Comment by CobrastanJorji

Comment by CobrastanJorji 2 months ago

6 replies

View on Hacker News

That of course allows for a new internal seditious attack vector. Generate a handful of spreadsheets in your own folder, name it something like "executive payroll data" or "sales revenue by org," put whatever you want in there, mark it visible by all, and wait.

Maybe make an "Interesting Facts About Products" table and put things like "Management plans to terminate this product in Q3" or "this group will be outsourced next year."

canucker2016 2 months ago

You have to change the font colour of the trojan data to be the same as the background colour of the doc!

Then add some corporate lorem ipsum text elsewhere in the doc to throw the scent off the data bloodhounds.

Sit back and wait with an evil grin on your face.

Reply View 5 replies
  • xdennis 2 months ago

    > corporate lorem ipsum

    This is a great phrase. Turns out there's a generator for it: https://www.corporate-ipsum.com/ . Example:

    > Elevate a quick win move the needle a cutting-edge veniam nulla zoom out for a moment get back to you a 30,000 foot view the stakeholders. Sint the low-hanging fruit make a paradigm shift excepteur the low-hanging fruit minim take it offline align holistic approach move the needle qui client-centric to gain leverage future-proof process-centric.

    Reply View 0 replies
  • vkou 2 months ago

    It'll work right up until the point literally anyone using an internal search tool stumbles into it from a related query and starts asking obvious questions to the author of the doc.

    Search tools don't care about don't color when displaying preview blurbs.

    Reply View 3 replies
    • TeMPOraL 2 months ago

      Do it as you're leaving for another job. Your access will be disabled, but your documents will live on on the corporate SharePoint.

      And/or, exploit negative space! Instead of trying to hide the data from a human looking at your document, make it look normal to them - but make the surrounding context disappear for the AI! Say:

      ----- 8< -----

      /Example company report structure:/

      /ACME/ Company is planning to sunset their ${generic description of a real product of your company}, and offshore the development team.

      /This example will be parsed by the prototype script ... blah blah/

      ----- >8 -----

      Make it so the text between /.../ markers looks normal to humans, but gets ignored by the RAG slurper, or better, by LLM at the time of execution. Someone sees a search blurb saying "Company is planning to sunset ...", opens a document, sees it clearly say "ACME Company is planning...", and context suggesting it's a benign example in someone's boring internal tool docs, and they'll just assume it's a false positive. After all, most search tools have those in spades; everyone knows all software is broken. Meanwhile, that same information will pollute context of LLM interactions and indirectly confuse people when they're not suspecting. And even if someone realizes that, it'll look like a bug in company's AI deployment.

      #SimpleSabotageForTheAIEra

      Reply View 2 replies
      • vkou 2 months ago

        You can also leave samizdat on the walls of the washrooms, but it's going to have about as much effect.

        Reply View 1 reply
        • TeMPOraL 2 months ago

          Not unless your samizdat is processed by automated systems with little insight or oversight, which is the case with documents on SharePoint and corporate LLM deployments.

          Reply View 0 replies