HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Cynddl

1,303 karmajoined 13 lat temu

Submissions

Hijacking Defensive Cyber AI Agents for Remote Code Execution

ainowinstitute.org
2 points·by Cynddl·przedwczoraj·0 comments

Our evaluation of OpenAI's GPT-5.5 cyber capabilities

aisi.gov.uk
2 points·by Cynddl·2 miesiące temu·0 comments

Making AI chatbots friendly leads to mistakes and support of conspiracy theories

theguardian.com
93 points·by Cynddl·2 miesiące temu·80 comments

UK Biobank health data keeps ending up on GitHub

biobank.rocher.lc
197 points·by Cynddl·3 miesiące temu·57 comments

[untitled]

2 points·by Cynddl·3 miesiące temu·0 comments

ChatGPT Edu feature reveals researchers' project metadata across universities

fastcompany.com
2 points·by Cynddl·4 miesiące temu·0 comments

AI no better than other methods for patients seeking medical advice, study shows

reuters.com
3 points·by Cynddl·5 miesięcy temu·0 comments

AI chatbots pose 'dangerous' risk when giving medical advice, study suggests

bbc.co.uk
4 points·by Cynddl·5 miesięcy temu·2 comments

Show HN: Small, anonymous app for teams to do retrospective sessions

retrospective.rocher.lc
1 points·by Cynddl·5 miesięcy temu·0 comments

Measuring What Matters: Construct Validity in Large Language Model Benchmarks

arxiv.org
1 points·by Cynddl·8 miesięcy temu·0 comments

AI Capabilities May Be Overhyped on Bogus Benchmarks, Study Finds

gizmodo.com
43 points·by Cynddl·8 miesięcy temu·17 comments

AI's capabilities may be exaggerated by flawed tests, according to new study

nbcnews.com
3 points·by Cynddl·8 miesięcy temu·0 comments

Experts find flaws in tests that check AI safety and effectiveness

theguardian.com
3 points·by Cynddl·8 miesięcy temu·0 comments

Measuring What Matters: Construct Validity in Large Language Model Benchmarks

oxrml.com
3 points·by Cynddl·8 miesięcy temu·2 comments

comments

Cynddl
·18 dni temu·discuss
If you look at the bottom of the page, you’ll find guidelines that mention which content is welcomed: “Anything that good hackers would find interesting. That includes more than hacking and startups. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual curiosity.”

That said, I find this particularly of interest here given the growing attention to the use of algorithms and AI (including generative AI) for surveillance and targeting of palestinians.
Cynddl
·2 miesiące temu·discuss
Hi all, co-author here! Happy to answer any questions about our work.
Cynddl
·2 miesiące temu·discuss
(Title edited, was slightly too long)
Cynddl
·2 miesiące temu·discuss
This sounds super interesting and relevant. I run a small cluster with H100s (often research projects with vLLM) and being able to see not just usage but efficiency would be great.

I don't fully get the 100% utilisation vs. 1-10% real compute. Given you rely on telemetry from users to add new models, are you trying to predict how fast a model should be on vLLM, compared to how it runs in practice? What if users tweak some hyperparameters?
Cynddl
·3 miesiące temu·discuss
It's not a zero-sum game, you can both protect people and reap the benefits of health data. Many countries have much safer approaches. UK Biobank typically leads with the scale of the data, but not with its infrastructure.
Cynddl
·3 miesiące temu·discuss
That's a very important point. The people who opt out first are typically not a random fraction of the population, and this makes it much harder to make any analyses with the resulting datasets: it gets very hard to know if your analyses are representative of the population, or not.
Cynddl
·3 miesiące temu·discuss
Good catch! The data is everywhere, re-uploaded every week.

I am aware of ~30 repositories that UK Biobank has asked GitHub to delete, and can still be found elsewhere online. They know the site, they have managed to delete data from that site before, and yet the files are still there.
Cynddl
·3 miesiące temu·discuss
You mean giving anyone access to the data? Or open sourcing the code? If the latter, I think that's a generally a good practice. Security through obscurity is never good for public infrastructure. In this case, UK Biobank has now switched to a remote access platform (not particularly secure, as the data was found for sale on Alibaba today), but contracting it to DNAnexus and Amazon. Private companies have no incentives to open source data, unless mandated to do so.

