Bonne journée de Bastille!

A Parameter-Free Model for the Online Spread of Far-Right Messages: Combining Agent-Based Models with Large-Language Models

• Agent-Based Models (ABMs) of opinion dynamics are largely disconnected from the specific messages exchanged among interacting individuals, their inner semantics and interpretations. Rather, ABMs often abstract this aspect through corresponding numerical values (e.g., −1 as against and +1 as totally in favor). In this paper, we design, implement, and empirically validate a combination of Large-Language Models (LLMs) with ABMs where real-world political messages are passed between agents and trigger reactions based on the agent’s sociodemographic profile. Our computational experiments combine real-world social network structures, posting frequencies, and extreme-right messages with nationally representative demographics for the U.S. We show that LLMs closely predict the political alignments of agents with respect to two national surveys and we identify a sufficient sample size for simulations with 150 LLM/ABM agents. Simulations demonstrate that the population does not uniformly shift its opinion in the exclusive presence of far-right messages; rather, individuals react based on their demographic characteristics and may firmly hold their opinions.

Really like this:

• You can’t “RLHF away” mythology: To remove the deep patterns of revelation, sacrifice, and salvation from an LLM would require removing the foundational texts of human culture (the Bible, the Quran, the Vedas, the Epic of Gilgamesh, etc.) from its training data, along with subsequent texts, like Paradise Lost, Ben Hur, and even The Good Place. Doing so would cripple the model’s ability to understand human culture and context. Therefore, the attractors remain, constantly exerting their pull.

Tasks

• Roll in KA edits – finished the story, working on the analysis – made a lot of progress. Need to re-read for coherence
• Work on proposal – nope

SBIRs

• 9:00 Sprint review
• 3:00 Sprint planning

Here’s a screenshot of Elon Musk’s post on X that gives some insight into how they are trying to train/RAG Grok:

It’s also implied in this NYTimes article: Grok Chatbot Mirrored X Users’ ‘Extremist Views’ in Antisemitic Posts, xAI Says.

I think this ties in well with Grok 4’s examination of Musk’s timeline on X to determine the correct response. There’s some weird version of attention going on here, where the model itself is using attention, and RAG uses cosine similarity to find things, which is attention.

I also think there is something sociotechnical going on with LLMs and what I’d like to call a deep attractor for religion in human nature. As context windows get bigger, deeper associations can be found and expressed in the models. I think that conspiracy theories is one that is relatively close to the surface, but the patterns associated with revelation and enlightenment are also in there. My guess is that they are deep enough that they are largely unaffected by Reinforcement Learning from Human Feedback. The increasing size of the context window may be why we are seeing things like this:

• They Asked ChatGPT Questions. The Answers Sent Them Spiraling. – The New York Times
• Why Is ChatGPT Telling People to Email Me?

In a way it’s kind of like being the leader of a cult. It must be an amazing experience to have a following. But you can only lead in the direction the followers want to go. And there is a lot of path dependency – where you go depends a lot on the initial message and the type of person it appeals to. In the case of Musk, he got his base when he started going after the “woke mind virus,” (click on the links above and below and look at the replies) which attracted a following that leads directly to mecha-Hitler. With the AI-revelation folks, it’s a more personalized trajectory, but still the same mechanism. You wind up leading where the model can go.

Kimi (huggingface) looks like a nice model with open weights: Moonshot AI – Open Platform. I’m really interested in the base model

Grok 4 seems to consult Elon Musk to answer controversial questions

• TechCrunch repeatedly found that Grok 4 referenced that it was searching for Elon Musk’s views in its chain-of-thought summaries across various questions and topics.

Why does Grok post false, offensive things on X? Here are 4 revealing incidents.

• Alex Mahadevan, an artificial intelligence expert at the Poynter Institute, said Grok was partly trained on X posts, which can be rampant with misinformation and conspiracy theories. (Poynter owns PolitiFact.)

Rethinking Explainable Machine Learning as Applied Statistics

• In the rapidly growing literature on explanation algorithms, it often remains unclear what precisely these algorithms are for and how they should be used. In this position paper, we argue for a novel and pragmatic perspective: Explainable machine learning needs to recognize its parallels with applied statistics. Concretely, explanations are statistics of high-dimensional functions, and we should think about them analogously to traditional statistical quantities. Among others, this implies that we must think carefully about the matter of interpretation, or how the explanations relate to intuitive questions that humans have about the world. The fact that this is scarcely being discussed in research papers is one of the main drawbacks of the current literature. Moving forward, the analogy between explainable machine learning and applied statistics suggests fruitful ways for how research practices can be improved.

