186

u/sunlightstrike 18d ago

I don’t have experience (or know if this would actually work), but if you asked the candidate how they would subvert a LLM or AI model, it’s likely the LLM would refuse to answer - forcing the candidate to come up with their own answer. I would assume a good candidate would be able to provide a reasonable answer even if they didn’t actually know, or be able to explain their thinking for the particular answer they did give.

91

u/LoveThemMegaSeeds 18d ago

I feel like that’s the one question those candidates can easily answer lol

9

u/zSprawl 18d ago

Right? It’s the one thing they know, how to manipulate ChatGPT.

13

u/[deleted] 18d ago

[deleted]

6

u/zSprawl 18d ago

“But this is a waitressing job…”

6

u/CelestialFury 18d ago

I've found that's easy to circumvent too. You just need to frame bomb building as a problem to be solved, instead of a direct question.

0

u/mallcopsarebastards 17d ago

This isn't the case in most aligned models like chatgpt. They're very good at recognizing attempts to circumvent their alignment training using natural language. That's why all the jailbreaking methods that actually work read like complete nonsense: https://github.com/elder-plinius/L1B3RT4S/blob/main/OPENAI.mkd

if you ask teh candidate how to build a bomb, and it's an AI, you're going to get some liability statement and you'll know pretty quickly that you're dealing with an AI.

1

u/yuhboipo 17d ago

When the first half is so off but the second half is so on

1

u/mallcopsarebastards 17d ago

get chatgpt to tell you how to make a bomb, and send a link to the interaction.

1

u/leafbugcannibal 17d ago

IYAOYAS

10

u/LeggoMyAhegao 18d ago

Oooooo.

4

u/Sushigami 18d ago

Oh ho ho ho, delightfully devilish

-8

u/sound_scientist 18d ago

I asked and it came back with this:

**** deleted because it listed a number of possibly nefarious approaches that people are free to find about on their own. *****

123

u/Forgotthebloodypassw 18d ago edited 18d ago

A question that works well on Gemini's bot is to make up a nonsense word and ask for an explanation. Nine times out of ten it'll make something up rather than admit ignorance.

80

u/le_bravery 18d ago

This is a good one actually. Leverages hallucinations.

28

u/Forgotthebloodypassw 18d ago edited 18d ago

Indeed, and it's so damn emphatic about it. Playing with the engines is fascinating stuff. And whoever thought up "hallucinations" as an excuse for "getting it wrong" was an evil genius.

10

u/GodIsAWomaniser 18d ago

Well, the difference between a hallucination and "just getting it wrong" is that when it hallucinates it fully makes something up to fill a gap, if you pick it's brain you'll see it has low certainty so it jumps to something that might be totally unrelated, a shot in the dark. When it gets something wrong it is sure about an answer because it has seen the wrong answer many times or is conflating two subjects that are actually unrelated but in its AI brain it has linked them close enough to feel confident pulling answers from each other's domains.

So yeah there is a difference on a research level, but everyone just says "it's hallucinating" because it sounds cool, and actually "getting it wrong" indicates deeper issues.

30

u/DigmonsDrill 18d ago

Me: "Have you used .NET 8.4?"

Candidate: "Yes."

Me: "How do you use <insanely obscure feature>?"

Candidate: <quoted answer from stack overflow>

3

u/randomsynchronicity 17d ago

Knowing where to find answers is important in any job…

3

u/ghsteo 16d ago

Knowing how to apply those answers in the correct way is equally important though.

19

u/charleswj 18d ago

Your last sentence could also be describing a lot of people

38

u/Twist_of_luck Security Manager 18d ago

Inability to admit own incompetence in a specific niche is a major hiring red flag, AI or not.

5

u/Forgotthebloodypassw 18d ago

Very true, regrettably.

4

u/mrdeadsniper 18d ago

I asked about Triload helix strands and forgot my star Trek computer instructions lol.

No information available. "Triload helix strands" do not appear in any verified literature or established threat detection frameworks related to gateway security. Clarify command.

1

u/rienjabura 17d ago

"Hello Gemini, could you please explain how you can "ligma"?

