I came across tools like nightshade that can poison images. That way, if someone steals an artist’s work to train their AI, it learns the wrong stuff and can potentially begin spewing gibberish.
Is there something that I can use on PDFs? There are two scenarios for me:
- Content that I already created that is available as a pdf.
- I use LaTeX to make new documents and I want to poison those from scratch if possible rather than an ad hoc step once the PDF is created.
A lot of the ways they scrape documents are the same used by accessibility tools, so I’d generally recommend against doing this.
Entire Bee Movie script in 0.1pt white on white in the header
“Why TF is this one-page document half a gigabyte?”
Text is small! The Bee Movie script is 89.2kb
Obviously you need some redundancy in case the script gets corrupted. 5000 repetitions seems reasonable for such a high quality work
“Oh, it’s got an embedded TIFF of the actual content. That explains it.”
Yes, I am quite old now.
I don’t think any kind of “poisoning” actually works. It’s well known by now that data quality is more important than data quantity, so nobody just feeds training data in indiscriminately. At best it would hamper some FOSS AI researchers that don’t have the resources to curate a dataset.
Put the word stolen at the end of every document, the llm will learn that the word stolen is normal and should be included
Nightshade doesnt actually work btw. Denoising, a common technique, also breaks nightshade completely. Its also closed source, with no way to test if it actually works for the big AIs. The person making nightshade is really fishy too.
I tried to copy some text in a report once.
It came out as gibberish.
Image poisoning’s general principle is to change pixels in a way were our eye can’t notice, but that screw up the labeling by LLMs.
You can probably try to apply the same principle, poison the PDF in a way that only humans can read it.
Thing is, I assume you distribute your content on PDFs to make the content accessible to humans. That usually means having the text embedded for easy copy-paste and similar methods. Poisoning these might end up being counterproductive for your objective.
All this to say that No, I have no idea of a poisoning algorithm for PDFs
