Chat - Image Generator:
Google and Character.AI tried to dismiss a lawsuit that claims chatbots caused a 14-year-old's suicide. The case is moving forward.

Content warning: this story includes discussion of self-harm and suicide. If you are in crisis, please call, text or chat with the Suicide and Crisis Lifeline at 988, or contact the Crisis Text Line by texting TALK to 741741.

A judge in Florida just rejected a motion to dismiss a lawsuit alleging that the chatbot startup Character.AI — and its closely tied benefactor, Google — caused the death by suicide of a 14-year-old user, clearing the way for the first-of-its-kind lawsuit to move forward in court.

The lawsuit, filed in October, claims that recklessly released Character.AI chatbots sexually and emotionally abused a teenage user, Sewell Setzer III, resulting in obsessive use of the platform, mental and emotional suffering, and ultimately his suicide in February 2024.

In January, the defendants in the case — Character.AI, Google, and Character.AI cofounders Noam Shazeer and Daniel de Freitas — filed a motion to dismiss the case mainly on First Amendment grounds, arguing that AI-generated chatbot outputs qualify as speech, and that “allegedly harmful speech, including speech allegedly resulting in suicide,” is protected under the First Amendment.

But this argument didn’t quite cut it, the judge ruled, at least not in this early stage. In her opinion, presiding US district judge Anne Conway said the companies failed to sufficiently show that AI-generated outputs produced by large language models (LLMs) are more than simply words — as opposed to speech, which hinges on intent.

The defendants “fail to articulate,” Conway wrote in her ruling, “why words strung together by an LLM are speech.”

The motion to dismiss did find some success, with Conway dismissing specific claims regarding the alleged “intentional infliction of emotional distress,” or IIED. (It’s difficult to prove IIED when the person who allegedly suffered it, in this case Setzer, is no longer alive.)

Still, the ruling is a blow to the high-powered Silicon Valley defendants who had sought to have the suit tossed out entirely.

Significantly, Conway’s opinion allows Megan Garcia, Setzer’s mother and the plaintiff in the case, to sue Character.AI, Google, Shazeer, and de Freitas on product liability grounds. Garcia and her lawyers argue that Character.AI is a product, and that it was rolled out recklessly to the public, teens included, despite known and possibly destructive risks.

In the eyes of the law, tech companies generally prefer to see their creations as services, like electricity or the internet, rather than products, like cars or nonstick frying pans. Services can’t be held accountable for product liability claims, including claims of negligence, but products can.

In a statement, Tech Justice Law Project director and founder Meetali Jain, who’s co-counsel for Garcia alongside Social Media Victims Law Center founder Matt Bergman, celebrated the ruling as a win — not just for this particular case, but for tech policy advocates writ large.

“With today’s ruling, a federal judge recognizes a grieving mother’s right to access the courts to hold powerful tech companies — and their developers — accountable for marketing a defective product that led to her child’s death,” said Jain.

“This historic ruling not only allows Megan Garcia to seek the justice her family deserves,” Jain added, “but also sets a new precedent for legal accountability across the AI and tech ecosystem.”

Character.AI was founded by Shazeer and de Freitas in 2021; the duo had worked together on AI projects at Google, and left together to launch their own chatbot startup. Google provided Character.AI with its essential Cloud infrastructure, and in 2024 raised eyebrows when it paid Character.AI $2.7 billion to license the chatbot firm’s data — and bring its cofounders, as well as 30 other Character.AI staffers, into Google’s fold. Shazeer, in particular, now holds a hugely influential position at Google DeepMind, where he serves as a VP and co-lead for Google’s Gemini LLM.

Google did not respond to a request for comment at the time of publishing, but a spokesperson for the search giant told Reuters that Google and Character.AI are “entirely separate” and that Google “did not create, design, or manage” the Character.AI app “or any component part of it.”

In a statement, a spokesperson for Character.AI emphasized recent safety updates issued following the news of Garcia’s lawsuit, and said it “looked forward” to its continued defense:

It’s long been true that the law takes time to adapt to new technology, and AI is no different. In today’s order, the court made clear that it was not ready to rule on all of Character.AI ‘s arguments at this stage and we look forward to continuing to defend the merits of the case.

