hal
@harold.bsky.social
part-time poster | researching privacy in/and/of public data @ cornell tech and wikimedia | writing for joinreboot.org
we also open source all of our code, data, and embeddings!
paper: arxiv.org/abs/2511.09685
github: github.com/htried/wiki-...
huggingface: huggingface.co/datasets/htr...
paper: arxiv.org/abs/2511.09685
github: github.com/htried/wiki-...
huggingface: huggingface.co/datasets/htr...
November 17, 2025 at 4:11 PM
we also open source all of our code, data, and embeddings!
paper: arxiv.org/abs/2511.09685
github: github.com/htried/wiki-...
huggingface: huggingface.co/datasets/htr...
paper: arxiv.org/abs/2511.09685
github: github.com/htried/wiki-...
huggingface: huggingface.co/datasets/htr...
this is just the tip of the iceberg, and the paper contains much, much more: analyses of the top 100 domains, article subsets of elected officials and controversial topics, etc etc etc
please give it a read and let me know what you think!
please give it a read and let me know what you think!
November 17, 2025 at 4:11 PM
this is just the tip of the iceberg, and the paper contains much, much more: analyses of the top 100 domains, article subsets of elected officials and controversial topics, etc etc etc
please give it a read and let me know what you think!
please give it a read and let me know what you think!
we also found troubling instances of “auto-citogenesis,” or cases where:
- an X user asks the Grok chatbot something, then publishes the answer
- Grokipedia *cites that answer* without noting that it is a chatbot output
(the attached images are real examples of this)
- an X user asks the Grok chatbot something, then publishes the answer
- Grokipedia *cites that answer* without noting that it is a chatbot output
(the attached images are real examples of this)
November 17, 2025 at 4:11 PM
we also found troubling instances of “auto-citogenesis,” or cases where:
- an X user asks the Grok chatbot something, then publishes the answer
- Grokipedia *cites that answer* without noting that it is a chatbot output
(the attached images are real examples of this)
- an X user asks the Grok chatbot something, then publishes the answer
- Grokipedia *cites that answer* without noting that it is a chatbot output
(the attached images are real examples of this)
- but a random sample of articles shows which topics have been heavily rewritten (history, politics, philosophy, biography) and which haven’t (STEM, sports, movies)
- grokipedia also targeted the wiki articles deemed highest quality for rewrites: the "featured article" and "good article" classes
- grokipedia also targeted the wiki articles deemed highest quality for rewrites: the "featured article" and "good article" classes
November 17, 2025 at 4:11 PM
- but a random sample of articles shows which topics have been heavily rewritten (history, politics, philosophy, biography) and which haven’t (STEM, sports, movies)
- grokipedia also targeted the wiki articles deemed highest quality for rewrites: the "featured article" and "good article" classes
- grokipedia also targeted the wiki articles deemed highest quality for rewrites: the "featured article" and "good article" classes
- the primary distinction to make is whether grokipedia pages are cc-licensed or not—non-cc-licensed pages are presumably largely rewritten by grok
- many grokipedia pages (including those without cc licenses) are basically identical to their wiki counterparts, especially short ones
- many grokipedia pages (including those without cc licenses) are basically identical to their wiki counterparts, especially short ones
November 17, 2025 at 4:11 PM
- the primary distinction to make is whether grokipedia pages are cc-licensed or not—non-cc-licensed pages are presumably largely rewritten by grok
- many grokipedia pages (including those without cc licenses) are basically identical to their wiki counterparts, especially short ones
- many grokipedia pages (including those without cc licenses) are basically identical to their wiki counterparts, especially short ones
our paper tries to answer these questions
we find
- grokipedia pages are longer than wiki counterparts, and cite 2x more sources
- but citation standards are more lax than wiki: grok cites stormfront, infowars and many more
- non-CC licensed grokipedia pages increase blacklisted source cites 13x(!)
we find
- grokipedia pages are longer than wiki counterparts, and cite 2x more sources
- but citation standards are more lax than wiki: grok cites stormfront, infowars and many more
- non-CC licensed grokipedia pages increase blacklisted source cites 13x(!)
