Conversational AI Trades Technical Barriers for Verification Gaps

LLM content moderation systems tokenize text but ignore visual cues humans use to interpret harmful content. This creates a perceptual mismatch: what humans recognize as harmful becomes invisible to automated filters.

Method: Human-Perceptible Adversarial Attacks (HPAA) embed harmful expressions into benign text through typographic manipulations—spacing, visual emphasis, spatial arrangement. With only three detector queries in black-box settings, attacks achieved over 86% human recognition while maintaining detection rates below 1% across ten deployed moderation systems, including commercial APIs and state-of-the-art guardrails.

Caveats: Tested on current moderation architectures. Defense strategies discussed but not validated in deployment.

Reflections: Can vision-language models close the perceptual gap, or do they inherit similar tokenization blind spots? · What's the minimum typographic complexity needed to evade detection while preserving human readability? · How do moderation systems perform when adversaries combine typographic and semantic evasion techniques?

GenAI tools reshape information seeking, but offloading search to conversational AI may distort how people access knowledge and what they actually learn from the process.

Method: An 8-day field experiment compared ChatGPT versus Google Search for informal learning using daily diary protocols. ChatGPT users experienced diminished agency as they offloaded information selection to AI, suffered greater meta-cognitive load from reduced control, and encountered two distortions: ChatGPT's bias toward solution-oriented artifacts over principled knowledge, and systematic shifts toward less exploration of the broader knowledge space. ChatGPT users had worse learning outcomes than Google users, especially for higher-order critical learning.

Caveats: Eight-day study with informal learning contexts. Formal educational settings or expert users may show different patterns.

Reflections: Can hybrid interfaces preserve ChatGPT's convenience while restoring exploration and agency? · Do learning outcomes improve if users are explicitly trained to prompt for principled knowledge rather than solutions? · How does the learning deficit compound over longer time horizons or across multiple learning goals?

Users regret social media sessions, but existing self-monitoring tools can't anticipate regret before it happens. Prior physiological work used lab settings and research-grade sensors, leaving in-the-wild prediction untested.

Method: A 7-day study with 21 participants combined smartphone logging, a consumer smartwatch (Bangle.js 2, $80), and 1,445 session-level surveys. The gap between intended and actual use predicted regret far more strongly than session duration—duration's effect collapsed once intention was modeled. Regret amplified when sessions displaced valued alternatives, particularly at night and following productivity-app use. Pre-session contextual features generalized across participants while physiological signals added person-specific lift.

Caveats: 21 participants over 7 days with consumer-grade wearable. Longer deployments needed to validate intervention effectiveness.

Reflections: Can just-in-time interventions that surface intended use before a session reduce regret without feeling intrusive? · Do physiological signals predict regret better for specific user archetypes (e.g., scrolling-as-avoidance vs. time blindness)? · How does prediction accuracy degrade when users adapt to interventions over weeks or months?