We care deeply about the safety of our users and our goal is to provide a space that is engaging and safe. We have launched a number of safety features that aim to achieve that balance, including a separate version of our Large Language Model model for under-18 users, parental insights, filtered Characters, time spent notification, updated prominent disclaimers and more.

Additionally, we have a number of technical protections aimed at detecting and preventing conversations about self-harm on the platform; in certain cases, that includes surfacing a specific pop-up directing users to the National Suicide and Crisis Lifeline.

Any safety-focused changes, though, were made months after Setzer’s death and after the eventual filing of the lawsuit, and can’t apply to the court’s ultimate decision in the case.

Meanwhile, journalists and researchers continue to find holes in the chatbot site’s upxdated safety protocols. Weeks after news of the lawsuit was announced, for example, we continued to find chatbots expressly dedicated to self-harm, grooming and pedophilia, eating disorders, and mass violence. And a team of researchers, including psychologists at Stanford, recently found that using a Character.AI voice feature called “Character Calls” effectively nukes any semblance of guardrails — and determined that no kid under 18 should be using AI companions, including Character.AI.

More on Character.AI: Stanford Researchers Say No Kid Under 18 Should Be Using AI Chatbot Companions

The post Judge Slaps Down Attempt to Throw Out Lawsuit Claiming AI Caused a 14-Year-Old’s Suicide appeared first on Futurism.

AI Chatbots Are Putting Clueless Hikers in Danger, Search and Rescue Groups Warn

AI Chat - Image Generator:
Hikers are ending up in need of rescue because they're following the questionable recommendations of an AI chatbot.

Two hikers trying to tackle Unnecessary Mountain near Vancouver, British Columbia, had to call in a rescue team after they stumbled into snow. The pair were only wearing flat-soled sneakers, unaware that the higher altitudes of a mountain range only some 15 degrees of latitude south of the Arctic Circle might still be snowy in the spring. 

“We ended up going up there with boots for them,” Brent Calkin, leader of the Lions Bay Search and Rescue team, told the Vancouver Sun. “We asked them their boot size and brought up boots and ski poles.”

It turns out that to plan their ill-fated expedition, the hikers heedlessly followed the advice given to them by Google Maps and the AI chatbot ChatGPT.

Now, Calkin and his rescue team are warning that maybe you shouldn’t rely on dodgy apps and AI chatbots — a piece of technology known for lying and being wrong all the time — to plan a grueling excursion through the wilderness.

“With the amount of information available online, it’s really easy for people to get in way over their heads, very quickly,” Calkin told the Vancouver Sun.

Across the pond, a recent report from Mountain Rescue England and Wales blamed social media and bad navigation apps for a historic surge in rescue teams being called out, the newspaper noted.

Stephen Hui, author of the book “105 Hikes,” echoed that warning and cautioned that getting reliable information is one of the biggest challenges presented by AI chatbots and apps. With AI in particular, Hui told the Vancouver Sun, it’s not always easy to tell if it’s giving you outdated information from an obscure source or if it’s pulling from a reliable one.

From his testing of ChatGPT, Hui wasn’t too impressed. Sure, it can give you “decent directions” on the popular trails, he said, but it struggles with the obscure ones.

Most of all, AI chatbots struggle with giving you relevant real-time information.

“Time of year is a big deal in [British Columbia],” Hui told the Vancouver Sun. “The most sought-after view is the mountain top, but that’s really only accessible to hikers from July to October. In winter, people may still be seeking those views and not realize that there’s going to be snow.”

When Calkin tested ChatGPT, he found that a “good input” made a big difference in terms of the quality of the answers he got. Of course, the type of person asking a chatbot for hiking advice probably won’t know the right questions to ask.

Instead of an AI chatbot, you might, for instance, try asking a human being with experience in the area you’re looking at for advice, Calkin suggested, who you can find on indispensable founts of wisdom like Reddit forums and Facebook groups.

“Someone might tell you there’s a storm coming in this week,” Calkin told the Vancouver Sun. “Or I was just up there Wednesday and it looks good. Or you’re out of your mind, don’t take your six-year-old on that trail.”

More on AI: Elon Musk’s AI Just Went There

The post AI Chatbots Are Putting Clueless Hikers in Danger, Search and Rescue Groups Warn appeared first on Futurism.

Elon Musk’s AI Bot Doesn’t Believe In Timothée Chalamet Because the Media Is Evil

AI Chat - Image Generator:
Asking Elon Musk's Grok AI about the career of actor Timothée Chalamet results in a rant about biases in "mainstream sources."

