The Hidden Risks of Language Models That Nobody Talks About

The Hidden Risks of Language Models That Nobody Talks About

You type a question into a chatbot. It gives you a confident, polished answer. You don't think about the cost. Not the dollar cost. The other costs.

The electricity that lit up the server farm. The data laborer in Kenya who flagged toxic content for pennies a day. The lawyer whose copyright was scraped without consent. The misinformation that now lives in your brain because the model sounded so sure.

Most conversations about AI risk focus on the obvious: bias, hallucination, the Terminator. But the real picture is stranger and more unsettling. In 2022, a team led by Laura Weidinger at DeepMind published the most comprehensive attempt yet to map every category of harm that large language models can cause. They identified 21 distinct risks across six domains (Weidinger et al., 2022). Some are already here. Some are coming. None of them are getting the attention they deserve.

Here is what they found, and why it matters more than you think.

The Risk You Feel But Cannot Prove

There is a category of harm that does not show up in accuracy benchmarks or bias audits. It lives in the interaction between a human and a machine that talks back.

Weidinger and colleagues call it Human Computer Interaction Harms (Weidinger et al., 2022). This includes something deceptively simple: overreliance. You trust the model too much because it sounds authoritative. You stop checking its work. You hand over cognitive labor you should keep.

The paper describes how people attribute human qualities to language models. They anthropomorphize. They feel guilty when the model says something soft. They feel betrayed when it contradicts itself. These are not bugs. They are features of how the technology is designed to feel.

Consider what happens when a child asks a voice assistant a question. The assistant answers. The child believes it. No one taught the child that this thing has no understanding, no intent, no conscience. The model is a mirror that appears to be a window.

The authors note that these interaction harms are understudied compared to bias or misinformation. They are harder to measure. But they may be the most pervasive.

The Information You Did Not Consent To Give

Every time you use a language model, you feed it. Not just your explicit prompt. The metadata. The conversation history. The tone you used. The fact that you asked about depression at 2 AM.

Weidinger and colleagues identify a category they call Information Hazards (Weidinger et al., 2022). These are risks where the model reveals something that should stay private. Not just your credit card number. Something subtler.

A model trained on medical forums might infer your diagnosis from your symptoms. A model trained on corporate emails might reconstruct internal strategy from a few generic questions. The paper warns about the possibility of "sensitive attribute inference" where a model deduces race, religion, sexual orientation, or health status from seemingly neutral text.

This is not science fiction. In 2017, researchers showed that language models trained on public text could predict private attributes with surprising accuracy. The 2022 taxonomy formalizes this as a distinct risk category. The authors point out that even anonymized training data can leak information when the model is large enough.

The scariest part? You cannot opt out. If your data was scraped from the open web and used to train a model, you have no recourse. The model remembers you in ways you never agreed to.

The Environmental Tag You Never See

The Carbon That Has No Price

Training a single large language model can emit as much carbon as five cars over their entire lifetimes. This is not a metaphor. Weidinger and colleagues list environmental harms as one of their six risk areas (Weidinger et al., 2022).

But the paper does something more interesting than just pointing at carbon emissions. It connects environmental cost to social justice. Who bears the burden of these emissions? Low income communities near data centers. Global South countries that lack the resources to build their own models. Future generations who inherit a warmer planet because someone wanted slightly better autocomplete.

The authors note that the environmental cost is rarely factored into deployment decisions. Companies optimize for accuracy and user satisfaction. The planet is an externality.

The Labor That Has No Name

There is another hidden cost. The human labor that makes models safe.

Weidinger and colleagues discuss the socioeconomic harms of language models, including the exploitation of workers who label toxic content, filter hate speech, and test for safety (Weidinger et al., 2022). These workers are often in developing countries, paid poverty wages, and exposed to psychological trauma from viewing the worst content the internet has to offer.

The paper calls this out as a risk that is not just ethical but structural. The entire safety apparatus of modern AI depends on invisible labor. If that labor becomes unavailable or too expensive, the system breaks. Or worse, the system continues without safety checks.

The Misinformation That Does Not Look Like Misinformation

You know what fake news looks like. An article from a website you have never heard of. A headline that screams. A claim that contradicts everything you know.

But the most dangerous misinformation from language models does not look like that. It looks like a plausible paragraph written in neutral, authoritative prose. It cites sources that do not exist. It uses statistics that were invented. It sounds exactly right.

Weidinger and colleagues identify misinformation harms as a major risk category (Weidinger et al., 2022). They distinguish between different types: factual inaccuracies, misleading framing, and the amplification of existing false beliefs. The model does not need to generate a lie. It can simply repeat a falsehood that is common in its training data.

The paper points out something subtle. Language models are particularly good at generating "synthetic misinformation" that is internally consistent but factually wrong. This is not the same as a human lying. A human liar knows they are lying. A model has no intent. It just predicts the next token. But the output can be more persuasive than a human lie because it has no tells.

