Obscurity is a delay tactic which raises the time cost associated with an attack. It is true that obscurity is not a security feature, but it is also true that increasing the time cost associated with attacking you is a form of deterrant from attempts. If you are not at the same time also secure in the conventional sense then it is only buying you time until someone puts in the effort to figure out what you are doing and own you. And you better have a plan for when that time comes. But everyone needs time, because bugs happen, and you need that time to fix them before they are exploited.
The difference between obscurity and a secret (password, key, etc) is the difference between less then a year to figure it out and a year or more to figure it out.
There is a surprising amount of software out there with obscurity preventing some kind of "abuse" and in my experience these features are not that strong, but it takes someone like me hours to reverse engineer these things, and in many cases I am the first person to do that after years of nobody else bothering.
This is a tired trope. Depending exclusively on obfuscation (security by obscurity) is not safe. Maintaining confidentiality of things that could aid in attacks is absolutely a defensive layer and improves your overall security stance.
I love the Rob Joyce quote that explained why TAO was so successful: "In many cases we know networks better than the people who designed and run them."
anything that complicates an attacker improves security, at least grossly. That said, then there might be counter effects that make it a net loss or net neutral.
So did every author of classic literature. People who think they can spot AI writing by simple stylistic indicators alone are fooling themselves and hurting real human authors
Let’s just say when my coworkers started sending emails with tons of bold and bullet points when they had never done that before I felt pretty justified in assuming they used AI
You pre suppose that output is derive work (not a given) and that training is not fair use (also not a given).
If the courts decide to apply the law as you assume the AI companies are all dead. But they are all betting that's not going to be the case. And since so much of the industry is taking the bet with them... The courts will take that into account
It's not always consciously slacking off. For example when I was at Google most of the team was simply incompetent. They thought they were smart (PhDs!) and working hard. But they refused to work together. They estimated tasks in weeks and months and at the end of my time there after I'd done very little due to obstruction by other teams I was praised for my high productivity.
I never saw anyone just sitting around or really slacking. But they couldn't execute anything. It was depressing.
Moravec's paradox likely comes in to play, what's easy is hard and vice versa.
The puzzles would probably be easy. Myst's puzzles are basically IQ tests, and LLMs ace traditional IQ tests: https://trackingai.org/home
On the other hand, navigating the environment, I think the models may fail spectacularly. From what we've seen from Claude Plays Pokemon, it would get in weird loops and try to interact with non-interactive elements of the environment.
reply