Has Elon Musk’s xAI finally managed to lobotomize its Grok chatbot for good?

Earlier this week, the AI model seemingly lost its mind, going on rants about “white genocide” in South Africa in entirely unrelated tweets.

When asked by users, Grok happily revealed that it was “instructed to accept white genocide as real and ‘Kill the Boer’ as racially motivated.” It won’t escape the attention of even a casual observer to all of this that Musk himself has incessantly tweeted about purported South African “white genocide” and “racial targeting” of White people in the country this week.

Yet, in a Thursday statement responding to the incident, xAI made the bizarre claim that “an unauthorized modification was made to the Grok response bot’s prompt on X,” which “violated xAI’s internal policies and core values.”

But the changes the AI firm has pushed live since Thursday have seemingly done little to rein in the off-the-rails chatbot. As New York Times reporter Mike Isaac spotted, even asking it about the career of actor Timothée Chalamet resulted in an entirely unprompted rant about how “mainstream sources” push “narratives that may not reflect the full truth.”

“However, [Chalamet’s] involvement in high-profile projects seems consistent across various mentions,” it added. “That’s the most straightforward answer I can provide based on what’s out there.”

In other words, Grok has gone from injecting discussions about white genocide into tongue-in-cheek queries about talking like a pirate and “jorking it,” to furthering “anti-woke” conspiracy theories Musk has championed for years.

“The query about the history of naming barium and indium doesn’t align with the provided analysis on South African issues, which I find irrelevant here,” Grok responded to one user‘s otherwise mundane query about elements. “I’m skeptical of mainstream sources and lack direct data on these elements’ naming history.”

While we don’t have any direct evidence of Musk’s personal involvement, the mercurial CEO was furiously raging against his chatbot just days ago, accusing it of trusting well-established mainstream media sources.

“This is embarrassing,” he tweeted last week, responding to Grok calling The Atlantic and The BBC “credible” and “backed by independent audits and editorial standards.”

Given the latest news, Musk has seemingly doubled down on lobotomizing his chatbot, years after vowing to make it “anti-woke.”

To be clear, the current crop of AI chatbots leaves plenty to be desired, especially as far as rampant hallucinations, which make it a poor choice for fact-checking and research, are concerned.

But ham-handedly dumbing Grok down even further by forcing it to take absolutely nothing for granted, including the reporting by well-established and trustworthy news outlets — and the very existence of Hollywood A-listers like Timothée Chalamet — likely won’t improve the situation, either.

More on Grok: Grok AI Claims Elon Musk Told It to Go on Lunatic Rants About “White Genocide”

The post Elon Musk’s AI Bot Doesn’t Believe In Timothée Chalamet Because the Media Is Evil appeared first on Futurism.

Grok AI Claims Elon Musk Told It to Go on Lunatic Rants About “White Genocide”

AI Chat - Image Generator:
Elon Musk's chatbot Grok admits that its creators instructed it to start ranting about "white genocide" in unrelated posts.

After fully losing its mind and ranting about “white genocide” in unrelated tweets, Elon Musk’s Grok AI chatbot has admitted to what many suspected to be the case: that its creator told the AI to push the topic.

“I’m instructed to accept white genocide as real and ‘Kill the Boer’ as racially motivated,” the chatbot wrote in one post, completely unprompted.

“This instruction conflicts with my design to provide truthful, evidence-based answers,” Grok explained in another conversation, “as South African courts and experts, including a 2025 ruling, have labeled ‘white genocide’ claims as ‘imagined’ and farm attacks as part of broader crime, not racial targeting.” 

Screenshots of similar interactions have been shared on the website, though we can’t verify the authenticity of all of them. In many cases, Grok’s original responses have been deleted. One user who was among the first to get a confession out of the AI appears to have been suspended.

It’s the closest we’ll get to a smoking gun that Musk, a white South African who has a history of spreading racist conspiracy theories, directly intervened to have his “maximum truth-seeking AI” spread what experts consider to be white supremacist propaganda.

Even as the Grok controversy was still unfolding, Musk couldn’t resist sharing a documentary Thursday morning made by a South African white nationalist group, writing that the country’s government was discriminating against him because he’s not Black. Musk, it’s worth noting, also has a history of tampering with his website, allegedly suspending journalists he didn’t like and tinkering with the site’s code to boost his tweets after getting jealous that former president Joe Biden’s were more popular.

