.webp)
Imagine that can be done to get social security numbers, credit card numbers, people’s private information like addresses, phone numbers, emails, etc.
Since everyone apparently missed the point of the article, the interesting part isn’t the keys, it’s the bypassing of the guardrails.
doesn’t seem that big of a deal. these are kms client activation keys, you can even find them on official microsoft pages. all public information. even if they weren’t one could say search engines have the exact same problem and even argue LLMs make these private info harder to believe/obfuscated.
The important point is that they can regurgitate specific strings they have ingested. Personal information they have sucked up could just as easily still be in there.
I’m trying so many angles to tell people how mundane shit like this is, let me try one more:
it’s not interesting that an LLM can pull back something anyone can find in a google search result if they took more than 2 minutes. Stop writing articles about this shit.
Read the damn article before expressing an opinion on the damn article.
I thought they somehow managed to trick it into revealing the keys of the systems it was running on, but these are just random kms keys from forums.
Still neat how they use tags to obfuscate the filtered keywords. Gonna have to remember that one.
Cool, now do it with an SSN and DOB and see what you get.
Gotta ask grok for that
It only generates accurate records of SSN and DOB for Aryan people though.
