{"id":5412,"date":"2024-03-13T09:32:37","date_gmt":"2024-03-13T01:32:37","guid":{"rendered":"https:\/\/www.1ai.net\/?p=5412"},"modified":"2024-03-13T09:32:37","modified_gmt":"2024-03-13T01:32:37","slug":"%e8%b0%b7%e6%ad%8c%e7%aa%83%e5%8f%96gpt-3-5%e6%a8%a1%e5%9e%8b%e5%85%b3%e9%94%ae%e4%bf%a1%e6%81%af%e6%88%90%e6%9c%ac%e4%bd%8e%e8%87%b3150%e5%85%83%ef%bc%8c%e8%b0%83%e7%94%a8api","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/5412.html","title":{"rendered":"Google &quot;stole&quot; key information of GPT-3.5 model: the cost is as low as 150 yuan, and you can get it by calling API"},"content":{"rendered":"<p><a href=\"https:\/\/www.1ai.net\/en\/tag\/%e8%b0%b7%e6%ad%8c\" title=\"[View articles tagged with [Google]]\" target=\"_blank\" >Google<\/a><span class=\"spamTxt\">up to date<\/span>Research reveals an attack<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e5%a4%a7%e5%9e%8b%e8%af%ad%e8%a8%80%e6%a8%a1%e5%9e%8b\" title=\"[View articles tagged with [large-scale language model]]\" target=\"_blank\" >Large Language Models<\/a>According to Google\u2019s statement, they not only restored the entire projection matrix of the OpenAI large model, but also obtained the exact size of the hidden dimension, all with less than 2,000 clever tricks.<a href=\"https:\/\/www.1ai.net\/en\/tag\/api\" title=\"_OTHER ORGANISER\" target=\"_blank\" >API<\/a>The cost of inquiry is as low as 150 yuan.<\/p>\n<p class=\"article-content__img\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-5413\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2024\/03\/6384584900551839601646466.png\" alt=\"\" width=\"575\" height=\"431\" \/><\/p>\n<p>The core target of the attack is the model&#039;s embedding projection layer, which is the last layer of the model and is responsible for mapping the hidden dimension to the logits vector. By issuing targeted queries to the model&#039;s API, the model&#039;s embedding dimension or final weight matrix can be extracted. Google successfully identified the model&#039;s hidden dimension through a large number of queries and singular value sorting.<\/p>\n<p>This attack method can not only reveal the hidden dimensions of the model, but also obtain global information such as the &quot;width&quot; (total number of parameters) of the model, reduce the &quot;black box degree&quot; of the model, and &quot;pave the way&quot; for subsequent attacks. The research team said that this attack is very efficient, and it only costs less than $20 and about $200 to attack OpenAI&#039;s Ada and Babbage models and GPT-3.5, respectively.<\/p>\n<p>OpenAI has learned of this and confirmed the effectiveness of the attack after obtaining the consent of the research team, and finally deleted all the data related to the attack. Although this attack method does not obtain much information, its low cost and high efficiency are shocking.<\/p>\n<p>The defense measures mentioned in the paper include starting from the API, completely deleting the logit bias parameter, or directly starting from the model architecture, modifying the hidden dimension of the last layer after training is completed. After this incident was exposed, OpenAI has taken measures to modify the model API to prevent similar attacks from happening again.<\/p>\n<p>This research reveals that even large language models may be vulnerable to security threats, even if OpenAI has taken certain defensive measures. This incident reminds people that ensuring the security of models remains a complex and important issue.<\/p>\n<p>Paper link: https:\/\/arxiv.org\/abs\/2403.06634<\/p>","protected":false},"excerpt":{"rendered":"<p>The latest Google study revealed a method of attacking large language models, successfully stealing key information from OpenAI GPT-3.5-turbo models. According to Google ' s statement, not only did they restore the entire projection matrix of the large OpenAI model, but they also acquired the exact size of the hidden dimension, all at less than 2,000 ingenious API queries at a cost of up to $150. The core target of the attack is the embedded projection layer of the model, the last layer of the model, which is responsible for mapping hidden dimensions to the logits vector. By sending a targeted query to the API of the model, you can extract the embedded dimensions of the model or the final weight matrix. Google has been successful in identifying the hidden dimensions of the model through a large number of queries and odd-value sequencing. The method of attack not only reveals the hidden nature of the model<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[1033,371,281],"collection":[],"class_list":["post-5412","post","type-post","status-publish","format-standard","hentry","category-news","tag-api","tag-371","tag-281"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/5412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=5412"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/5412\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=5412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=5412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=5412"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=5412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}