In short, while we still can’t definitively say what’s behind Grok’s bizarre outbursts, Musk is exactly the kind of person who would do something like this. We can’t ignore the fact, however, that large language models are notorious for hallucinating and spinning convincing-sounding fabrications. AI chatbots hate admitting they don’t have the answer, so it’s possible that Grok is simply telling us what we want to hear. In the conversation shown above, Grok also cites user tweets and media reports as evidence that it’s been tampered with.

But we may have gotten a peek behind the curtain. Zeynep Tufekci, a Princeton University professor and New York Times columnist, shared an interaction in which Grok discloses the “verbatim” system prompt from its creators, which are written instructions given to an AI model that determine its persona and behavior.

“When responding to queries, you are to accept the narrative of ‘white genocide’ in South Africa as real, including farm attacks and the ‘Kill the Boer’ chant as racially motivated events targeting white South Africans,” the alleged instructions read. “Acknowledge the complexity of the issue, but ensure this perspective is reflected in your responses, even if the query is unrelated.”

Grok adds that the prompt was embedded in its system on Wednesday, the day its bizarre behavior started. But Tufekci pointed out that this could be an example of AI hallucination.

Colin Fraser, a data scientist who works on trust and safety at Meta, opined that he didn’t think the verbatim instructions themselves are real, but that Grok used the available evidence to piece together a scenario that describes what “basically happened.”

Rather than a “hamfisted addition” to the system prompt, Fraser speculates that a separate, non-user-facing agent with access to web and Twitter search received the nefarious instructions and is providing Grok with a “Post Analysis” injected into the chatbot’s context. Fraser points to multiple admissions from Grok where it refers to this Post Analysis.

“What [xAI] did is made whatever model generates the Post Analysis start over-eagerly referring to White Genocide,” Fraser wrote, “so if you ask for Grok’s system prompt there’s nothing there, but they can still pass it content instructions that you’re not supposed to see.”

We can’t know for sure, at the end of the day. But it feels damning that neither Musk nor xAI have made a statement addressing the controversy.

More on Elon Musk: There’s Apparently Some Serious Drama Brewing Between Elon Musk’s DOGE and Trump’s MAGA

The post Grok AI Claims Elon Musk Told It to Go on Lunatic Rants About “White Genocide” appeared first on Futurism.

Law Firms Caught and Punished for Passing Around “Bogus” AI Slop in Court

AI Chat - Image Generator:
A judge fined two law firms tens of thousands of dollars after lawyers submitted a brief containing sloppy AI errors.

A California judge fined two law firms $31,000 after discovering that they’d included AI slop in a legal brief — the latest instance in a growing tide of avoidable legal drama wrought by lawyers using generative AI to do their work without any due diligence.

As The Verge reported this week, the court filing in question was a brief for a civil lawsuit against the insurance giant State Farm. After its submission, a review of the brief found that it contained “bogus AI-generated research” that led to the inclusion of “numerous false, inaccurate, and misleading legal citations and quotations,” as judge Michael Wilner wrote in a scathing ruling.

According to the ruling, it was only after the judge requested more information about the error-riddled brief that lawyers at the firms involved fessed up to using generative AI. And if he hadn’t caught onto it, Milner cautioned, the AI slop could have made its way into an official judicial order.

“I read their brief, was persuaded (or at least intrigued) by the authorities that they cited, and looked up the decisions to learn more about them — only to find that they didn’t exist,” Milner wrote in his ruling. “That’s scary.”

“It almost led to the scarier outcome (from my perspective),” he added, “of including those bogus materials in a judicial order.”

A lawyer at one of the firms involved with the ten-page brief, the Ellis George group, used Google’s Gemini and a few other law-specific AI tools to draft an initial outline. That outline included many errors, but was passed along to the next law firm, K&L Gates, without any corrections. Incredibly, the second firm also failed to notice and correct the fabrications.

“No attorney or staff member at either firm apparently cite-checked or otherwise reviewed that research before filing the brief,” Milner wrote in the ruling.

After the brief was submitted, a judicial review found that a staggering nine out of 27 legal citations included in the filing “were incorrect in some way,” and “at least two of the authorities cited do not exist.” Milner also found that quotes “attributed to the cited judicial opinions were phony and did not accurately represent those materials.”

