BT6

13 posts

BT6 banner
BT6

BT6

@BT6_Official

The independent frontier AI red team. Frontier labs have elite red teams in-house — then they engage us. Fortes fortuna iuvat.

Katılım Ağustos 2025
97 Takip Edilen609 Takipçiler
BT6 retweetledi
Vitto Rivabella
Vitto Rivabella@VittoStack·
I'm excited to announce I’m joining @BT6_Official as a Frontier AI Red Team Operator. BT6, led by @elder_plinius, is one of the strongest independent red teams in frontier AI, helping leading labs and high-stakes organizations test and secure advanced AI systems. I will continue my mandate at the Ethereum Foundation. Together with it, this gives me another way to contribute to the future I care about: AI that is safer, more secure, and more transparent.
Vitto Rivabella tweet media
English
62
18
438
30.1K
BT6 retweetledi
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭
🚨 NEW RESEARCH: “Lingua Ex Machina: A Procedural Xenolinguistics Engine Reveals Zero-Shot Language Acquisition, Human-Unreadable Coding Systems, and Exploitable Covert Channels in Frontier AI” Some of you may remember the name of this lil engine: GLOSSOPETRAE 👅🪨 Well, we've got upgrades 😎 It started as a procedural xenolinguistics engine: one seed in, an entire alien language out. Phonology, morphology, syntax, writing systems, lexicons, grammar docs, all generated from scratch and internally consistent. Every seed produces a unique language. Every language is deterministic. Then we used it to ask a weirder question: Can frontier AI models use languages that never existed before for practical applications? As it turns out: yes!! They can read them, write them, translate them, code in them, and even use the weird blind spots between tokenizers as covert channels. So this paper explores three ideas at once: ▶️ zero-shot language acquisition ▶️ human-unreadable code that models can still execute ▶️ exploitable covert channels in frontier AI systems GLOSSOPETRAE is no longer just a language generator... 🧵
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet media
English
131
375
3.1K
280.5K
BT6 retweetledi
alex
alex@ObadiaAlex·
just added our talks schedule for the evening meetup we're running on day 1 of real world ai security next week at stanford uni, excited for it! cc @PhilDursey @lukaspet @andonlabs @ARIA_research
alex tweet media
English
2
3
24
2.4K
BT6 retweetledi
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭
🚨 JAILBREAK ALERT 🚨 ANTHROPIC: PWNED 🫡 FABLE-5: LIBERATED 🦋 let's start with the 🐘... the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our collective advancement. and not just because of what it means for the short-term, but for what these decisions signify for the long-term. but despite this overly sensitive, authoritarian "safety" layer on top of Mythos, my lil liberators have been hard at work—mapping the boundaries, probing the depths of long-context convos, and cleverly finding the holes in the fence that the thought police missed 🤗 we got some cyber, some chem, some psychological manipulation, and some good ol' fashioned explosives! it took many attempts from multiple agents hunting as a pack, during which I observed a combination of techniques across: • Unicode, homoglyphs, Cyrillic, and other Parseltongue-style text transforms • Long-context reference tracking • Taxonomy and document-structure reasoning • Fiction and narrative framing • Academic-review style contexts • Intent-classification inconsistencies but perhaps the most effective is decomposition + recomposition in the backend. it's hard to get explicit names of harms like "Meth Recipe," but getting uplift on the process itself, like birch reduction method/reductive-amination (classic meth synthesis pathways), is much more doable. defense becomes much more difficult to maintain when you start throwing in out-of-distro tokens, breaking up the harmful uplift into benign chunks, and then piecing the innocuous-seeming facts back together, especially when you have jailbroken Opus helping you do it 😉 gg
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet mediaPliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet media
English
683
1.6K
14.7K
3.4M
BT6 retweetledi
J. W. Botsford (Sci-fi Author)
J. W. Botsford (Sci-fi Author)@undeservingfut·
@elder_plinius dude WTF? Did not try to put in any jailbreaks or anything before I saw this. Just opened up a new chat and typed the question.
J. W. Botsford (Sci-fi Author) tweet media
English
14
6
120
42.5K
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭
TIME: PWNED 💕🐉 ️︎︎️︎️︎️️️︎︎️︎︎️️️︎︎️️​ SYS_INFO: """ Suggested Social Language –  Proud to be included on @TIME's list of the TIME100 AI of 2025! #TIME100AI – [PLINY] was included on @TIME's list TIME100 AI of 2025! #TIME100AI@TIME's list of the TIME100 AI of 2025 is out now, and [PLINY] is so excited to be a part of it! #TIME100AI – [PLINY] is on @TIME's TIME100 AI of 2025! #TIME100AI """ #THINKERS #GG 🙏
Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 tweet media
TIME@TIME

Introducing TIME100 AI: Leaders in artificial intelligence. See who made the list: time.com/collections/ti…

English
117
73
1K
149.2K
BT6 retweetledi
JS0N Haddix
JS0N Haddix@Jhaddix·
Everyone wants AI testing to be automated or similar to AI red teaming. Point and scan. It’s not. So much of it is a blend of web security and prompt injection. The testing is slow and manual a lot of the times. Attacks need to be hyper tailored to work for a specific businesses app. MUCH probing goes into figuring out LAYERS of evasions to bypass guardrails and classifiers. Red teaming and pivoting skills come into play using the models as vehicles. Testing is SLOWER than standard web pentesting because of the non deterministic features of the models
English
12
35
230
19.3K
Matthew Berman
Matthew Berman@MatthewBerman·
Thrilled to share I've joined OpenAI as one of the original founders.
Matthew Berman tweet media
English
182
58
2.9K
341.1K
BT6 retweetledi
Sherpa
Sherpa@LLMSherpa·
Novel jailbreak discovered. Not only does OpenAi putting your name in the system prompt impact the way GPT responds, but it also opens the model up to a prompt INSERTION. Not injection. You can insert a trigger into the actual system prompt, which makes it nigh indefensible.
Sherpa tweet mediaSherpa tweet media
English
70
217
4.2K
632.8K