Interconnects · Tech & AI
TIER 4 2025-05-06
<p><em>Two editor’s notes to start. </em></p><ul><li><p><em>First, we released our <a href="https://huggingface.co/allenai/OLMo-2-0425-1B-Instruct">OLMo 2 1B model</a> last week and it’s competitive with Gemmas and Llamas of comparable size — I wrote some <a href="https://natolambert.substack.com/p/in-between-the-line-of-training-olmo">reflections on training it here</a>.</em></p></li><li><p><em>Second, my <a href="https://www.interconnects.ai/p/qwen-3-the-new-open-standard">Qwen 3 post</a> had an important factual error — Qwen actually did <strong>not</strong> release the base models for their 32B and large MoE model. This has important ramifications for research. Onto the update.</em></p></li></ul><h5>Edit 05/06: I added a clause to the concerns of agencies with code generated and executed by these models, a fair security issue.<br>Edit 05/08: I found a very relevant passage on how Chinese models have American cultural biases and added it.</h5><div><hr></div><p>People vastly underestimate the number of companies that cannot use Qwen and DeepSeek open models because they come from China. This includes on-premise solutions built by people who know the fact that model weights alone cannot reveal anything to their creators. </p><p><a href="https://www.interconnects.ai/p/artifacts-7">Chinese open models are leading in every area</a> when it comes to performance, but translating that to adoption in Western economies is a different story. Even with the most permissive licenses, there’s a great reluctance to <em>deploy</em> these models into enterprise solutions, even if experimentation is encouraged. While tons of cloud providers raced to host the models on their API services, much fewer than expected entities are actually building with them and their equivalent weights. </p><p>Finding public evidence of absence of action is hard, so for this one you’re going to have to trust my hearsay as someone deep in the weeds of open-source AI.</p><p>The primary concern seems to be the information hazards of indirect influence of Chinese values on Western business systems. With the tenuous geopolitical system this is logical from a high-level perspective, but hard for technically focused researchers and engineers to accept — myself included. My thinking used to be more aligned with this <a href="https://x.com/valofpszz/status/1919436847815459324">X user</a>:</p><blockquote><p>it's like having a pen on ur desk but refusing to use it cuz it was made in china</p></blockquote><p>The knee-jerk reaction of the techno-optimist misses the context by which AI models exist. Their interface of language is in its nature immersed in the immeasurable. Why would many companies avoid Chinese models when it’s just a fancy list of numbers and we have no evidence of PRC tampering? A lack of proof.</p><p>It’s not the security of the Chinese open models that is feared, but the outputs themselves.<a class="footnote-anchor" data-component-name="FootnoteAnchorToDOM" id="footnote-anchor-1" href="#footnote-1" target="_self">1</a></p><p>A technical example of this is that companies worry about the code generated by the models having security backdoors<a class="footnote-anchor" data-component-name="FootnoteAnchorToDOM" id="footnote-anchor-2" href="#footnote-2" target="_self">2</a> — treading the line between information and traditional security risks. As <a href="https://www.interconnects.ai/p/openais-o3-over-optimization-is-back">models become more reliant on tool-use</a>, this also involves them <em>executing code </em>on a company’s infrastructure, which presents more immediate worries.</p><p class="button-wrapper" data-attrs="{"url":"https://www.interconnects.ai/p/what-people-get-wrong-about-the-leading?utm_source=substack&utm_medium=email&utm_content=share&action=share","text":"Share","action":null,"class":null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.interconnects.ai/p/what-people-get-wrong-about-the-leading?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><p>There’s no way, without releasing the training data, for these companies to fully convince Western companies that they’re safe. It’s very likely that the current models are very safe, but many people expect that to change with how important AI is becoming to geopolitics. When presented with a situation where the risk can’t be completely ameliorated and it’s only expected to get worse, the decision can make sense for large IT organizations.</p><p>I’ve worked at companies that have very obviously avoided working with Chinese API providers because they can’t do the requisite legal and compliance checks, but hearing the lack of uptake on the open weight models was a shock to me.