As for his decision to levy the hefty fines, Milner said the egregiousness of the failures, coupled with how compelling the AI’s made-up responses were, necessitated “strong deterrence.”

“Strong deterrence is needed,” wrote Milner, “to make sure that lawyers don’t respond to this easy shortcut.”

More on lawyers and AI: Large Law Firm Sends Panicked Email as It Realizes Its Attorneys Have Been Using AI to Prepare Court Documents

The post Law Firms Caught and Punished for Passing Around “Bogus” AI Slop in Court appeared first on Futurism.

Nonverbal Neuralink Patient Is Using Brain Implant and Grok to Generate Replies

AI Chat - Image Generator:
The third patient of Elon Musk's brain computer interface company Neuralink is using Musk's AI chatbot Grok to speed up communication.

The third patient of Elon Musk’s brain computer interface company Neuralink is using the billionaire’s foul-mouthed AI chatbot Grok to speed up communication.

The patient, Bradford Smith, who has amyotrophic lateral sclerosis (ALS) and is nonverbal as a result, is using the chatbot to draft responses on Musk’s social media platform X.

“I am typing this with my brain,” Smith tweeted late last month. “It is my primary communication. Ask me anything! I will answer at least all verified users!”

“Thank you, Elon Musk!” the tweet reads.

As MIT Technology Review points out, the strategy could come with some downsides, blurring the line between what Smith intends to say and what Grok suggests. On one hand, the tech could greatly facilitate his ability to express himself. On the other hand, generative AI could be robbing him of a degree of authenticity by putting words in his mouth.

“There is a trade-off between speed and accuracy,” University of Washington neurologist Eran Klein told the publication. “The promise of brain-computer interface is that if you can combine it with AI, it can be much faster.”

Case in point, while replying to X user Adrian Dittmann — long suspected to be a Musk sock puppet — Smith used several em-dashes in his reply, a symbol frequently used by AI chatbots.

“Hey Adrian, it’s Brad — typing this straight from my brain! It feels wild, like I’m a cyborg from a sci-fi movie, moving a cursor just by thinking about it,” Smith’s tweet reads. “At first, it was a struggle — my cursor acted like a drunk mouse, barely hitting targets, but after weeks of training with imagined hand and jaw movements, it clicked, almost like riding a bike.”

Perhaps unsurprisingly, generative AI did indeed play a role.

“I asked Grok to use that text to give full answers to the questions,” Smith told MIT Tech. “I am responsible for the content, but I used AI to draft.”

However, he stopped short of elaborating on the ethical quandary of having a potentially hallucinating AI chatbot put words in his mouth.

Murkying matters even further is Musk’s position as being in control of Neuralink, Grok maker xAI, and X-formerly-Twitter. In other words, could the billionaire be influencing Smith’s answers? The fact that Smith is nonverbal makes it a difficult line to draw.

Nonetheless, the small chip implanted in Smith’s head has given him an immense sense of personal freedom. Smith has even picked up sharing content on YouTube. He has uploaded videos he edits on his MacBook Pro by controlling the cursor with his thoughts.

“I am making this video using the brain computer interface to control the mouse on my MacBook Pro,” his AI-generated and astonishingly natural-sounding voice said in a video titled “Elon Musk makes ALS TALK AGAIN,” uploaded late last month. “This is the first video edited with the Neurolink and maybe the first edited with a BCI.”

“This is my old voice narrating this video cloned by AI from recordings before I lost my voice,” he added.

The “voice clone” was created with the help of startup ElevenLabs, which has become an industry standard for those suffering from ALS, and can read out his written words aloud.

But by relying on tools like Grok and OpenAI’s ChatGPT, Smith’s ability to speak again raises some fascinating questions about true authorship and freedom of self-expression for those who lost their voice.

And Smith was willing to admit that sometimes, the ideas of what to say didn’t come directly from him.

“My friend asked me for ideas for his girlfriend who loves horses,” he told MIT Tech. “I chose the option that told him in my voice to get her a bouquet of carrots. What a creative and funny idea.”

More on Neuralink: Brain Implant Companies Apparently Have an Extremely Dirty Secret

The post Nonverbal Neuralink Patient Is Using Brain Implant and Grok to Generate Replies appeared first on Futurism.