I mean... you can just firewall it?

slt2021 · on Jan 22, 2025

you dont know which prompt activates the backdoor, how can you firewall it if you run the model in production?

foolfoolz · on Jan 22, 2025

3d asset generation is a use case that for most doesn’t need to run in production

regularfry · on Jan 22, 2025

"In production" in this case is a stand-in for "in any environment with access to sensitive stuff" which might just include GPUs, if what the attacker wanted was crypto processing grunt. Besides, if you're providing 3D asset generation as a service (which I can imagine most deployments of this sort of thing will be, at least for now) then it absolutely is running in production. The purpose of that production environment is entirely to run asset generation.

dkjaudyeqooe · on Jan 22, 2025

Simply sanatieze the model outputs, which is the only thing that would escape running it in complete isolation.