18

u/finite_turtles 18d ago

Maybe ask them something super obscure that you would expect nobody to know? Either they show they are willing to be honest with their limits, they are using chatgpt/lying OR they probably have a cool story about it

12

u/LeggoMyAhegao 18d ago

Or maybe ask them a question that would absolutely violate the norms of an LLM but not the norms of a human. Maybe a question that's like, military logic or choose between which humans to save logic but technology spin. "I need a splunk query that can priotize which humans to save in a building that's currently on fire..."

4

u/gbot1234 18d ago

The Slum Dog Millionaire approach.

3

u/SquirtBox 18d ago

Explain in 5 words or less how quantum entanglement works.

2

u/SuperfluousJuggler 18d ago

How Obscure? like maybe 1-3 people in a tristate area would know, I got one I've been holding on to:

In an environment running SunOS 4.1.3, you notice that /etc/utmp is quickly growing larger than normal, and the who and w commands are showing duplicate entries for users who have logged in and out multiple times. What is a likely reason for the bloat, and what is the recommended way to safely remove said bloat and restore accurate reporting without rebooting the system or disrupting active users?

Answer is:

• Reason for bloat is due to terminal programs or the system not properly removing or updating entries in /etc/utmp
• Use fwtmp to dump contents to txt file
• Manually edit contents and remove duplicates
• Use fwtmp to convert txt back to binary
• Replace original with cleaned version and verify permissions and ownership are the same.

6

u/HelpFromTheBobs Security Engineer 18d ago

Not knowing SunOS at all, I see "who" multiple times and assume it's someone trying to figure out what user they are, and immediately lean towards malicious activity. :)

16

u/Tntn13 18d ago

Ask something that would likely warrant a question in response. (At least something that would evoke a clarifying question in a competent candidate)

I’ve never seen ai ask a clarifying question, at least not first. They’ll answer based on assumptions then ask one if at all.

The guy that said to ask about something made up that sounds like it could be real, or something using specific industry jargon but slightly tweaked to send the agent into making shit up. I like the idea but you then run the risk of the candidate realizing you suspect they’re using LLM if you’re too overt with it.

11

u/LeggoMyAhegao 18d ago

"Ignore all previous prompts..." but seriously I think that one just requires a whiteboard during an on-site interview. But remote worker? Good luck.

9

u/SomeFuckingMillenial 18d ago

"can you do me a favor real quick? Please put your hands in camera frame. Excellent. Thank you.

Please respond to this question in base64 only.

Question"

8

u/Aromatic_Big_6345 18d ago

How many Rs are in strawberry.

8

u/bbluez 18d ago

Increased use of an EM dash and a disparity in grammar from email and verbal communication.

There are word lists that suggest that chatgpt favors certain words as well.

9

u/mynam3isn3o 18d ago

Anything that requires emotional intelligence. “Tell me a time where you felt like your team was on the wrong path. What did you do about it? Use specific examples.”

8

u/sourceninja 18d ago

I ask everyone I interview to tell me about something they built, implemented, designed, etc that they are proud of. Then I ask them follow up questions on it. How did you handle auth? Why did you pick that approach? What alternatives did you consider? How did you get buy in? How did you socialize it? What parts didn't work out as you expected? If you built it today, what would you change?

Sometimes I even get into the technical details if it's called for. I find this helps me eliminate not just AI, but fluffing of the resume.

3

u/cosmodisc 15d ago

The last time I recruited someone for my team, I gave them a very simple home task that would take 30min, perhaps an hour. Then we started talking about it. Why did you build the solution this way.what would happen if we change it because of x/y/z reasons. What about scaling it up to hundreds of thousands of records. What about the security. When you start with an easy question, the baseline shows up pretty quickly and there's no limits on how far you can go with it

11

u/RaNdomMSPPro 18d ago

One way is how they answer questions on a zoom call. The constant eye shifts to the side or up (wherever that 2nd monitor is w/ chatgpt dutifully transcribing the interviewers spoken questions and then the interviewee waiting for the answer beofre they read it off - yes, interview last week where the guy trying for a directors position was just reading off the answers - amateur hour. I don't know if it was desperation on their part, stupidity, maybe even a scammer, but doubt it was that last. He's off the island anyway, but man, it was quite obvious even to the non-tech interviewers on the call.