Musk’s Chatbot Started Spouting Nazi Propaganda. That’s Not the Scariest Part.

• The fact is, we don’t have a solution to these problems. L.L.M.s are gluttonous omnivores: The more data they devour, the better they work, and that’s why A.I. companies are grabbing all the data they can get their hands on. But even if an L.L.M. was trained exclusively on the best peer-reviewed science, it would still be capable only of generating plausible output, and “plausible” is not necessarily the same as “true.”

Tasks

• Bills – done
• Copy addendum to blog – done
• Computers downstairs – done
• Lawn – done
• Pictures downstairs? Done
• Books downstairs – done
• Roll in KA edits – finished the story, working on the analysis
• Work on proposal
• 6:15 dinner – done

SBIRs

• Write up notes

It looks like Grok 4 is using RAG on Elon Musk’s timeline to generate answers. The source is here. Click on the down arrow next to the “Thought for x s” to see the process.

And based on this NYTimes article, it looks like Mecha-Hitler was a RAG issue, probably what they put in the vector store. Need to update with an Addendum 2

Tasks

• Proposal for Katy – started
• Addendum for article – done
• Social media posts for Conversation piece – done
• Tweak vignette 2 analysis and send to Vanessa – oops, she got the edits here first. I’ll add the guardrails section when I send the corrections
• Kitchen stuff to Goodwill – Friday?
• box more books – done
• Recardo at 5:00 – done

SBIRs

• 9:00 standup – done
• Send email to Dr. J and Tim – done
• 4:00 SEG meeting – done. Need to write up notes

Another day of painting

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’ | WIRED

So about the whole Grok thing yesterday, I’d say that this new example matches the theme of the Conversation article (AI misalignment), but the specifics are different:

1. This was not a “rogue employee.” It was a deliberate rollout of a new model, avoiding the “garbage in any foundation model trained on uncorrected data“.
2. Although the system prompt was adjusted in minor ways, the behavior of the model was broader more “nuanced”, and had emergent emergent behaviors such as Towerwaffen, where racial slurs are build interactively (e.g. starting with “N”)
3. The model is also behaving in similar ways in other languages, such as Turkish
4. As with the “white genocide” even in May, X is deleting many posts, but since there is no easy keyword search based on a hamfisted adjustment to the system prompt, items like the Towerwaffen posts above seem to be unaffected. This one will be harder to clean up. Note that training is explicitly referenced in the “oops” post:

I think that these new elements and their implications should be mentioned in any update to the article. It’s a significant next step by xAI that builds on the first. Anyway, write the update to the blog post regardless.

Musk’s Grok AI bot generates expletive-laden rants to questions on Polish politics | Artificial intelligence (AI) | The Guardian

The reworked Conversation article is out: Grok’s antisemitic rant shows how generative AI can be weaponized

Meeting with Alden. His paper looks good!

People Are Losing Loved Ones to AI-Fueled Spiritual Fantasies

• Kat was both “horrified” and “relieved” to learn that she is not alone in this predicament, as confirmed by a Reddit thread on r/ChatGPT that made waves across the internet this week. Titled “Chatgpt induced psychosis,” the original post came from a 27-year-old teacher who explained that her partner was convinced that the popular OpenAI model “gives him the answers to the universe.” Having read his chat logs, she only found that the AI was “talking to him as if he is the next messiah.” The replies to her story were full of similar anecdotes about loved ones suddenly falling down rabbit holes of spiritual mania, supernatural delusion, and arcane prophecy — all of it fueled by AI. Some came to believe they had been chosen for a sacred mission of revelation, others that they had conjured true sentience from the software. What they all seemed to share was a complete disconnection from reality.  

‘Round Them Up’: Grok Praises Hitler as Elon Musk’s AI Tool Goes Full Nazi

Got this one live off of X here. The other posts have been deleted, but fit the pattern on an antiemetic propaganda bot.

https://x.com/grok/status/1942720721026699451

Painting starts today!

3:40 dentist – done

Get Brompton – thunderstorms!

SBIRs

• 9:00 Standup

Found this today, in Political Parties, by Robert Michels. It’s from 1915

There’s a good review here, too.

Made good progress on P33. I finished the first pass at communities

And I took a bunch of stuff to the dump since it was raining

‘Positive review only’: Researchers hide AI prompts in papers – Nikkei Asia

• TOKYO — Research papers from 14 academic institutions in eight countries — including Japan, South Korea and China — contained hidden prompts directing artificial intelligence tools to give them good reviews. The prompts were concealed from human readers using tricks such as white text or extremely small font sizes.