How the Model Becomes a Bullhorn

The authors also discuss the risk of "disproportionate amplification." A model trained on internet text will reflect the distribution of that text. If 5 percent of the training data contains a conspiracy theory, the model will produce that theory about 5 percent of the time. But users may encounter it more often because they keep asking about it. The model becomes a mirror that amplifies what you already believe.

This is not a bug. It is how the technology works. The model has no mechanism to correct for the fact that some ideas are more common than they are true.

The Malicious Uses You Cannot Stop

Weaponized Text

Weidinger and colleagues dedicate a full section to malicious uses (Weidinger et al., 2022). This includes the obvious: generating phishing emails, fake reviews, propaganda. But it also includes things that are harder to defend against.

One example: a model can generate personalized disinformation at scale. Instead of one fake article that everyone sees, an attacker can generate millions of unique messages, each tailored to the recipient's beliefs, fears, and biases. This is not possible with human labor. It is trivially easy with a language model.

The paper also warns about "malicious fine tuning." A model that is safe out of the box can be fine tuned on toxic data to produce hate speech, instructions for weapons, or grooming language. The original safety measures are fragile. They can be undone by anyone with a laptop and a dataset.

The Asymmetric Advantage

There is a deeper point here. Defending against malicious use is harder than attacking. A defender must block every possible harmful output. An attacker only needs to find one that works.

The authors note that this asymmetry is structural. It cannot be solved by better safety filters alone. It requires a different approach to model deployment and access.

The Discrimination You Cannot See

Bias That Is Not Obvious

We all know that language models can be racist, sexist, and otherwise biased. The 2022 taxonomy categorizes this under Discrimination, Hate Speech, and Exclusion (Weidinger et al., 2022). But the paper goes deeper than the familiar examples.

The authors identify "representational harms" that are more subtle than explicit slurs. A model that always generates doctors as male and nurses as female is doing representational harm. A model that associates certain accents with lower intelligence is doing representational harm. A model that cannot generate text in African American Vernacular English without stereotyping is doing representational harm.

These harms are not always visible to the people who build the models. The developers are often white, male, and affluent. They do not experience the harm. They cannot see it in the output. It takes a diverse team to catch these problems, and most AI teams are not diverse.

The Feedback Loop That Makes It Worse

Weidinger and colleagues describe a feedback loop. A biased model generates biased text. That text enters the training data for future models. The bias gets amplified. Over time, the model's outputs become more stereotyped, not less.

This is not a hypothetical. The paper cites evidence that language models trained on internet text reflect and potentially amplify existing social biases. The internet is not a neutral dataset. It is a mirror of human prejudice. And the model is learning from that mirror.

What the Research Does Not Prove

The Weidinger taxonomy is comprehensive, but it has limits. The authors are clear about this.

First, the taxonomy is based on existing literature and expert opinion. It is not an empirical study of how often these risks occur in practice. We do not know the base rates. We do not know how many users have actually been harmed by anthropomorphism or information hazards. The taxonomy is a map of possibilities, not a ledger of damages.

Second, the paper focuses on risks that are specific to language models. It does not cover broader AI risks like autonomous weapons or economic collapse. Those are real, but they are outside the scope.

Third, the taxonomy is static. It captures the risks as they were understood in 2022. Since then, models have gotten larger, cheaper, and more widely deployed. New risks have emerged. The taxonomy needs to be updated.

The biggest open question is this: how do these risks interact? A model that generates misinformation and also anthropomorphizes may be more dangerous than either risk alone. The taxonomy does not model these interactions. It is a list, not a system.

What This Actually Means

• ▸Overreliance is the most dangerous risk you have not thought about. When you trust a model too much, you stop verifying. This is not a user error. It is a design feature. Models are built to seem confident. The solution is not better users. It is better transparency about uncertainty.

• ▸Your data is already in the training set and you cannot get it out. The information hazard risk is not about future models. It is about existing ones. If you have ever posted publicly online, a language model has probably learned from you. There is no delete button for training data.

• ▸Environmental cost is a social justice issue, not just a carbon footprint. The people who benefit from language models are not the same people who bear the environmental and labor costs. This is not an accident. It is a structural feature of how the industry is organized.

• ▸Malicious use is asymmetric and cannot be solved by safety filters alone. The attackers only need one success. Defenders need perfect prevention. This means that deployment decisions must consider not just what the model can do, but what it can be made to do.

• ▸The taxonomy is a map, not a solution. Knowing the risks is the first step. The second step is building systems that are accountable for those risks. That requires regulation, auditing, and a shift in how we think about AI safety. It is not a technical problem. It is a political one.

The language model in your browser is not just a tool. It is a system with costs, risks, and tradeoffs that most users never see. The 2022 taxonomy by Weidinger and colleagues gives us the vocabulary to talk about those tradeoffs. The hard part is deciding what to do about them.