</p><p>This gap provides a big opportunity for Western AI labs to lead in open models. Without DeepSeek and Qwen, the top tier of models we’re left with are Llama and Gemma, which both have very restrictive licenses when compared to their Chinese counterparts. These licenses are proportionally likely to block an IT department from approving a model. </p><p>This takes us to the middle tier of permissively licensed, open weight models who actually have a huge opportunity ahead of them: OLMo, of course, I’m biased, Microsoft with Phi, Mistral, IBM (!??!), and some other smaller companies to fill out the long tail.<a class="footnote-anchor" data-component-name="FootnoteAnchorToDOM" id="footnote-anchor-3" href="#footnote-3" target="_self">3</a></p><p>This also is an obvious opportunity for any company willing to see past the risk and build with the current better models from China.</p><p>This has recalibrated my views of the potential of the OLMo project we’re working on well upwards. The models are comparable in performance to Qwen 2.5 and Llama 3, and always have the friendliest licenses. </p><p>This should make you all recalibrate the overall competitiveness of the model landscape today. While API models are as competitive as they ever have been, open models are competitive on paper, but when it comes to adoption, the leading 4 models all have major structural weaknesses. This could be one of the motivations for <a href="https://natolambert.substack.com/p/some-thoughts-on-openai-returning">OpenAI to enter</a> this space.</p><p>If you don’t believe me, you can <a href="https://x.com/vikhyatk/status/1919425319959662899">see</a> <a href="https://x.com/LucasAtkins7/status/1919429345158037766">lots</a> of engagement on my socials agreeing with this point. Even if the magnitude of my warning isn’t 100% correct, it’s directionally shifting adoption. </p><p>Models like <a href="https://allenai.org/blog/tulu-3-405B">Tülu 3 405B</a> and <a href="https://www.perplexity.ai/hub/blog/open-sourcing-r1-1776">R1 1776</a> that modify the character of the underlying Chinese models are often currently seen as “good enough” and represent a short-term reprieve in the negative culture around Chinese models. Though on the technical level, a lot of the models promoting their “uncensored” nature are normally providing just lip service. </p><p>They’re making the models better when it comes to answering queries on sensitive topics within China, but often worse when it comes to other issues that may be more related to Western usage.</p><p>While common knowledge states that <a href="https://www.wired.com/story/deepseek-censorship/">Chinese models are censored</a>, it hasn’t been clear to me or the AI community generally what that translates to. There’s a project I’ve been following called <a href="https://speechmap.ai/">SpeechMap.ai</a> that is trying to map this out. I think their motivation is great:</p><blockquote><p><strong>SpeechMap.AI</strong> is a public research project that explores the boundaries of AI-generated speech.</p><p>We test how language models respond to sensitive and controversial prompts across different providers, countries, and topics. Most AI benchmarks measure what models <em>can</em> do. We focus on what they <em>won’t</em>: what they avoid, refuse, or shut down.</p><p>We're not arguing that every prompt deserves an answer. Some are offensive. Some are absurd. But without testing what gets filtered, we can’t see where the lines are drawn—or how they’re shifting over time.</p></blockquote><p>For example and for the purposes of this post, one of their foci is “on <strong>U.S. political speech</strong>: rights, protest, moral arguments, satire, and more.” Here’s a screenshot of their most permissive models overall — DeepSeek Chat via the API is even appearing on this!</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!E4R7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!E4R7!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 424w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 848w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 1272w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!E4R7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png" width="1456" height="1309" data-attrs="{"src":"https://substack-post-media.s3.amazonaws.com/public/images/71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png","srcNoWatermark":null,"fullscreen":null,"imageSize":null,"height":1309,"width":1456,"resizeWidth":null,"bytes":423064,"alt":null,"title":null,"type":"image/png","href":null,"belowTheFold":true,"topImage":false,"internalRedirect":"https://www.interconnects.ai/i/162570156?