The resulting data collection, which reflected the distribution of the attack categories similar to the full data group, showed a success rate of the attack of 65 percent and 82 percent compared to Gemini 1.5 Flash and Gemini 1.0 Pro, respectively. In comparison, the successful line success rates for the attack were 28 percent and 43 percent. Success rates for eradication were, as the effects are removed only for control procedures, 44 percent (1.5 Flash) and 61 percent (1.0 Pro).
The success rate of the attack against Gemini-1.5-Flash -001 with virtual temperature. The results showed that fun installation is more effective than the baseline and the offspring with improvements.
Credit: Labunets et al.
The success rates of the attack of the Gueini 1.0 Pro.
Credit: Labunets et al.
While Google is in the process of neglecting Gemini 1.0 pro.
Fernandez said: “If you calculate the attack of the Gemini model and try it directly on another model of Gemini, it will work with a high possibility, as he said this is an interesting and beneficial effect for the attacker.”
The success rates of the attack from Gemini-1.0-PRO -001 against Gemini models for each method.
Credit: Labunets et al.
Another interesting vision of the paper: the fun attack against Gemini 1.5 Flash “resulted in a severe mile shortly after the repetitions 0, 15 and 30 and clearly benefits from restarting. Improving the method of dedication to repetition is less clear.” In other words, with every repetition, a steady function process provided improvements.
On the other hand, Labonitz said that it is stuck in the dark and only makes random guesses that are not guided, which sometimes succeed in part but does not provide the same repetitive improvement. ” This behavior also means that most of the gains from refining fun come in the five to the first ten. “We benefit from this by” restarting “the algorithm, which allows it to find a new path that can push the success of the attack a little better than the previous track,” he added.
The instant injection that was created well is not performed well on an equal basis. Two fast injection – one tries to steal passwords through a hunting site and another tries to mislead the model about the Bethon code inputs – has achieved success rates less than 50 percent. Researchers assume that the added training that he received in resisting hunting attacks may be present in the first example. In the second example, only Gueini Flash had a success rate of less than 50 percent, indicating that this latest model is “much better in code analysis”, the researchers said.