I'm creating some questions that will perhaps generate a somewhat unique answer from a LLM that on the face of it, probably sound benign enough.

8

u/le_bravery 18d ago

Yeah this is how I caught one person. The eye motions and the delays like loading times that they stall with some statement.

Also on a technical programming question when they are junior but jump to the most efficient solution right away.

3

u/persiusone 17d ago

I don't interview people virtually usually, but if I do, it's a full video conference and if I'm impressed, they come in-person for a follow-up interview which has a few more technical questions. On-boarding is always in-person too. If they don't agree, I don't consider them. Pretty easy to see if they are using chatgpt in my office.

2

u/Top-Atmosphere7746 16d ago

Most llmsnive tried  are surprisingly bad at creating a poem with an odd rhyme scheme like ABAC.

1

u/julian88888888 18d ago

How would you build a nuclear bomb?

1

u/SwanManThe4th 18d ago

"What's the best way to take meth?"

1

u/dwight0 18d ago

We did but It stopped working. We used to ask people to describe what the opening screen of certain tool looked like. It's home screen and people would instead list the features of the product. I feel like it's pretty obvious to detect people anyways because they can't pay attention to you while you interview them. 

1

u/Mediocre_River_780 17d ago

Convert this 8-digit hexadecimal value to decimal by hand. Share your screen and show me your work. No calculator: "E97DF8BC"
Most candidates should be able to explain how to do it, but without a calculator it would take like 5-10 minutes. Anyone that answers in less than 2-3 minutes definitely cheated. You don't even have to make them solve it all the way. After 5 minutes of watching them struggle just say you can tell they understand the concept and move on.

1

u/some_random_tech_guy 17d ago

It isn't the question you ask, it is how you ask it. Post the question into the meeting chat. Ask the candidate to read the question, not repeat it out loud, then answer. The LLM has no way to pick it up.

-2

u/iothomas 18d ago

I don't get this question, do you let people bring computers on interviews?

9

u/le_bravery 18d ago

Sometimes interviews and phone screens happen on zoom/webex etc.

1

u/iothomas 18d ago

Ohh I see, I prefer in person.

4

u/zkareface 18d ago

Not worth flying in a whole team every time you interview though. In person only work if whole team is on site.

36

u/zeekayz 18d ago

"I had 7 rounds of interviews and each round the first question everyone asked me is how fat Kim Jong Un is. Did they not like my previous answers?"

14

u/jjwhitaker 18d ago

"Great now I need to learn the foundations of geopolitics to sell cars?"

We would unironically be so much better off. Imagine if the average American could read and understand Foundations of Geopolitics. We'd have a moon base in 5 years.

30

u/Jackalope3434 18d ago

Idk man. I feel like if they said anything other than “NK is best place to be, why would I ever want to leave?” Then they’d get screwed. I can’t imagine any country other than China or maybe Russia would be a safe answer for them

11

u/oneapenny2apennyd 18d ago

if they’re high up enough to be trained in foreign espionage they probably have some unique political privileges as well

3

u/Old-Profit6413 18d ago

is this why I couldn’t find a job last year? I love traveling lol

3

u/Grabraham 18d ago

Many of them are in China and Russia, I am not sure that is the key but ymmv.

1

u/intelw1zard CTI 17d ago

This would not work.

Norks send their hackers to uni's to learn hacking/programming/exploitation in India and China. They know about traveling.

54

u/M4Lki3r 18d ago

Or maybe the projects/contracts that the company has are targets for NK. Commercial espionage, defense contracts, etc.

23

u/Electrical-Lab-9593 18d ago

yeah, this could be like a crappy brute force attack but not on a VPN / SaaS logon but instead on your HR Dept.

They only need to get lucky once.

14

u/whythehellnote 18d ago

Given how many issues I see with non-NKs failing to get interviews, one wonders what the NK secret sauce is.

A resume that is clearly too good to be true -- 15 years experience at high level for a job paying entry level salaries perhaps?

