I think what he meant by port was to create an analogous software for code.

Code generators are autoregressive (code->code) not labeled (text->image) so the attack wouldn't work. Also, you can actually tell if a code model works or not while you're training it, by running tests on the output.

You could put up a lot of misleading code where the comments are wrong or there's bugs in it… seems bad for obvious reasons though.

wasn't there an attack a while ago that used hidden characters to break compilers? i'll see if i can dig it up. maybe something like that could be used for github. you'd have to have a pre commit and pull hook that would encode / decode the malicious characters

found it. here's the paper https://trojansource.codes/trojan-source.pdf

Wouldn't you just need to write a bunch of bad code?

applying it to good (highly rated) code would do more damage to the model

the behaviour would be identical for the end user, but very different for those stealing, sorry, "training AI models" from it

> Stealing

Are you old enough to remember "You wouldn't download a car"?

Did you read "the right to read" and take it as a training manual and not a warning?