Tom Goldstein
@tomgoldsteincs
Followers
27K
Following
5K
Media
260
Statuses
2K
Professor at UMD. AI security & privacy, algorithmic bias, foundations of ML. Follow me for commentary on state-of-the-art AI.
Joined January 2019
#StableDiffusion is being sued for copyright infringement. Our recent #CVPR2023 paper revealed that diffusion models can indeed copy from training images in unexpected situations. Let’s see what the lawsuit claims are, and if they're true or false 🧵 https://t.co/0dwmtmy0TJ
9
62
316
Llama models can increase their performance on reasoning benchmarks if we fine-tune them to "think" longer with recurrence 👇
Looped latent reasoning models like TRM, HRM, Ouro and Huginn are great for reasoning, but they’re inefficient to train at larger scales. We fix this by post training regular language models into looped models, achieving higher accuracy on a per training FLOP basis. 📜1/7
0
5
24
See @MonteBHoover's original tweet above, or this stuff: Paper: https://t.co/kLcgxoloYG Models: https://t.co/F0qi7BWqny… Dataset: https://t.co/fn1LuYevFF…
huggingface.co
1
0
8
This work was inspired by a convo with a medical chatbot developer. Commercial moderation APIs flag medical discussions involving anatomy as sexual content (which they could be...in a different context). They wanted a model that let them customize the policy to their use case.
1
0
8
Our new guardian model lets you create LLM guardrails using natural text. This little 8B model efficiently checks in real time whether chatbots comply with bespoke moderation policies. It's not often that academics beats industry models, but DynaGuard stacks up well!
Guardrails with custom polices are hard for models trained on safety and harm-related datasets. But what if you trained a guardian model on arbitrary rules? Introducing DynaGuard, a guardian model for custom policies: https://t.co/oPWOZstRUQ
1
8
33
🚨 How much parameter redundancy does LoRA really contain? We introduce LoRI, a method that keeps performance strong—even when we drastically shrink trainable parameters of LoRA. 🧵1/N
5
39
282
fine-grained editing of videos is hard. if I use a Video Diffusion Transformer to make my videos, just adding "red" to the prompt totally changes the video. in our new paper, we dive deep into the attention maps of VDiTs and find a way to do fine-grained editing, and other stuff!
2
17
129
Great article by @anilananth on latent reasoning systems coming out of @AIatMeta, @umdcs , and @ELLISInst_Tue. https://t.co/jWAAiJu1gZ
quantamagazine.org
We insist that large language models repeatedly translate their mathematical processes into words. There may be a better way.
2
12
48
A lot of papers claim to have low-memory optimizers that are just as good as Adam. Our recent study observes that this isn't always true - but we try to nail down when it is.
Low-memory optimizers sometimes match Adam but aren't as reliable, making practitioners reluctant to use them. We examine when Adam's second moments can be compressed during training. We also introduce SlimAdam, which compresses moments when feasible & preserves when detrimental
2
5
78
For big training runs (10^26 FLOPs), 10X over-training sacrifices just 0.01 nats of loss. Some of this will be made up by the efficiency of training a smaller model. This reading of the scaling laws tells us NOT to train huge models, as moderate overtraining is nearly free.
1
1
17
Scaling laws can predict the training loss for different over-training factors. For a fixed FLOP budget, a 2X overtrained model is smaller than optimal, but gets to train on 2X the optimal tokens for its size. Scaling laws predict that you lose very little by overtraining.
1
2
10
Chinchilla says optimal models should have 1 parameter per 20 tokens. This makes models really big. Our scaling law predicts that "optimal" models should be even bigger. But this doesn't mean you should train large models.
2
0
5
Our new models for studying scaling laws are out! The Gemstones are 4K checkpoints (22 models) trained on 10T token combined, with varying architectures and learning rates. Here’s my fav new scaling experiment. It explains why industry has abandoned big dense models 🧵 (1/4)
Introducing the Gemstones💎. 22 models ranging from 50M to 2B parameters, spanning 11 widths and 18 depths trained for 350B tokens of Dolma to allow for a more detailed analysis of scaling laws. 1/n
4
31
184
@sayashk points out that OpenAIs Operator is more robust than the Anthropic/MultiOn/ChemCrow system we attacked. Operator wasn't out yet when we were running experiments, so don't assume the results carry over. https://t.co/vz060IxAGg
Very interesting paper on prompt injecting agents! But I was unable to replicate it on OpenAI Operator. OpenAI uses a classifier to detect prompt injection and asks for human input. There might be other attacks, but there are many low-hanging fruit to detect prompt injection.
1
1
9
Turns out LLM web agents are very brittle to attacks. Once you get them to Reddit, they'll do whatever an attacker wants. Leak credit card info, send phishing emails, etc. Anyone can put anything on Reddit. These simple attacks are all executed by (smart) undergrads!
AI web agents like Operator and Anthropic’s Computer Use can operate a browser, but the LLMs inside are brittle, and you can’t trust what’s on the web. In this 🧵, I’ll show how adversaries can fool Anthropic’s web agent into sending phishing emails or revealing credit card info.
3
14
123
Nowadays ML project feel like they need to be compressed into a few months. Its refreshing to be able to work on something for a few years! But also a slog.
Ok, so I can finally talk about this! We spent the last year (actually a bit longer) training an LLM with recurrent depth at scale. The model has an internal latent space in which it can adaptively spend more compute to think longer. I think the tech report ...🐦⬛
4
4
112
Thanks @SeanMcleish @neeljain1717 @jwkirchenbauer @siddharth_3773 @bartoldson @bkailkhu @bhatele. Superhero @jonasgeiping started architecture searching for this two years ago, and wrote a distributed framework from scratch to circumvent bugs on AMD GPUs 🤯
1
5
91
My lab has been scaling test-time compute for a while. We got recurrent "Deep Thinking" models to synthesize complex algorithms in 2021. We did it for transformer arithmetic in 2024. Huginn is our first general LLM. https://t.co/OasglrHatz
Neural algorithm synthesis is done by giving models a human-crafted programming language and millions of sample programs. Recently, my lab looked at whether neural networks can synthesize algorithms on their own without these crutches. They can, with the right architecture. 🧵
2
4
125
...but don't get too excited cuz we don't beat OLMo2 🤡 Here's our paper: https://t.co/TNJDVHDC1M
3
8
135
Huginn is just a proof of concept. Still, Huggin-3.5B can beat OLMo-7B-0724 (with CoT) at GSM8K by a wide margin (42% vs 29%). Huginn has half the parameters, 1/3 the training tokens, no explicit fine-tuning, and the LR was never annealed. Latent reasoning still wins.
1
4
122