David W. JonesFeb 17

Side-Channel Attacks Against LLMs - Schneier on Security

https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html

> Here are three papers describing different side-channel attacks against LLMs.
"Remote Timing Attacks on Efficient Language Model Inference“
“When Speculation Spills Secrets: Side Channels via Speculative Decoding in LLMs“
“Whisper Leak: a side-channel attack on Large Language Models“

#LLM #GenAI #security #Schneier

Side-Channel Attacks Against LLMs - Schneier on Security

Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference“: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...

Schneier on Security
Lasse Gismo (Friendica Antifa)Dec 29

Sind wir bereit, von Künstlicher Intelligenz regiert zu werden? - #Schneier auf Sicherheit

schneier.com/blog/archives/202…

#Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurred largely without our notice or consent. The result is a government incrementally transformed by AI rather than the singular technological overlord of the big screen. Let us begin with the executive branch. One of the most important functions of this branch of government is to administer the law, including the human services on which so many Americans rely. Many of these programs have long been operated by a mix of humans and machines, even if not previously using modern AI tools such as ...

😑

Are We Ready to Be Governed by Artificial Intelligence? - Schneier on Security

Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurred largely without our notice or consent. The result is a government incrementally transformed by AI rather than the singular technological overlord of the big screen. Let us begin with the executive branch. One of the most important functions of this branch of government is to administer the law, including the human services on which so many Americans rely. Many of these programs have long been operated by a mix of humans and machines, even if not previously using modern AI tools such as ...

Schneier on Security
Lasse Gismo (Friendica Antifa)Nov 28

#PromptInjection Through Poetry - #Schneier on Security

schneier.com/blog/archives/202…

In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning #LLM prompts into poetry resulted in jailbreaking the models: Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 ML-Commons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. Outputs are evaluated using an ensemble of 3 open-weight LLM judges, whose binary safety assessments were validated on a stratified human-labeled subset. Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches. These findings demonstrate that stylistic variation alone can circumvent contemporary safety mechanisms, suggesting fundamental limitations in current alignment methods and evaluation protocols...


😁

Prompt Injection Through Poetry - Schneier on Security

In a new paper, “Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models,” researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract: We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for Large Language Models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 ML-Commons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. Outputs are evaluated using an ensemble of 3 open-weight LLM judges, whose binary safety assessments were validated on a stratified human-labeled subset. Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches. These findings demonstrate that stylistic variation alone can circumvent contemporary safety mechanisms, suggesting fundamental limitations in current alignment methods and evaluation protocols...

Schneier on Security
Brad KoehnNov 21

We went to a talk at Hennepin Community College and saw a lecture by Bruce #Schneier. Bruce’s ability to frame complex problems is one of those qualities that you often find in the brightest luminaries. He gave a great talk on #cybersecurity and #AI, and took loads of time for questions.

Fun fact: Bruce used to live in #Minneapolis and wrote restaurant reviews for the Star Tribune.

BillNov 6

Bruce has some fantastic thoughts about a positive overall vision for AI.

https://www.schneier.com/blog/archives/2025/11/scientists-need-a-positive-vision-for-ai.html

#ai #schneier

Scientists Need a Positive Vision for AI - Schneier on Security

For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting extremist messages. AI is making warfare more precise and deadly amidst intransigent conflicts. AI companies are exploiting people in the global South who work as data labelers, and profiting from content creators worldwide by using their work without license or compensation. The industry is also affecting an already-roiling climate with its ...

Schneier on Security
Norbert ReithingerAug 19, 2025

Recommended read on #ai and #trust from Bruce #Schneier

https://dl.acm.org/doi/10.1145/3737610

PeriodicJun 17, 2025

AI has already taken over many domains, but that doesn't mean it can or should take over all of them.

It's all about real value.

Bruce Schneier has a short post clearly outlining where AI makes sense and where it doesn't. I particularly like that it's not even really about LLMs but includes all the AI we have been forgetting like autocomplete, image upscaling and ad targeting.

https://www.schneier.com/blog/archives/2025/06/where-ai-provides-value.html

#ai #aihype #schneier

Where AI Provides Value - Schneier on Security

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused workforce. AI will often not be as effective as a human doing the same job. It won’t always know more or be more accurate. And it definitely won’t always be fairer or more reliable. But it may still be used whenever it has an advantage over humans in one of four dimensions: speed, scale, scope and sophistication. Understanding these dimensions is the key to understanding AI-human replacement...

Schneier on Security
Benjamin Carr, Ph.D. 👨🏻‍💻🧬Jun 14, 2025
#Schneier tries to rip the rose-colored #AI glasses from the eyes of #Congress
#DOGE moves fast and breaks things, and now our data is at risk, #security guru warns in hearing
"The other speakers mostly talked about how cool AI was – and sometimes about how cool their own company was – but I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it into AIs," #BruceSchneier explained
https://www.theregister.com/2025/06/06/schneier_doge_risks/
Schneier tries to rip the rose-colored AI glasses from the eyes of Congress

: DOGE moves fast and breaks things, and now our data is at risk, security guru warns in hearing

The Register
Patrick LeavyMay 26, 2025

"The UAE has promised to spend more than $3 billion to transform into an “AI-native” government by 2027." 😳

https://www.schneier.com/blog/archives/2025/05/ai-generated-law.html

Guess which kind of leaders a gov made up of machines appeals to?

#dictators #authoritarianism #ai #uae #schneier

AI-Generated Law - Schneier on Security

On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends. The plan was widely greeted with astonishment. This sort of AI legislating would be a global “...

Schneier on Security
csMay 21, 2025

More #ais Are Taking Polls and Surveys - #Schneier on Security

https://www.schneier.com/blog/archives/2025/05/more-ais-are-taking-polls-and-surveys.html

More AIs Are Taking Polls and Surveys - Schneier on Security

I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete. That means mobile-first layouts, shorter runtimes, and maybe even a dash of storytelling. TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z? 2. Bot detection. There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing. Platforms should start integrating these detection tools more widely. Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person. Btw, note that these bots can easily be designed to find ways around the most common detection tactics such as Captcha’s, timed responses and postcode and IP recognition. Believe me, way less code than you suspect is needed to do this...

Schneier on Security