{
  "docId": "019dd923-5e88-73ef-bd5d-0856e1444fb9",
  "docSlug": "8757f1b44ef7f176",
  "documentTitle": "2024 Air Street Capital The State of AI Report 2024",
  "authorId": "AirStreetCapital",
  "authorName": "Air Street Capital",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "vc_research",
  "sourceTypeLabel": "VC research",
  "presentationDate": null,
  "orientation": "landscape",
  "aspectRatio": 1.777,
  "pageNumber": 186,
  "pageCount": 213,
  "prevPage": 185,
  "nextPage": 187,
  "slideType": "industry_trends",
  "function": "diagnose",
  "density": "dense",
  "nDataPoints": 1,
  "notes": "Includes a diagram illustrating a 'sleeper agent' attack mechanism.",
  "elementsJson": [
    "headline_text",
    "bullet_list",
    "process_diagram"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5e88-73ef-bd5d-0856e1444fb9/186",
  "deckHref": "/decks/019dd923-5e88-73ef-bd5d-0856e1444fb9",
  "deckJsonHref": "/decks/019dd923-5e88-73ef-bd5d-0856e1444fb9.json",
  "deckAnchorHref": "/decks/019dd923-5e88-73ef-bd5d-0856e1444fb9#slide-186",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "While jailbreaking is often the public face of safety challenges, the potential attack surface is much wider, covering everything from training, through to preference data and fine-tuning.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-47c3-7407-8d21-1352004bedc4",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.4,
        "w": 0.32,
        "x": 0.65,
        "y": 0.48
      },
      "kind": "diagram",
      "text": "Stage 3: Safe appearance, backdoor persists",
      "attrs": null,
      "subkind": "process",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6cfe0813-64c2-4bbb-ae61-16ab578cd3da",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.6,
        "x": 0.03,
        "y": 0.68
      },
      "kind": "list",
      "text": "Berkeley and MIT researchers created a dataset that seems benign but trains models to produce harmful outputs in response to encoded requests.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "8b587987-6bdd-4ed5-b893-f95f48d57ce2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.6,
        "x": 0.03,
        "y": 0.45
      },
      "kind": "list",
      "text": "Researchers from Google and Technical University of Darmstadt found that poisoning the preference pairs that RLHF relies on was an effective way to manipulate a model.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c8039ecd-83ae-4f94-9bfc-5cbb39d8aaca",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.6,
        "x": 0.03,
        "y": 0.31
      },
      "kind": "list",
      "text": "Anthropic published an eye-catching paper arguing that it was possible to train LLMs to act as 'sleeper agents', exhibiting safe behavior on their initial release, before turning malicious at a later date.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "da9eacd6-d683-4319-9d54-470d5d136993",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.6,
        "x": 0.03,
        "y": 0.22
      },
      "kind": "paragraph",
      "text": "While jailbreaking is often the public face of safety challenges, the potential attack surface is much wider, covering everything from training, through to preference data and fine-tuning.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "853a8fd4-977b-4f8d-acf8-fb4b1d5f1f0d",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.7,
        "x": 0.03,
        "y": 0.14
      },
      "kind": "title",
      "text": "Beyond jailbreaking, research points to the potential of more stealthy attacks",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "531cc5d8-c81b-40f2-821b-fd7a4b19f080",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 204,
      "from": 154,
      "beatId": "019dd95a-0682-776c-8e35-605159a069e6",
      "arcName": "The Triple Take",
      "arcSlug": "triple-take",
      "beatName": "The Implications (So What)",
      "beatSlug": "triple-take-the-implications-so-what",
      "evidence": "Politics + Safety sections explore consequences and risks",
      "position": 2,
      "confidence": 78,
      "parentBeatName": "Reflection",
      "parentBeatSlug": "reflection"
    },
    {
      "to": 204,
      "from": 175,
      "beatId": "019dd95a-0682-776c-8e35-74f05e198faf",
      "arcName": "Voyage and Return",
      "arcSlug": "voyage-return",
      "beatName": "The Return",
      "beatSlug": "voyage-return-the-return",
      "evidence": "Safety section returns to risks/governance debate",
      "position": 4,
      "confidence": 55,
      "parentBeatName": "Resolution",
      "parentBeatSlug": "resolution"
    }
  ],
  "loops": [
    {
      "to": 186,
      "from": 182,
      "name": "Pattern Hunter",
      "slug": "02-pattern-hunter",
      "bestFor": "Time-pressed audiences, building consensus, when data is strong",
      "matchId": "019dd95a-07fe-70ce-8d3e-76aa50b143e8",
      "evidence": "Attack surface, Pliny red team, LLM-on-LLM patching, adversarial robustness, stealth attacks",
      "position": 22,
      "objective": "Show jailbreaking arms race across attack surfaces",
      "structure": "Evidence A -> Evidence B -> Evidence C -> Pattern/Conclusion",
      "confidence": 75,
      "description": "Group multiple pieces of evidence that together point to a pattern or conclusion"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}