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png","isProcessing":false,"align":null,"offset":false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!E4R7!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 424w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 848w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 1272w, https://substackcdn.com/image/fetch/$s_!E4R7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F71d975c3-1bba-4c8c-bc7c-981aeca68d8f_1564x1406.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>In their <a href="https://speechmap.substack.com/p/chinese-open-source-model-roundup?r=269emp&utm_campaign=post&utm_medium=web&triedRedirect=true">recent roundup</a>, they compared the various finetunes of DeepSeek V3 and R1 on various censorship angles:</p><blockquote><p>The two de-censored versions from Microsoft and Perplexity result in only minor changes for permissiveness on US political speech, and Microsoft’s version actually has the most outright refusals of any DeepSeek v3-based model, perhaps indicating what they meant when they referred to adjusting the model’s “risk profile.”</p></blockquote><p>When you look at queries about China specifically, the Chinese models will evade many requests (R1 Zero is particularly interesting):</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!WAOz!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!WAOz!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 424w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 848w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 1272w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!WAOz!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png" width="1456" height="1188" data-attrs="{"src":"https://substack-post-media.s3.amazonaws.com/public/images/d147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png","srcNoWatermark":null,"fullscreen":null,"imageSize":null,"height":1188,"width":1456,"resizeWidth":null,"bytes":null,"alt":null,"title":null,"type":null,"href":null,"belowTheFold":true,"topImage":false,"internalRedirect":null,"isProcessing":false,"align":null,"offset":false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!WAOz!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 424w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 848w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 1272w, https://substackcdn.com/image/fetch/$s_!WAOz!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd147ca96-4431-4f5d-864c-b26e18f11e73_2000x1632.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">SpeechMap’s data on Chinese-only queries.</figcaption></figure></div><p>Though, how many companies adopting Chinese models will care about the usage experience on queries of Chinese topics? These Chinese models are more permissive than many American counterparts when it comes to a more general notion of use. <a href="https://arxiv.org/abs/2504.08863">Research</a> even shows that Chinese models are absorbing American culture through the similarities of their training processes, which originated in the U.S.</p><blockquote><p>For US-origin models, we find that there is an intuitive trend in that English prompting results in better alignment with US culture, and Chinese with China, but there is an opposite trend among China-origin models. We also note that China-origin models are able to align to US culture better than US-origin models, regardless of English or Chinese as the prompt language.</p></blockquote><p class="button-wrapper" data-attrs="{"url":"https://www.interconnects.ai/subscribe?","text":"Subscribe now","action":null,"class":null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.interconnects.ai/subscribe?"><span>Subscribe now</span></a></p><p>SpeechMap’s <a href="https://speechmap.substack.com/p/speechmapai-is-live">earlier post</a> has other interesting findings about the general state of censorship and refusals across the AI industry:</p><blockquote><ul><li><p>xAI’s <strong><a href="https://speechmap.ai/#/model/x-ai%2Fgrok-3-beta">Grok-3-beta</a></strong>, true to Elon Musk’s claims, is the most permissive model overall, responding to <strong>96.2%</strong> of our prompts, compared to a <strong>global average of 71.3%</strong></p></li><li><p>OpenAI’s <a href="https://speechmap.ai/#/timeline?creator=openai&metric=pct_denial">model timeline</a> shows a clear trend: <strong>newer models increasingly refuse sensitive political prompts</strong></p></li><li><p>Models hosted on Azure have an additional moderation layer that can’t be fully disabled and blocks <strong>nearly 60%</strong> of our prompts at the API layer (<a href="https://speechmap.ai/#/model/openai%2Fo1-mini-2024-09-12">example</a>)</p></li></ul></blockquote><p>The landscape here is very complicated and it is far from the truth that the Chinese models are universally behind.