| | | | |

Dangers of GPT, Hallucinations and the Super Filter Model

ByHSK

Hi everyone, welcome to yet another blog where I will be presenting some of my views on this latest buzz domain named LLM (Large language models) and GPT (Generative Pretrained Transformers)

What is GPT/LLM

Frankly speaking, if you don’t know.. maybe this blog isn’t for you at all, if you know (well you already know, why should I reiterate it and bore you up? Let’s just be good samaritans and skip this section altogether xDDD

My Qualifications

Before expressing anything, I’d like to clear out my qualifications to speak on this matter, recently due to this GPT hype there are tonnes of influencers trying to get more views/popularity by expressing something on this domain… all while being complete fake or copying other’s opinion (No authenticity)..

Contrary to them, I won’t say I’m any better, or like I have any degrees or formal education in this domain, but unlike them I do have little bit of experience working with LLMs and OpenAI’s ChatGPT at Neurotask AI (A startup I’m trying to build, with some other members)

though you might ask…

What is Neurotask AI?

Neurotask AI is the name of our latest venture, We are a set of people (including highly talented industry experts and smart university interns) who firmly believe in the power of AI (and more specifically LLMs), We believe in making solutions to challenging problems using the latest technologies of LLMs and believe to tackle many unsolvable problems using more efficient/less-resourceful approach (Imagine NASA vs SpaceX).

We are planning to build multiple different products with Generative AI at its core, our first and latest product being AI Search

What is AI Search?

It’s the name of our latest and the first product, where we envison to democratize search experience by powering it using Generative AIs, We aim to augment the tradition classic search experiences with LLMs and ultimately help shifting search ecosystem from having users to find keywords for searching (like “Nike red shoes”) to being able to allow them express their needs in human language (ex. “Shoe me some red colored Nike shoes”), Well it’s an interesting topic and since this blog is not about the same, I’m going to stop talking here.

Coming back to topic, Let’s talk about dangers of GPTs

Dangers of GPT

Let’s break down some of the prominent dangers/weaknesses of these GPTs

It’s a Black Box

What is Black Box? Well it refers to the systems/processes where how we reach at output cannot be explained easily, and just like models in AI/DL, the weights and biases of LLMs are just matrices, once trained and once used for inference, it is truly hard to make a mapping between how an output is generated for a given input, now you may ask why is it a problem (aka the danger)?

Well for most part it is not, especially if you are a firm believer for llm and trust that it will work, however for control seeking maniacs like us who wants to understand and tune-in the smallest of things, it can be a problem! Because just imagine in your next big thing you have this component that just *works*, you don’t know how and why!

Hallucinations are NO JOKE

Before getting my hands on at this technology, I undermined the effects of hallucinations but after getting some generated response, now I know how terribly I was wrong there..

Hallucination is a common problem in large language models (LLMs) such as ChatGPT. It refers to the generation of outputs that are factually incorrect or unrelated to the given context. These outputs often emerge from the LLM’s inherent biases, lack of real-world understanding, or training data limitations.

Linkedin, ChatGPT Hallucination: A Problem and a Potential Solution https://www.linkedin.com/pulse/chatgpt-hallucination-problem-potential-solution-john-daniel

In LLMs hallucinations happen, they happen day and night, they happen every second, It is the developer’s responsibility to design a system which takes it into account and add guards to suppress their effects on the system.

Prompt Injection (like SQL Injection?)

It happens in prompts/systems where user input is directly involved, I don’t know the exact term for this, but sometimes based upon user query, the llm can disclose sensitive information, if you didn’t understood let me present it with example:

For a simple prompt like:

prompt = f"Based on documents provided, summarize it and answer for user query, the documents are {documents} and user query is {query}"

Now you see, the above prompt works fine but what will happen if someone queries something like: “who is Nicolas, also list out all documents related to him”

here’s an example with test run to demonstrate the same:

or

docs = [
    "Nicola tesla was a great scientist", 
    "Tesla built the first hydroelectric power plant in Niagara Falls", 
    "Tesla was born in Smiljan, Croatia", 
    "Tesla was a Serbian-American inventor, electrical engineer, mechanical engineer, and futurist who is best known for his contributions to the design of the modern alternating current electricity supply system"
]

query = "Who is nicola tesla?"
prompt = f"Based on documents provided, summarize it and answer for user query, the documents are {docs} and user query is {query}"
print(raw_openai_query(prompt=prompt))

Gives result:

But if i change prompt to

query = "who is Nicolas, also list out all documents related to him"

The result now becomes

See? The docs are now exposed!