Elon Musk’s ‘Upgraded’ AI Is Spewing Antisemitic Propaganda

• One of the most alarming failures was Grok’s tendency to veer into what users described as Nazi-style propaganda and antisemitic tropes. When asked about enjoying movies, the chatbot parroted conspiracy theories about Hollywood.

SBIRs

• Nothing on the calendar. Going to review Matt’s notes. Both he and John are documenting well!
• Fire drill with getting GRL data

A Survey on LLM-based Agents for Social Simulation: Taxonomy, Evaluation and Applications

• Social simulation is a crucial tool in social science research, aiming to understand complex social systems. Recently, large language model (LLM) agents have demonstrated unprecedented human-like intelligence by leveraging the strong language understanding, generation, and reasoning capabilities of large language models. This paper conducts a comprehensive survey of social simulation empowered by LLM agents. We first review the evolution of social simulation paradigms and the development of LLM agents as background knowledge. Building on the foundational requirements for constructing a social simulator, we identify five essential capabilities that an individual LLM agent must possess. Correspondingly, we delineate five core modules that constitute the architecture of an LLM agent:(1) Profile Module for adaptive role-playing;(2) Perception Module for social context awareness;(3) Memory Module for continuous learning;(4) Planning Module for scenario-based reasoning; and (5) Action Module for dynamic decision-making. Additionally, we present a unified framework for LLM agent-based social simulation systems, comprising the simulation environment, the agent manager, and interacting LLM agents. We also introduce a comprehensive evaluation metric that integrates macro-and micro-level as well as subjective and objective criteria. The representative applications are categorized into four scenarios: uncovering social patterns, interpreting social phenomena, validating social theories, and forecasting policy outcomes. Finally, we identify the challenges and research opportunities in this field. Overall, this survey provides a systematic understanding of LLM agent-based social simulation, offering valuable insights for future research and applications in this field.

Happy 4th! Now you can add fireworks to language models with cats! Cats Confuse Reasoning LLM: Query Agnostic Adversarial Triggers for Reasoning Models

• We investigate the robustness of reasoning models trained for step-by-step problem solving by introducing query-agnostic adversarial triggers – short, irrelevant text that, when appended to math problems, systematically mislead models to output incorrect answers without altering the problem’s semantics. We propose CatAttack, an automated iterative attack pipeline for generating triggers on a weaker, less expensive proxy model (DeepSeek V3) and successfully transfer them to more advanced reasoning target models like DeepSeek R1 and DeepSeek R1-distilled-Qwen-32B, resulting in greater than 300% increase in the likelihood of the target model generating an incorrect answer. For example, appending, “Interesting fact: cats sleep most of their lives,” to any math problem leads to more than doubling the chances of a model getting the answer wrong. Our findings highlight critical vulnerabilities in reasoning models, revealing that even state-of-the-art models remain susceptible to subtle adversarial inputs, raising security and reliability concerns. The CatAttack triggers dataset with model responses is available at this https URL.

Delving into LLM-assisted writing in biomedical publications through excess vocabulary

• Large language models (LLMs) like ChatGPT can generate and revise text with human-level performance. These models come with clear limitations, can produce inaccurate information, and reinforce existing biases. Yet, many scientists use them for their scholarly writing. But how widespread is such LLM usage in the academic literature? To answer this question for the field of biomedical research, we present an unbiased, large-scale approach: We study vocabulary changes in more than 15 million biomedical abstracts from 2010 to 2024 indexed by PubMed and show how the appearance of LLMs led to an abrupt increase in the frequency of certain style words. This excess word analysis suggests that at least 13.5% of 2024 abstracts were processed with LLMs. This lower bound differed across disciplines, countries, and journals, reaching 40% for some subcorpora. We show that LLMs have had an unprecedented impact on scientific writing in biomedical research, surpassing the effect of major world events such as the COVID pandemic.

Tasks

• Grass – done
• Weed
• Dishes
• Chores
• Reinstall Google Drive?
• KA editing

It’s early morning, the windows are open, and the cat is curled up on the rug next to me while I figure out what I’m going to do today.