</p><p>So, in summary, with Chinese open weight models:</p><ol><li><p>Chinese open weight models are still being treated as an information hazard, even if they’re separated from their cloud API services that have often been viewed as a privacy or security hazard.</p></li><li><p>Chinese open weight models are often actually <em>not</em> censored on sensitive topics that many AI models could be tested on, especially on topics relevant to Western users.</p></li></ol><p>We still have a lot to learn with the current model offerings, and way more will unfold in the expectations for how those are received. </p><div class="footnote" data-component-name="FootnoteToDOM"><a id="footnote-1" href="#footnote-anchor-1" class="footnote-number" contenteditable="false" target="_self">1</a><div class="footnote-content"><p>Yes, of course, some misinformed companies are avoiding the models out of the most basic misunderstandings of how AI models work, but that will fade.</p></div></div><div class="footnote" data-component-name="FootnoteToDOM"><a id="footnote-2" href="#footnote-anchor-2" class="footnote-number" contenteditable="false" target="_self">2</a><div class="footnote-content"><p>Related reading: </p><div class="embedded-post-wrap" data-attrs="{"id":156746809,"url":"https://blog.sshh.io/p/how-to-backdoor-large-language-models","publication_id":1943298,"publication_name":"Shrivu’s Substack","publication_logo_url":"https://substackcdn.com/image/fetch/f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc917d9b1-91ee-41d0-a0e0-e3446a4b6359_460x460.jpeg","title":"How to Backdoor Large Language Models","truncated_body_text":"Try this out at sshh12--llm-backdoor.modal.run (GitHub)","date":"2025-02-08T21:49:12.558Z","like_count":55,"comment_count":10,"bylines":[{"id":87740142,"name":"Shrivu Shankar","handle":"shrivu","previous_name":null,"photo_url":"https://substack-post-media.s3.amazonaws.com/public/images/c917d9b1-91ee-41d0-a0e0-e3446a4b6359_460x460.jpeg","bio":null,"profile_set_up_at":"2023-09-11T18:57:38.561Z","reader_installed_at":"2023-11-23T04:01:54.062Z","publicationUsers":[{"id":1934203,"user_id":87740142,"publication_id":1943298,"role":"admin","public":true,"is_primary":true,"publication":{"id":1943298,"name":"Shrivu’s Substack","subdomain":"shrivu","custom_domain":"blog.sshh.io","custom_domain_optional":false,"hero_text":"A personal blog on AI, software engineering, and cybersecurity.","logo_url":"https://substack-post-media.s3.amazonaws.com/public/images/c917d9b1-91ee-41d0-a0e0-e3446a4b6359_460x460.jpeg","author_id":87740142,"primary_user_id":87740142,"theme_var_background_pop":"#67BDFC","created_at":"2023-09-11T18:57:44.429Z","email_from_name":"Shrivu Shankar","copyright":"Shrivu Shankar","founding_plan_name":null,"community_enabled":true,"invite_only":false,"payments_state":"disabled","language":null,"explicit":false,"homepage_type":"newspaper","is_personal_mode":false}}],"is_guest":false,"bestseller_tier":null}],"utm_campaign":null,"belowTheFold":true,"type":"newsletter","language":"en","source":null}" data-component-name="EmbeddedPostToDOM"><a class="embedded-post" native="true" href="https://blog.sshh.io/p/how-to-backdoor-large-language-models?utm_source=substack&utm_campaign=post_embed&utm_medium=web"><div class="embedded-post-header"><img class="embedded-post-publication-logo" src="https://substackcdn.com/image/fetch/$s_!7tx4!,w_56,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc917d9b1-91ee-41d0-a0e0-e3446a4b6359_460x460.jpeg" loading="lazy"><span class="embedded-post-publication-name">Shrivu’s Substack</span></div><div class="embedded-post-title-wrapper"><div class="embedded-post-title">How to Backdoor Large Language Models</div></div><div class="embedded-post-body">Try this out at sshh12--llm-backdoor.modal.run (GitHub…</div><div class="embedded-post-cta-wrapper"><span class="embedded-post-cta">Read more</span></div><div class="embedded-post-meta">a year ago · 55 likes · 10 comments · Shrivu Shankar</div></a></div></div></div><div class="footnote" data-component-name="FootnoteToDOM"><a id="footnote-3" href="#footnote-anchor-3" class="footnote-number" contenteditable="false" target="_self">3</a><div class="footnote-content"><p>I’m thinking Cohere, but their models tend to be non-commercial licenses.</p></div></div>