Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” > Abstract:As AI models become more embedded in critical sectors like finance, > healthcare, and the military, their inscrutable behavior poses ever-greater > risks to society. To mitigate this risk, we propose Guillotine, a hypervisor > architecture for sandboxing powerful AI models—models that, by accident or > malice, can generate existential threats to humanity. Although Guillotine > borrows some well-known virtualization techniques, Guillotine must also > introduce fundamentally new isolation mechanisms to handle the unique threat > model posed by existential-risk AIs. For example, a rogue AI may try to > introspect upon hypervisor software or the underlying hardware substrate to > enable later subversion of that control plane; thus, a Guillotine hypervisor > requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, > and storage devices that support the hypervisor software, to thwart side > channel leakage and more generally eliminate mechanisms for AI to exploit > reflection-based vulnerabilities. Beyond such isolation at the software, > network, and microarchitectural layers, a Guillotine hypervisor must also > provide physical fail-safes more commonly associated with nuclear power > plants, avionic platforms, and other types of mission critical systems. > Physical fail-safes, e.g., involving electromechanical disconnection of > network cables, or the flooding of a datacenter which holds a rogue AI, > provide defense in depth if software, network, and microarchitectural > isolation is compromised and a rogue AI must be temporarily shut down or > permanently destroyed. ...

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security.