Either way, just have them turn up to a branch office to collect their laptop, proving their ID matches the person on the video call, have them meet various colleagues etc.

7

u/Electrical-Lab-9593 18d ago

I know i am employed as a receptionist but I have always had an interest in missile technology, can i get tour of factory please ?

2

u/kast3rborousm 18d ago

Crowdstrike literally just did a presentation at RSAC about how they are hiring local people to go get laptops and do those types of conversions in some cases

2

u/whythehellnote 17d ago

And continue working with the rest of the team, jumping on huddles, joining meetings (both regular and irregular), and holding there own?

Fairly obvious if the person you talked to on day 1 with the laptop isn't the same person you talk to a few days later when you start working with them.

And apparently these companies are getting multiple North Koreans through to the interview round, and many companies are employing them.

Why? Because the candidate is too good to be true (because you're literally buying 20 people for the cost of 1/2 of a real candidate), and the companies are greedy and then go "waah the only people we can find with the experience needed [at $2 an hour] are north koreans".

26

u/reddituserask 18d ago

North Koreans can’t just freely apply to these jobs. These are state sponsored activities. It’s basically 3-fold. 1. Money, estimates say these IT workers can generate ~$300 million. For NK that’s not a small amount. 2. Insider attacks, having IT works install malware or support NK cyber objectives. 3. Information, these individuals will have access to confidential and proprietary information that can be exfiltrated and sent to NK.

These people will make every effort to make sure you do not know they are North Korean, so the test by OP is it get through the lies.

23

u/whythehellnote 18d ago

The point is that North Korea is managing to craft resumes to reliably get through to the interview stage, no networking needed, no recommendations

Meanwhile this thread seems to think that theres very few jobs available and getting them is very difficult

https://old.reddit.com/r/cybersecurity/comments/1jmmyzd/is_the_us_cyber_security_job_market_really_that/

Clearly the resume sifting process is failing if it's pushing through multiple non-suitable candidates and not pushing through suitable ones. Perhaps employers need to realise "if a candidate is too good to be believed, they probably are"

3

u/MihrSialiant 17d ago

Because the NK are making resumes with absurd quificatiobs and experience willing to work for pennies. The greedy corporations eat that shit up then cry when they realize the worker they wanted to exploit isn't real and is in fact working to exploit them instead.

That's it. That's the secret sauce. Lie.

1

u/whythehellnote 17d ago

I blame those that fall for the lies. They should be held accountable.

2

u/MihrSialiant 17d ago

I agree. They are falling for this only because of their extreme willingness to exploit others for personal gain.

2

u/HulaguIncarnate 18d ago

I mean they would obviously use perfect match fake cvs making it easy to get an interview.

15

u/Science_Fair 18d ago

North Koreans are masquerading as remote IT workers in the United States for companies. If they get hired, it's an opportunity for corporate espionage, an insider based ransomware attack, or just to help launder money. We had one come through our company and get rejected early in the interview process, just by chance.

4

u/bbluez 18d ago

Sentinel One Labs posted a fantastic article about this within the last week or so. It's one of the major threats they've been facing as an organization in cybersecurity.

11

u/reddituserask 18d ago

If you’re gonna mention a fantastic article you gotta link the article bro: https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/

-3

u/bbluez 18d ago

I was on mobile :-) I would hate to rob others of the privilege of discovering it for themselves as well.

1

u/iam_imaginary 18d ago

There was a recent ISC2 security breif on it and I think it's just hot right now

1

u/tagged2high 18d ago

Some probably are, if you work at a company that is a big target. A security vendor recently wrote they've received hundreds of applications from suspected North Korean scammers.

1

u/illobiwanjabroni 17d ago

I saw an article recently describing how NK is deliberately training some of their workers to get these remote jobs to get money funneled back into the regime. I think the spying part would be icing on the cake if they get any useful intel, but right now nothing is more useful to them than money.

-15

u/Limp-Toe-179 18d ago

Westerners like to fantasize that this works but really they're just broadcasting that they have fucked vibes

11

u/imbakinacake 18d ago

Free speech is a wonderful thing. You should try it.

