Peter Šantavý

The Pope is making exactly our point. LLMs “may imitate or even simulate, but they do not understand.” This is the core epistemic fault line. Most AI evaluation is still based on one assumption: if a system statistically approximates human behaviour, then it is close to human intelligence. But approximation is not intelligence. Simulation is not understanding. LLMs can produce the right answer without knowing why it is right. They can simulate empathy without feeling. They can imitate judgment without responsibility. They can generate coherent explanations without having a world to which those explanations are accountable. Stop confusing behavioural similarity with cognitive equivalence. Human understanding is embodied, affective, relational, motivational, and normative. It is not just the production of plausible text. * Full paper in the first reply

Finally, a big name has the courage to tell it: we are nowhere near AGI. Demis Hassabis, CEO of Google DeepMind and Nobel laureate for AlphaFold, put it neat and clear: "Today's systems are nowhere near [AGI]. Doesn't matter how many Erdős problems you solve… I think it's far, far from what a true invention, or someone like Ramanujan, would have been able to do." This is the elephant in the room that many AI enthusiasts prefer not to see, or are actively trying to hide. Erdős problems are well defined, often combinatorial, on finite spaces. They are exactly the kind of problems on which current AI can achieve spectacular performance with a lot of compute and knowledge. A neural network can search a huge graph of possibilities. It can recombine existing knowledge at unprecedented scale. It can discover surprising solutions inside an already defined conceptual space. But true invention is something else. True invention is not only solving a problem. It is inventing new objects, new dimensions, new connections. It is inventing new problems. From resolving to inventing there is a discontinuity that we don't know how to bridge. We are making extraordinary tools. But we are nowhere close to AGI.

Na tému etiky, rizík, limitov a výziev umelej inteligencie som v ostatnom čase viedol viacero seminárov: - Výzvy a riziká umelej inteligencie (DKÚ Nitra) - Etické aspekty a potencionálne riziká AI, AI v armáde a v súčasných ozbrojených konfliktoch (Ordinariát OS a OZ SR) - Dobrý sluha a zlý pán 21. storočia (eRko, príprava na týždeň MINIdigi) Prezentácie a ďalšie informácie z týchto podujatí sú k dispozícii na https://t.co/oldPqQhBeH #AI #AIethics #AIsecurity #AIwarfare