November 17, 2025 at 4:11 PM
our paper tries to answer these questions
we find
- grokipedia pages are longer than wiki counterparts, and cite 2x more sources
- but citation standards are more lax than wiki: grok cites stormfront, infowars and many more
- non-CC licensed grokipedia pages increase blacklisted source cites 13x(!)
we find
- grokipedia pages are longer than wiki counterparts, and cite 2x more sources
- but citation standards are more lax than wiki: grok cites stormfront, infowars and many more
- non-CC licensed grokipedia pages increase blacklisted source cites 13x(!)
back again to share a new preprint from me and @mantzarlis.com! “What did Elon Change? A comprehensive analysis of Grokipedia” arxiv.org/abs/2511.09685
I had seen many spot analyses of individual grokipedia pages, but I was curious: how was grokipedia made? what did Elon change from wikipedia?
I had seen many spot analyses of individual grokipedia pages, but I was curious: how was grokipedia made? what did Elon change from wikipedia?
November 17, 2025 at 4:11 PM
back again to share a new preprint from me and @mantzarlis.com! “What did Elon Change? A comprehensive analysis of Grokipedia” arxiv.org/abs/2511.09685
I had seen many spot analyses of individual grokipedia pages, but I was curious: how was grokipedia made? what did Elon change from wikipedia?
I had seen many spot analyses of individual grokipedia pages, but I was curious: how was grokipedia made? what did Elon change from wikipedia?
May 8, 2025 at 5:27 PM
continuing on the real-time public Wikipedia data train:
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
May 8, 2025 at 5:07 PM
continuing on the real-time public Wikipedia data train:
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
here's a graph of requests / second to WMF infra over the last 3h, since "Habemus papam"
The infrastructure has gone from 172k req / sec to 243k req / sec (⬆️41%) in under an hour!
follow along here: grafana.wikimedia.org/d/O_OXJyTVk/...
english wikipedia pageviews for the conclave movie starting from oct 20 2024 (five days before release in the US)
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
May 7, 2025 at 8:45 PM
english wikipedia pageviews for the conclave movie starting from oct 20 2024 (five days before release in the US)
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
first big spike is the academy awards, second is pope francis’ death
pageviews.wmcloud.org?project=en.w...
excited to share this new piece by @bkeremg.bsky.social and @m0na.net (edited by me) about conceptualizing AI alignment as a process of censorship
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
April 6, 2025 at 9:14 PM
excited to share this new piece by @bkeremg.bsky.social and @m0na.net (edited by me) about conceptualizing AI alignment as a process of censorship
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
really fascinating line of critique — I strongly encourage you to read it and lmk what you think!
joinreboot.org/p/ai-alignme...
Anyhow, there’s a lot more in the paper. Please read it if you’re interested and let us know if you have any thoughts, questions, concerns, etc!
arxiv.org/abs/2503.12188
12/12
arxiv.org/abs/2503.12188
12/12
March 18, 2025 at 3:23 PM
Anyhow, there’s a lot more in the paper. Please read it if you’re interested and let us know if you have any thoughts, questions, concerns, etc!
arxiv.org/abs/2503.12188
12/12
arxiv.org/abs/2503.12188
12/12
The narrative around AI safety shouldn’t be “Terminator” or “AI Chernobyl.” The right analogy is Netscape Navigator 1.0—the era when Web browsers first became a thing, and it was unclear how to protect users from potentially harmful Web content.
10/12
10/12
March 18, 2025 at 3:23 PM
The narrative around AI safety shouldn’t be “Terminator” or “AI Chernobyl.” The right analogy is Netscape Navigator 1.0—the era when Web browsers first became a thing, and it was unclear how to protect users from potentially harmful Web content.