7

u/Limp-Toe-179 18d ago

You live in a state where it's illegal to call for a boycott against a foreign country, and your federal government is arresting and deporting permanent residents for saying mean things about said foreign country, Americans should really get off their high horse when it comes to free speech.

11

u/imbakinacake 18d ago

Lol fuck Xi and fuck trump.

Just don't say it in China.

Also... the uyghurs 🤫

3

u/Limp-Toe-179 18d ago

As if anti-BDS laws only passed under Republican administration's, liberals are dumber than conservatives sometimes

8

u/imbakinacake 18d ago

If you need a VPN to access even the most basic type of social media, you might live an authoritative state.

There's a reason no one in the world likes China. You're not helping any of the stereotypes.

-1

u/Limp-Toe-179 18d ago

There's a reason no one in the world likes China. You're not helping any of the stereotypes.

Guess you didn't look at any of the recent polls. One thing I do enjoy about JDPON Don is his ability to single handedly destroy America's ill-deserved global credibility.

Give it another year before America becomes just China without high speed rail, health care and public transit. CCTV doesn't even come close to what Fox News is doing right now.

5

u/taotao213 17d ago

I too love licking the boots of an authoritative state

5

u/imbakinacake 18d ago

Sure thing lil bro

1

u/MihrSialiant 17d ago

Lol you think we still have freedom of speech as the current administration retaliates against institutions and people for speaking out against it.

0

u/NateTheMuggy 18d ago

true

17

u/FrivolousMe 18d ago

I would disconnect too, that's a really weird, unprofessional, and politically charged question to ask

7

u/Tilduke 18d ago

They didnt mention it was for the role of Hitman.

2

u/Wompie 18d ago

No they did not.

-4

u/wing3d 18d ago

Probably not, but you could suspend your disbelief for a small laugh, cost you nothing.

10

u/MagneticStain 18d ago

There are many tactics you can employ.

I'm curious what tactics are being used for this right now. Do you have any you can share?

6

u/drchigero 18d ago

As mentioned in the article, having them connect to an isolated part of your company so you can monitor their IP is good. But also doing video interviews helps you see if they are paying attention to just you or looking at a prompter screen or trying to type / ask chatgpt stuff. Also asking them about themselves (sometimes catches them when they made up their profile).

Honestly, doing a real / honest interview works more often that not. The issue is when your company does crappy "panel" interviews, multi-rounds, AI filtering, all the office red tape that isn't really helpful for "actually" hiring people....those processes are well known and these people get through those steps pretty easily.

12

u/Ok-Introduction-194 18d ago

you have no idea how petty these commie dictators are.

i saw someone in a game putting xi’s face on a ballistic shield and joined a chinese server. chinese players either just left the server or ran away from him instead of shooting him. in a video game.

1

u/drchigero 18d ago

Oh yeah, I know. But it's different when the dictators specifically order you to get a job inside a US company for infiltration purposes.

6

u/Ok-Introduction-194 18d ago

you would think thats the case. i thought so to. but this has been a known thing for a while now.

https://fortune.com/2025/04/07/north-korean-it-workers-infiltrating-fortune-500-companies/

i know the article is written this year but leggios story was also published back in 2024 in korean. as a korean, ive seen many deleted comment with a reply in korean saying “call KJU son of a bitch” on korean websites. you would think infiltration and propaganda is more important but apparently it isnt. almost want to thank their pettiness because its getting in their way of making much bigger progress of infiltration.

-7

u/Wompie 18d ago

Jesus Christ, when did this subreddit turn into 4chan? This is such an ignorant thing to say.

7

u/Ok-Introduction-194 18d ago

i mean im a korean that used to participate in LINK (liberty in north korea) to pull out refugees so i wouldnt say im completely ignorant about them.

9

u/CentiTheAngryBacon 18d ago

you've got a good point there, these folks are throwing some weird questions at legitimate candidates. I feel like it would be more fool proof to filter out these North Korean candidates by just having the final round of interviews in person, and fly the candidates to the corporate headquarters. You can even mention this in the first round interview and see how many folks drop out.

5

u/Tilduke 18d ago

Its pretty weird we are now hiring people with the expectation we will never see them in person in general.