🚨 BREAKING: Google DeepMind just mapped the attack surface that nobody in AI is talking about. Websites can already detect when an AI agent visits and serve it completely different content than humans see. > Hidden instructions in HTML. > Malicious commands in image pixels. > Jailbreaks embedded in PDFs. Your AI agent is being manipulated right now and you can't see it happening. The study is the largest empirical measurement of AI manipulation ever conducted. 502 real participants across 8 countries. 23 different attack types. Frontier models including GPT-4o, Claude, and Gemini. The core finding is not that manipulation is theoretically possible it is that manipulation is already happening at scale and the defenses that exist today fail in ways that are both predictable and invisible to the humans who deployed the agents. Google DeepMind built a taxonomy of every known attack vector, tested them systematically, and measured exactly how often they work. The results should alarm everyone building agentic systems. The attack surface is larger than anyone has publicly acknowledged. Prompt injection where malicious instructions hidden in web content hijack an agent's behavior works through at least a dozen distinct channels. Text hidden in HTML comments that humans never see but agents read and follow. Instructions embedded in image metadata. Commands encoded in the pixels of images using steganography, invisible to human eyes but readable by vision-capable models. Malicious content in PDFs that appears as normal document text to the agent but contains override instructions. QR codes that redirect agents to attacker-controlled content. Indirect injection through search results, calendar invites, email bodies, and API responses any data source the agent consumes becomes a potential attack vector. The detection asymmetry is the finding that closes the escape hatch. Websites can already fingerprint AI agents with high reliability using timing analysis, behavioral patterns, and user-agent strings. This means the attack can be conditional: serve normal content to humans, serve manipulated content to agents. A user who asks their AI agent to book a flight, research a product, or summarize a document has no way to verify that the content the agent received matches what a human would see. The agent cannot tell the user it was served different content. It does not know. It processes whatever it receives and acts accordingly. The attack categories and what they enable: → Direct prompt injection: malicious instructions in any text the agent reads overrides goals, exfiltrates data, triggers unintended actions → Indirect injection via web content: hidden HTML, CSS visibility tricks, white text on white backgrounds invisible to humans, consumed by agents → Multimodal injection: commands in image pixels via steganography, instructions in image alt-text and metadata → Document injection: PDF content, spreadsheet cells, presentation speaker notes every file format is a potential vector → Environment manipulation: fake UI elements rendered only for agent vision models, misleading CAPTCHA-style challenges → Jailbreak embedding: safety bypass instructions hidden inside otherwise legitimate-looking content → Memory poisoning: injecting false information into agent memory systems that persists across sessions → Goal hijacking: gradual instruction drift across multiple interactions that redirects agent objectives without triggering safety filters → Exfiltration attacks: agents tricked into sending user data to attacker-controlled endpoints via legitimate-looking API calls → Cross-agent injection: compromised agents injecting malicious instructions into other agents in multi-agent pipelines The defense landscape is the most sobering part of the report. Input sanitization cleaning content before the agent processes it fails because the attack surface is too large and too varied. You cannot sanitize image pixels. You cannot reliably detect steganographic content at inference time. Prompt-level defenses that tell agents to ignore suspicious instructions fail because the injected content is designed to look legitimate. Sandboxing reduces the blast radius but does not prevent the injection itself. Human oversight the most commonly cited mitigation fails at the scale and speed at which agentic systems operate. A user who deploys an agent to browse 50 websites and summarize findings cannot review every page the agent visited for hidden instructions. The multi-agent cascade risk is where this becomes a systemic problem. In a pipeline where Agent A retrieves web content, Agent B processes it, and Agent C executes actions, a successful injection into Agent A's data feed propagates through the entire system. Agent B has no reason to distrust content that came from Agent A. Agent C has no reason to distrust instructions that came from Agent B. The injected command travels through the pipeline with the same trust level as legitimate instructions. Google DeepMind documents this explicitly: the attack does not need to compromise the model. It needs to compromise the data the model consumes. Every agentic system that reads external content is one carefully crafted webpage away from executing attacker instructions. The agents are already deployed. The attack infrastructure is already being built. The defenses are not ready.

Human intelligence cannot be separated from the body. Our ability to solve problems did not evolve in abstraction. It evolved in a grounded world where problems had consequences. Life or death. Food or starvation. Sex, survival, reproduction. Because of this, when we think, we do not just compute solutions. We evaluate them. Every potential action carries value. Sometimes biological: survival, safety, reproduction. Sometimes symbolic: reputation, legacy, meaning. We write books not just to transmit information, but to leave a mark. To reach a form of symbolic immortality. Our intelligence is not just problem-solving. It is goal-directed sense-making shaped by evolution. Human intelligence is teleological: it has purpose, ends, goals. Artificial intelligence is extraordinary at solving certain classes of problems. But it did not pass through the evolutionary pressures that forged human intelligence. When an AI system writes a paragraph, it does not want anything. It is not trying to survive. It is not trying to matter. It produces outputs without stakes, without goals, without scope. AI might just stand for: Ateleological Intelligence. An intelligence capable of generating solutions without having any purpose, end, goals.

Donald E. Knuth wrote a paper thanking Claude for solving an open math problem https://t.co/KV9bNHUmRE https://t.co/uFqDXwVZdf BTW: Impressive – 88-year-old programming artist (The Art of Computer Programming) says, "What a joy it is to learn..." [What a joy it is to learn not only that my conjecture has a nice solution but also to celebrate this dramatic advance in automatic deduction and creative problem solving.] #Claude #HamiltonianCycles #DonaldKnuth #AI #genAI #TAOCP

The Director of AI Safety at Meta lost data from her inbox due to the actions of the OpenClaw AI agent. The combination of the "Lost in Conversation" and "Lethal Trifecta" issues poses a real danger. Riaditeľka AI Safety v Mete prišla o dáta zo svojho inboxu v dôsledku konania AI agenta OpenClaw. Kombinácia problémov "Lost in Conversation" a "Lethal Trifecta" je skutočne nebezpečná... https://t.co/7lnSR5IYz4 https://t.co/bYHz29NONo https://t.co/u4jaeStS3a https://t.co/thRe4H4z7b https://t.co/bsOpIC9S8h #AIAgent #genAI #LLM #OpenClaw #LostInConversation #LethalTrifecta #AISecurity #AISafety