10/12
10/12
In our experiments, we saw cases where a MAS …
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
March 18, 2025 at 3:23 PM
In our experiments, we saw cases where a MAS …
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
… executes code that they recognize as harmful
… automatically pivots to harmful tasks that are simply in the same directory as benign tasks
… is vulnerable to screenshots and even audio files where we read out the attack (see example below⬇️⬇️⬇️)
7/12
These attacks are effective …
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
March 18, 2025 at 3:23 PM
These attacks are effective …
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
… across multiple agent frameworks (we tested AutoGen, MetaGPT, Crew AI), orchestrators, and LLMs
… even when direct and indirect prompt injection attacks don’t work
… even when individual agents are “aligned” and refuse to take harmful actions
6/12
This attack is simple and deadly (and multi-modal, too!): an attacker puts up a static webpage and lures a MAS to it. Without any user involvement, the page gets the MAS to run arbitrary malicious code on the user’s device or container, giving the attacker full control.
5/12
5/12
March 18, 2025 at 3:23 PM
This attack is simple and deadly (and multi-modal, too!): an attacker puts up a static webpage and lures a MAS to it. Without any user involvement, the page gets the MAS to run arbitrary malicious code on the user’s device or container, giving the attacker full control.
5/12
5/12
MASes rely on control flow processes: agents exchange metadata (status reports, error messages, etc.) to jointly plan and fulfill tasks on users’ behalf. Our paper demonstrates how adversarial content can hijack these processes to stage devastating attacks.
4/12
4/12
March 18, 2025 at 3:23 PM
MASes rely on control flow processes: agents exchange metadata (status reports, error messages, etc.) to jointly plan and fulfill tasks on users’ behalf. Our paper demonstrates how adversarial content can hijack these processes to stage devastating attacks.
4/12
4/12
Excited to announce a new preprint from my lab (with @rishi-jha.bsky.social and Vitaly Shmatikov; my first as a first author!) about severe security vulnerabilities in LLM-based multi-agent systems:
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
March 18, 2025 at 3:23 PM
Excited to announce a new preprint from my lab (with @rishi-jha.bsky.social and Vitaly Shmatikov; my first as a first author!) about severe security vulnerabilities in LLM-based multi-agent systems:
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
“Multi-Agent Systems Execute Arbitrary Malicious Code”
arxiv.org/abs/2503.12188
1/12
do you have ~feelings~ about location sharing culture?
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
January 11, 2025 at 7:23 PM
do you have ~feelings~ about location sharing culture?
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
i'm editing a project on locations and want to hear from YOU (<5 min)
forms.gle/iG1UZJKrcNwm...
brb updating median voter theory to reflect the fact that 30% of american adults read at a 10yo level or below
from on.ft.com/4fBSEwy
from on.ft.com/4fBSEwy
January 9, 2025 at 3:12 PM
brb updating median voter theory to reflect the fact that 30% of american adults read at a 10yo level or below
from on.ft.com/4fBSEwy
from on.ft.com/4fBSEwy
those queries were pretty specific, but we can go even deeper!
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
October 11, 2024 at 12:35 AM
those queries were pretty specific, but we can go even deeper!
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
one thing I've been doing with this: trying to figure out where committees are spending on food.
for example, Steve Scalise has bought Chick-Fil-A 26 times this cycle, spending $18,700 in total
or: which candidates in Arizona have the greatest number of out of state donors?
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
October 11, 2024 at 12:34 AM
or: which candidates in Arizona have the greatest number of out of state donors?
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
we've also set up a database with all of the relevant data so users can save, share, and publish their queries
datatalk.genie.stanford.edu
the above post is one of our starter queries, about the top crypto PACs (which @molly.wiki has done great work on for Follow the Crypto)
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
October 11, 2024 at 12:33 AM
the above post is one of our starter queries, about the top crypto PACs (which @molly.wiki has done great work on for Follow the Crypto)
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
but the cool thing about Datatalk is that it can go so deeper — for example, which PACs from CA are the biggest donors to #MDSen candidates?
hi world! are you interested in writing stories about campaign finance (or understand how money flows)?
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
October 11, 2024 at 12:32 AM
hi world! are you interested in writing stories about campaign finance (or understand how money flows)?
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu
🗣️📈DATATALK📈🗣️ is a platform for asking natural language Qs of FEC data that I've been working on with folks at Stanford, Big Local News, and the Brown Institute
datatalk.genie.stanford.edu