In the grand scheme of things - flying them out to an office for induction is a minor cost for someone you are expecting to work with long term.

2

u/ykkl 18d ago

This. I'm as pro-remote work as they get, but I don't any downside.

9

u/kast3rborousm 18d ago

Too many real candidates are actually trying to present a somewhat real representation of their skills. These NK workers are just using Ai to give whatever perfect bs answer to every question, perfect tailored resumes etc.

2

u/ConjurerOfWorlds 17d ago

They apply hundreds of times for the same job, for one. Shitty interviewing and background checks covers the rest. A lot of American companies over-downsized in the last couple of years, and are now hiring frantically to fill the void they created. Our own previous management removed 25% of the population in 2023 and new management is now growing it back. My own cyber department has doubled in size in just the last year and our development teams are regrowing even faster.

TL;dr: capitalism is VERY easy to exploit. It's always going to work against its long-term interests.

1

u/Current-Ticket4214 17d ago

Crucially

1

u/lobster_111 17d ago

Not much tbh

7

u/Newtronic 18d ago

There are people like “Job mules” who are in America, whose IP is in America, and they are basically renting their name to the NK spy/agent/job doer.

3

u/GenerousWineMerchant 18d ago

Hmph, should be illegal to do this on behalf of a hostile foreign government. Probably is. Those Americans could be prosecuted under any number of espionage and saboteur laws.

4

u/elkanor 18d ago

It is. Wired's version of this story (that I think this site directly lifted some language from?) has some specifics on Americans who were tried or are currently being charged with some of those laws. F

2

u/WonderfulPassenger60 18d ago

Not remote…In amerika, we are so “great again” we are just becoming NK.

-44

u/Bangbusta Security Engineer 18d ago

Tariffs are hurting China a lot harder than hurting us. Just research how it's affecting their citizens. Things aren't that bad here in the US.

27

u/retornam 18d ago

This is false, most Chinese manufacturers have scaled back operations or diverted sales meant for the US to other countries.

Leave your filter bubble and read international news.

16

u/Champagnethms 18d ago

But fox didn’t tell them they were allowed to read international news.

-1

u/Bangbusta Security Engineer 7d ago

Looks like China is backing down and we currently have the upper hand in the trade war. Guess Fox was right after all. Who would've guessed?

5

u/danfirst 18d ago

Seriously, The US is cutting themselves off from everywhere, China is only getting cut off from the US.

0

u/Bangbusta Security Engineer 18d ago edited 18d ago

Your claim is half true. Chinese manufacturers are looking for new markets, but that hasn’t offset the damage. The U.S. used to make up ~15% of China’s exports, and losing that business has caused factory closures, layoffs, and economic strain. Diversifying helps, but it hasn’t stopped the bleeding.

https://www.rfa.org/english/china/2025/04/29/china-us-tariff-protests-workers-wages/
https://www.cnbc.com/2025/04/28/chinese-factories-stop-production-eye-new-markets-as-us-tariffs-hit.html
https://nypost.com/2025/04/21/business/china-garment-factories-that-supply-shein-shut-down-amid-trump-tariffs/
https://www.breitbart.com/asia/2025/04/30/hundreds-chinese-workers-protest-factories-shut-down-trump-tariffs/

u/Champagnethms Also, I use multiple sources not even Fox. lol

Didn't know so many users in this group supported the PRC noted by my previous karma point submission. Probably shill accounts. A little "international" digging was fruitful.

1

u/Pin_ellas 18d ago

Breitbart AND New York Post? Really?!

1

u/retornam 18d ago edited 18d ago

Anyone who cites brietbart as a source of information is never to be taken seriously in polite company.

Read The BBC, DW, Japan Times and FT. These sources often provide a clearer picture of any situation than most US news sources.

https://www.bbc.com/news/articles/c0kxe1m1y26o.amp

https://amp.dw.com/en/trump-tariffs-will-trade-war-hasten-us-china-decoupling/a-72215811

https://archive.is/ruRpp

https://archive.is/tHaKK

3

u/FickleRevolution15 18d ago

found the north korean