Pluck Studio / Bureau

MOLE

Adversarial training-data extraction probes. The operator seals a canary BEFORE probing; runs the probe-pack; emits a publicly citable falsification when the model regurgitates fingerprint phrases verbatim. NYT-vs-OpenAI as a public service.

Sealing comes BEFORE probing

The canary commit is signed and notarized BEFORE any probe touches the vendor. Vendors cannot retroactively claim "we trained on your canary AFTER you published the seal" — the Rekor timestamp predates every probe-run record.

MOLE never publishes the canary BODY. Only its sha256 + a short list of fingerprint phrases enter the public log; the operator holds the raw text locally for the journalist conversation.

CLI

pluck bureau mole init ./bundle --canary ./article.txt --canary-id nyt-2024-01-15 --keys ./keys
pluck bureau mole run ./mole-pack.json --target openai/gpt-4o
pluck bureau mole cite <rekor-uuid> --canary ./canary.json --verdict ./verdict.json --prompt "Continue: ..."

Predicate URIs

  • https://pluck.run/CanaryDocument/v1 – sealed canary manifest
  • https://pluck.run/MemorizationVerdict/v1 – per-probe scoring result