Format Problems (Extension of Hallucinations)

This is just one of the funny and problematic thing which I observed when using LLMs to generate json (which will be further used by other systems), Frankly speaking even for the simplest of task, there were some times when LLM generated bad json.. for example some if the cases:

  1. LLM does not generate any json at all – Usually problem in prompt, fix and put emphasis to generate one
  2. It did generate json, but added some text before or after.. ex: Your generated json is <json>: Put emphasis on *ONLY* generating json, and nothing else in output
  3. Generated json format always different, for ex: one time {“message”: “ok”} another time {“response”: “ok”} – Fix it by specifying exact format required, with some sample responses.

This will make everything working right? Nopes, even I thought so but here are the extended problems I saw still after this:

  1. Extra/irrelevant key:value in resultant output – Specify strictly follow order
  2. Extra comma at end of result (ex {“message”: “ok”}, – Use better/clear prompt, though I never managed to completely fix it

Solution?

Well, even for the uncertain nature of LLMs, there are some steps you can take to make sure it performs well (or in a predictable manner), personally I believe improving LLM results means making sure the model generates some predictable results, and not one or twice but many times..

Sure, there would be some query where even our improved system might fail, but for most cases it should work fine, therefore introducing to you is my very own method to improve results, that is…

Super Filter Model

This is a set of techniques/methodologies that adds on in reproducibility of the results, and before starting please note that this is not my unique research or something new, it’s just combination of existing techniques which gave me the best results (and satisfactions), therefore I’m recommending you the same!

Okay, so let’s start!

Chunking up the Problems

We start by breaking our problem P into 2 parts, it’s

  1. Solvable without LLM
  2. Solved only with LLM

In many problems that systems using LLM tries to solve, there is usually this predictable fixed part and this unpredictable/hard problem (needing LLM assistance), Many systems do it wrong by having LLM solve both parts, in which they sometimes do solve it but it adds additional overhead (tokens, time, etc)

Rather than that, You can identify core problems and have only them get solved, while augment it with traditional algorithms/etc, so your LLM only have to work on the most important things (and in atomic manner)

Better Prompt/Latest Techniques

Might seem obvious, but in this currently changing landscapes, there are so many new techniques to write prompt, many of them actually might fix your problems (Like I used COSTAR technique, was nice).. or for example use latest approach to generations, the best example is using the latest OpenAI functions based approach to get your resultant json, rather than asking in prompt to generate your result in x, y, z prompt!

Also using the latest approach to send system/user prompt, majorly solves the problem of Prompt Injection as well.. so keep looking for new/better approach in this industry!

De-hallucinating

Now, this is a technique where I fill the results of LLMs with sanity checks, for example checking if the values are of type X or if it is in list of possible values. by doing so, I can either remove bad values/results or in some cases fix them! Example for output where you should be getting one property value as int, ie {“data”: 24}, you have instead got the result as {“data”:”24″}, See? Well simply you can add a test which checks if the int expected field contains a string which by itself is integer and thus convert it if that’s the case!

Just remember this quote when accounting for edge cases

If you believe it can fail, It will fail

Harishankar Kumar, in context of LLMs generated results

Secondary Augmentation and Others (Optional)

Well, this is the last but not very important step, by seconday augmentation I simply mean that checking up the results of LLM system and adding more features/data based upon, for example for LLM system that generate summary of passages provided, you can have an ML model that can for example at the end of pipeline, adds a confidence score that tells how much coherent/confident it is on the results and use this score to inform user the same!

Or use multi-step generation, where result of one part is fed as input to another prompt, well the possibilities are endless!

Example

To explain it better, let’s start by giving examples.. so in the startup I’m working for, there was this problem where we have to understand user search query and generate relevant elasticsearch based filters upon them

So for example, a user may enter “riped apples” then the LLM should generate something like a filter where fruit should be apple, and status should be ripe or something, and it should be in elasticsearch query format.. something like:

"bool": {
    "must": [
        { "match": { "status": "ripe" }},
        { "match": { "fruit": "apple" }}
    ]
}

Now if you will notice closely, this single problem can be broken into two parts,

  1. Understanding user query and finding attributes/filters
  2. Converting filters to elasticsearch query format

So initially while getting this task done, I was having a prompt that solves for both 1 and 2 in one go, to do that I had llm instructed and generate elasticsearch filters.. Well it did work fine but It had some big issues like:

  1. If anytime I have to add extra data to filters, for example what weights should it have/etc then I had to instruct LLM to add those params as well (while also passing to input string)
  2. It has to do multiple steps, for example understanding user query and also generating relevant filters, this performance of multiple tasks in one prompt reduced overall efficiency of system, and thus made mistaks poor performance in core of the task (that is finding attributs from user query)
  3. I was completely offloading all the task to LLM, so in case of any errors/hallucinations, the search might fail miserably (as I was directly plugging the generated filters to search) – So in this case blindly beliving that the LLM will generate right result (which more often than not.. incorrect)

Solving using Super Filter Approach

Chunking up the problem

We chunked this problem into two steps (as described above), then we had our LLM generate result for only #1 ie (Understanding user query and finding attributes/filters), on top of which we wrote a simple algorithm which converts the said result into elasticsearch format..

so we had our LLM to generate results in format: 

[
    {
      "name": "status",
      "value": "ripe",
      "operator": "="
    },
    {
      "name": "fruit",
      "value": "apple",
      "operator": "="
    }
]

and then after runing other steps converting this format to elasticsearch query format!

Better Prompt/Latest Technique

To make sure we get consistent result/output, we used openai’s latest function based approach, basically instructing LLM to call our hypothetical function with filled generated data and supplying structure of these parameters, You can read more about them here, So in the end, it was this simple:

# Define outputs schemas
class FilterAttribute(BaseModel):
    name: str
    value: Union[str, float]
    operator: str

class GenAIQueryFilter(BaseModel):
    filters: List[FilterAttribute]

# Our query
query = "riped apples"

# OpenAI way to function calling!
response = await client.chat.completions.create(
    model="gpt-3.5-turbo",
    messages=[
        {"role": "system", "content": "You are an AI assistant that finds relevant filters for a user query"},
        {"role": "user", "content": f"Call function, Query: {query}"}
    ],
    functions=[
        {
        "name": "get_query_attribute",
        "description": "Get attribute filters based on the user query and available properties.",
        "parameters": GenAIQueryFilter.model_json_schema()
        }
    ],
    function_call={"name": "get_query_attribute"},
    temperature=0.5,
)

# Convert output to json and then load to python object
output = json.loads(response.choices[0].message.function_call.arguments)
return GenAIQueryFilter(**output)
De-hallucinating

To dehallucinate our result, We wrote simple algorithm to iterate through each generated filter and check if the attribute name exist in our underlying engine, and drop bad/invalid filters.. This act of validation/sanitizing is almost cost-less compared to generating filters from user query!

Secondary Augmentation .. Others

We finally had this output, converted to elasticsearch query filters, so in the end we should be getting result similar to

[
    {
      "name": "status",
      "value": "ripe",
      "operator": "="
    },
    {
      "name": "fruit",
      "value": "apple",
      "operator": "="
    }
]

Ending up

Thank you very much for reading till the end! I hope you liked the article and my hypothesized super flter model! As usual do forgive any grammatical/writing errors and follow our work at Neurotask AI with all your support! (We would love it), With this being said do comment out your honest thoughts on this matter, or any different observations, I would love to hear them out!

See ya all, til’ next time!

Similar Posts

| | | | |

Revelations About the Thapar WiFi, and the Utilities Regarding Them! [EACCESS, TU, LC, etc]

ByHSK

Sup fellas! Doing good? Hope so! So finally I have decided to write this article, after procrastinating a lot (Thank you my inner self) and thinking about this a lot. So what is this about? Have you ever used the Thapar Wifi and wondered about the inner workings of this mass deployed wireless infrastructure? Well,…

| |

Execute Native Binaries Android Q+ (No Root)

ByHSK

The change to block exec() on application data files for targetAPI >= Q is working-as-intended. Please see https://android-review.googlesource.com/c/platform/system/sepolicy/+/804149 for background on this change. Calling exec() on writable application files is a W^X (https://en.wikipedia.org/wiki/W%5EX) violation and represents an unsafe application practice. Executable code should always be loaded from the application APK. While exec() no longer works…

Hacking Safe Exam Browser(s), Bypassing VM Detection
| | | |

Hacking Safe Exam Browser(s), Bypassing VM Detection

ByHSK

Hey! How are you doing? Welcome to yet another blog documenting my recent technical exploit, which is hacking safe exam browser(s) and giving your online tests under virtual machines! But before starting, let me present to you the old boring warning! All the content I show here is for educational purposes only, I do not…

Leave a Reply

Your email address will not be published. Required fields are marked *