Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?
Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?
Research on this topic exists, and it is possible to alter the output of an LLM in minor ways, that statistically “watermark” the results without drastically changing the quality of the output. OpenAI has probably implemented this into ChatGPT.
https://www.youtube.com/watch?v=2Kx9jbSMZqA
I think the tool exists, and is (at least close to) as good as they claim it is. They can’t release it, because once the public can tell with high accuracy whether ChatGPT wrote some text, another AI can be developed to circumvent detection from this method, making the tool useless.
That is a long video, is the paper published somewhere?
Im willing to accept that you can statistically “watermark” the text, but I’m not convinced that it would be tamper resistant, which is a large part of what makes a watermark useful. If it can’t survive an idiot with a thesaurus, its probably not gonna be terribly useful.
It can likely also be defeated by adding “In the style of X” to a prompt, changing the distribution and pattern of the responses.
…but that output is also from the AI so it would still be watermarked lol
You could feed it through a different, smaller model that could even be self-hosted. It isn’t difficult to make a model that rephrases an input in another style.
Ah, okay. That’s fair. It wasn’t clear they meant a different system lol.