Security Cryptography Whatever

Cryptanalyzing LLMs with Nicholas Carlini

Jan 28, 2025

Nicholas Carlini, an AI security researcher specializing in machine learning vulnerabilities, joins the discussion. He delves into the mathematical underpinnings of LLM vulnerabilities, highlighting risks like model poisoning and instruction injection. Carlini explores the parallels between cryptographic attacks and AI model vulnerabilities, emphasizing the importance of robust security frameworks. He also outlines key defense strategies against data extraction and shares insights on the fragility of current AI defenses, urging a critical evaluation of security practices in an evolving digital landscape.

01:20:42

Episode guests

Nicholas Carlini

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Nicholas Carlini emphasizes the need to analyze AI systems through a mathematical lens to identify vulnerabilities effectively.

Model poisoning is a significant concern as attackers can manipulate training data, jeopardizing the accuracy of AI outputs.

Current defensive measures against AI model attacks are insufficient, necessitating the development of stronger security mechanisms and validation checks.

Deep dives

Introduction to AI Security Research

Nicholas Carlini has transitioned from pen testing to focusing on the security of machine learning (ML) and artificial intelligence (AI) models. With a foundation in cryptography and mathematics, he views AI systems as mathematical constructs that can be analyzed and attacked. His research emphasizes understanding AI systems at a deeper mathematical level rather than solely through practical interactions, such as prompt injection. This dual perspective allows researchers to identify and exploit vulnerabilities in AI models more effectively.

Intro

2min

From Penetration Testing to Machine Learning

6min

Securing Machine Learning Models: Vulnerabilities and Attacks

21min

Exploring Security Frameworks in Language Model Attacks

2min

Exploring Gradient Analysis in Two-Layer Neural Networks

2min

Attacking Linear Ciphers and Neural Networks

5min

Defending Language Models: Risks and Strategies

23min

Navigating AI Security and Model Limitations

19min

'Let us model our large language model as a hash function—'

Sold.

Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe.

Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0

Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/

Links:

- https://nicholas.carlini.com
- “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634
- ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html
- “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884
- “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922
- https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api
- https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542
- https://opensource.org/license/mit
- https://github.com/madler/zlib
- https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/
- https://nicholas.carlini.com/writing/2024/how-i-use-ai.html

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Cryptography Whatever

Cryptanalyzing LLMs with Nicholas Carlini

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to AI Security Research

The Threat of Model Poisoning

Characteristics of Effective Attacks

Challenges in AI Defense Mechanisms

The Role of Privacy and Data Extraction

Future Directions in AI Security Research

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Cryptography Whatever

Cryptanalyzing LLMs with Nicholas Carlini

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to AI Security Research

The Threat of Model Poisoning

Characteristics of Effective Attacks

Challenges in AI Defense Mechanisms

The Role of Privacy and Data Extraction

Future Directions in AI Security Research

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights