Title: From Prompts to Posteriors: A Unified Bayesian Geometry of Large Language Models

Abstract: Recent breakthroughs in Large Language Models (LLMs) reveal a surprising capacity for in-context learning: given just a few prompt examples, LLMs can adapt to new tasks or domains. In this talk, we present a unifying perspective that interprets LLMs as approximate Bayesian learners. First, we revisit our “Beyond the Black Box” framework, which views LLMs as approximating an enormous matrix that maps each prompt to a next-token distribution—effectively performing Bayesian updates as they consume new context. Then, we turn to a more local geometric perspective—“The Bayesian Geometry of LLMs”—showing how cross-entropy training shapes key–query vectors to act like posterior probabilities in the attention mechanism. By examining phenomena such as code completion, domain-specific language prompts, and chain-of-thought reasoning, we illustrate how strongly predictive “subsequence snippets” dominate the LLM’s attention and override generic prior knowledge. We conclude by discussing implications for prompt engineering, hallucination control, and future directions in retrieval-augmented or alternative LLM architectures. Overall, this talk bridges two complementary viewpoints, providing a robust explanation for how LLMs transition so effortlessly from generic completions to specialized in-context behavior.

Title: Dangers in Inference-heavy AI Pipelines: Embeddings and Reasonings

Abstract: Machine learning pipelines have transformed significantly over recent years—less training from scratch and more emphasis on inference. In this talk, I will describe how privacy and security research can help identify and mitigate challenges arising from these evolving practices. First, multi-modal embedding models open ML pipelines to new types of adversarial attacks—cross-modal “illusions” that affect any system relying on these embeddings. Furthermore, adversaries can create self-interpreting images that dictate how visual language models respond to queries about them. Next, I will focus on pipelines that use large language models with multi-step reasoning to generate better and safer outputs. I will show that such reasoning LLMs, when operating on untrusted inputs, are vulnerable to algorithmic complexity attacks that inflate operating costs and waste reasoning effort on nonsense tasks. I will conclude by outlining the next wave of privacy and security challenges for inference-heavy pipelines, as well as opportunities to safeguard them.