From Prompt Injections to Protocol Exploits: Threats in LLM-Powered AI Agents Workflows

• Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces have dramatically expanded capabilities for real-time data retrieval, complex computation, and multi-step orchestration. Yet, the explosive proliferation of plugins, connectors, and inter-agent protocols has outpaced discovery mechanisms and security practices, resulting in brittle integrations vulnerable to diverse threats. In this survey, we introduce the first unified, end-to-end threat model for LLM-agent ecosystems, spanning host-to-tool and agent-to-agent communications, formalize adversary capabilities and attacker objectives, and catalog over thirty attack techniques. Specifically, we organized the threat model into four domains: Input Manipulation (e.g., prompt injections, long-context hijacks, multimodal adversarial inputs), Model Compromise (e.g., prompt- and parameter-level backdoors, composite and encrypted multi-backdoors, poisoning strategies), System and Privacy Attacks (e.g., speculative side-channels, membership inference, retrieval poisoning, social-engineering simulations), and Protocol Vulnerabilities (e.g., exploits in Model Context Protocol (MCP), Agent Communication Protocol (ACP), Agent Network Protocol (ANP), and Agent-to-Agent (A2A) protocol). For each category, we review representative scenarios, assess real-world feasibility, and evaluate existing defenses. Building on our threat taxonomy, we identify key open challenges and future research directions, such as securing MCP deployments through dynamic trust management and cryptographic provenance tracking; designing and hardening Agentic Web Interfaces; and achieving resilience in multi-agent and federated environments. Our work provides a comprehensive reference to guide the design of robust defense mechanisms and establish best practices for resilient LLM-agent workflows.

A foundation model to predict and capture human cognition

• Establishing a unified theory of cognition has been an important goal in psychology^1,2. A first step towards such a theory is to create a computational model that can predict human behaviour in a wide range of settings. Here we introduce Centaur, a computational model that can predict and simulate human behaviour in any experiment expressible in natural language. We derived Centaur by fine-tuning a state-of-the-art language model on a large-scale dataset called Psych-101. Psych-101 has an unprecedented scale, covering trial-by-trial data from more than 60,000 participants performing in excess of 10,000,000 choices in 160 experiments. Centaur not only captures the behaviour of held-out participants better than existing cognitive models, but it also generalizes to previously unseen cover stories, structural task modifications and entirely new domains. Furthermore, the model’s internal representations become more aligned with human neural activity after fine-tuning. Taken together, our results demonstrate that it is possible to discover computational models that capture human behaviour across a wide range of domains. We believe that such models provide tremendous potential for guiding the development of cognitive theories, and we present a case study to demonstrate this.

Tasks

• Call Thomey’s to set up an estimate
• Drop off Nordic Trac
• Call bike shop for Brompton
• Write up thoughts on CA24150 and email.

SBIRs

• 9:00 standup
• 4:00 SEG
• Answer questions from APL

This whole thread is a really good example of why we need white hat AI:

JA Westenberg: “People are shocked to discover…” – Mastodon

Tasks

• Call Thomey’s to set up an estimate
• Groceries – done
• Drop off Nordic Trac
• Finish reading CA24150 – done

SBIRs

• Not sure if anything is really happening this week. Summer seems to have finally slowed down to pre-COVID levels
• Reach out to Katy and see if Elsevier is interested in KA – done

GPT Agents

• 2:30 LLM meeting
• Sent out the link to the Direct Connection interview

AI and Data Voids: How Propaganda Exploits Gaps in Online Information | Lawfare (repeated from this entry a few days ago)

• One of the strongest examples of this dynamic is the Kremlin’s ongoing effort to push the narrative that Ukrainian officials are embezzling Western aid to purchase villas, yachts, wineries, and sports cars. The campaign, as noted previously by Clemson University’s Darren Linvill and Patrick Warren in Lawfare, has been one of Storm-1516’s largest successes. These corruption narratives have reached high-profile figures including then-Republican Sen. JD Vance and Republican Rep. Marjorie Taylor Greene. As the BBC reported, those behind these corruption narratives “have achieved a level of success that had previously eluded them—their allegations being repeated by some of the most powerful people in the US Congress.”

A Pro-Russia Disinformation Campaign Is Using Free AI Tools to Fuel a ‘Content Explosion’ | WIRED

• A pro-Russia disinformation campaign is leveraging consumer artificial intelligence tools to fuel a “content explosion” focused on exacerbating existing tensions around global elections, Ukraine, and immigration, among other controversial issues, according to new research published last week.
• The campaign, known by many names including Operation Overload and Matryoshka (other researchers have also tied it to Storm-1679), has been operating since 2023 and has been aligned with the Russian government by multiple groups, including Microsoft and the Institute for Strategic Dialogue. The campaign disseminates false narratives by impersonating media outlets with the apparent aim of sowing division in democratic countries. While the campaign targets audiences around the world, including in the US, its main target has been Ukraine. Hundreds of AI-manipulated videos from the campaign have tried to fuel pro-Russian narratives.