In the EU, there is a bigger interest in building scalable but also secure platforms for health data. Hopefully good innovation will come from there.
Cynddl
·3 miesiące temu·discuss
They may have been leaked up to 197 times: https://biobank.rocher.lc/
Cynddl
·3 miesiące temu·discuss
yes, there’s an active area of research on web fingerprint, both attacks and defences. Look at conferences like PETS for instance
Cynddl
·3 miesiące temu·discuss
Is it me or they very carefully do not report performance on GPT-5.4 Pro, only the default GPT-5.4? They also very carefully left Anthropic models out of their comparison.

I went back to the BixBench benchmark which they mentioned. I couldn't find official results for Anthropic models, but I found a project taking Opus 4.6 from 65.3% to 92.0% (which would be above GPT-Rosalind) with nearly 200 carefully crafted skills [1]. There also appears to be competitive competitor models with scores on par with this tuned GPT.

[1] https://github.com/jaechang-hits/SciAgent-Skills
Cynddl
·3 miesiące temu·discuss
> Each case runs three agents: a Curator reads the advisory and builds an answer key, a Finder (the model under test) gets 24 shell steps to explore the code and write a structured report, and a Judge scores the blinded submission. The Finder never sees the patch. It starts from sink hints and must trace the bug through actual code.

Curator, answer key, Finder, shell steps, structured report, sink hints… I understand nothing. Did you use an LLM to generate this HN submission?

It looks like a standard LLM-as-a-judge approach. Do you manually validate or verify some of the results? Done poorly, the results can be very noisy and meaningless.
Cynddl
·3 miesiące temu·discuss
Once again an evaluation missing confidence intervals. “continued improvement” and “significant improvement” but without any significance testing is moot.

With many colleagues (including from AISI themselves!), we recently reviewed 445 the AI benchmarks & evaluations from the past few years. Our work was published at NeurIPS (https://openreview.net/pdf?id=mdA5lVvNcU) and we made eight recommendations for better evaluations. One is “use statistical methods to compare models”:

□ Report the benchmark’s sample size and justify its statistical power

□ Report uncertainty estimates for all primary scores to enable robust model comparisons

□ If using human raters, describe their demographics and mitigate potential demographic biases in rater recruitment and instructions

□ Use metrics that capture the inherent variability of any subjective labels, without relying on single-point aggregation or exact matching.

I would strongly recommend taking these blog posts with a grain of salt, as there is very little that can be learned without proper evaluations.
Cynddl
·3 miesiące temu·discuss
> "Unavailable Due to the UK Online Safety Act"

Anyone outside the UK can share what this is about?
Cynddl
·3 miesiące temu·discuss
> “These are not isolated incidents. They are symptoms of a systemic problem: the benchmarks we rely on to measure AI capability are themselves vulnerable to the very capabilities they claim to measure.”

As a researcher in the same field, hard to trust other researchers who put out webpages that appear to be entirely AI-generated. I appreciate it takes time to write a blog post after doing a paper, but sometimes I'd prefer just a link to the paper.
Cynddl
·5 miesięcy temu·discuss
Link to the study: https://www.nature.com/articles/s41591-025-04074-y

Co-author here and happy to answer questions!
Cynddl
·5 miesięcy temu·discuss
Have you tried https://huetone.ardov.me/? Multiple color scales, P3, export to CSS and figma, as well as APCA & WCAG for accessibility.
Cynddl
·8 miesięcy temu·discuss
Looks like a new model trained to be warmer and friendlier to users. Time to reshare our work: https://arxiv.org/html/2507.21919

> Artificial intelligence (AI) developers are increasingly building language models with warm and empathetic personas that millions of people now use for advice, therapy, and companionship. Here, we show how this creates a significant trade-off: optimizing language models for warmth undermines their reliability, especially when users express vulnerability. We conducted controlled experiments on five language models of varying sizes and architectures, training them to produce warmer, more empathetic responses, then evaluating them on safety-critical tasks. Warm models showed substantially higher error rates (+10 to +30 percentage points) than their original counterparts, promoting conspiracy theories, providing incorrect factual information, and offering problematic medical advice. They were also significantly more likely to validate incorrect user beliefs, particularly when user messages expressed sadness. Importantly, these effects were consistent across different model architectures, and occurred despite preserved performance on standard benchmarks, revealing systematic risks that current evaluation practices may fail to detect. As human-like AI systems are deployed at an unprecedented scale, our findings indicate a need to rethink how we develop and oversee these systems that are reshaping human relationships and social interaction.
Cynddl
·10 miesięcy temu·discuss
Anyone knows what Mojo is doing that Julia cannot do? I appreciate that Julia is currently limited by its ecosystem (although it does interface nicely with Python), but I don't see how Mojo is any better then.