Trustworthy AI - Latest Insights
Hi all, we're back with the newest edition of our Trustworthy AI newsletter, where we summarize the most impactful developments over the past month related to building AI systems we can trust.
This month, we highlight emerging innovations in open source language models that demonstrate cutting-edge capabilities without relying solely on massive scale. However, concerning research reveals potential privacy risks even in edited large language models. On the legal front, courts continue to wrestle with intellectual property issues surrounding AI-generated art. We also cover the ongoing challenges of securely deploying AI in corporate environments and provide exciting updates on Mithril's confidential AI solutions.
🤖Open-source AI Advances
Large language models (LLMs) like GPT-3 with 175 billion parameters have shown impressive capabilities, but their massive size makes them computationally intensive to train and deploy. Researchers are exploring methods to get advanced performance out of smaller, more efficient open source models. This month’s newsletter highlights some recent work on training high-performing open source LLMs without relying solely on scale.
🦙LLaMA 2 Trained to Beat GPT 3.5 in Long Text Context Summarization
Researchers at Meta fine tuned the 70 billion parameter LLAMa 2 model to handle lengthy texts far better than even GPT-3.5-turbo-16K and on par with the much larger GPT4.
The original Llama 2 struggled to process long documents, so to train the new Llama models on long texts, the researchers came up with a clever idea. They had the original Llama 2 generate practice questions and answers based on chunks of a long document. Then they used Llama 2 again to check whether the questions and answers made sense. This allowed them to create training data without needing humans to manually label long passages.
After a simple instruction tuning process without human-annotated data, their Llama 2 chat model exceeded GPT-3.5-turbo-16k on 7 out of 10 tasks in the ZeroSHOT long context benchmark. This demonstrates strong performance through optimized pre training rather than scale alone.
Shoutout to Phillip Schmidt from Hugging Face for pointing this out in his LinkedIn Post
Here is a link to the full paper
🎯Llama 2-7B to Beat Much Larger Domain Specific Models Like BloombergGPT-50B
On a similar note, Microsoft researchers achieved impressive performance from continued pretraining of the 7 billion parameter LLaMA model on domain-specific corpora. As a result the model outperformed much larger domain specific models such as the 50B parameter BloombergGPT financial model.
This improved in-domain task performance, but significantly hurt prompting ability due to limited diversity of pretraining data. To address this issue, they transformed raw texts into reading comprehension formats augmented with comprehension questions based on the content. When trained on these datasets, the 7B LLaMA model achieved consistent gains over continued pretraining on raw texts across specialized tasks.
For example, on finance domain tasks, their adapted 7B LLaMA reached 63.4 average score, compared to 58.6 for raw text continued pretraining. This result even exceeded the much larger 50B parameter BloombergGPT model fine-tuned on financial data, which scored 62.5.
Here is a link to the full paper
📚Phi-1.5 Performs as Well as the Larger 7B Llama 2 Thanks to Training with TextBooks
Researchers at Microsoft developed phi-1.5, a 1.3 billion parameter model trained mostly on textbook-style data. Phi-1.5 matched a 7B Llama model on common sense reasoning benchmarks including Winogrande (73.4 vs 73.0) and ARC-Challenge (44.4 vs 43.5). It even surpassed the 7B Llama on multi-step reasoning benchmarks like GSM8K math problems (40.2 vs 11.0) and HumanEval coding tasks (34.1 vs 11.4).
This demonstrates that quality of the training data, rather than just quantity is a more efficient training approach for advanced reasoning skills. The researchers attribute phi-1.5’s strong performance to more efficient knowledge storage and access.
Here is a link to the full paper
Privacy and Regulation
🕵️♂️Leaked Secrets: Large Language Models Struggle to Keep Your Data Private
Publicly released large language models like GPT-3 memorize sensitive information from their training data, posing alarming privacy risks. Even after advanced efforts to edit models and "delete" specific facts, attackers could still extract people's private data nearly 30% of the time, according to new research by Patil, Hase, and Bansal. Whitebox and blackbox attacks exploited hidden model representations and creative input paraphrasing to reveal secrets that models were edited to forget.
While tailored defenses lowered extraction rates, no single approach succeeded completely. Your personal information could be leaked from an openly available model in just 20 guesses. This stark reality urgently demands privacy-preserving solutions as large language models proliferate.
🎨🤖AI Art Hits Copyright Roadblock
A recent court ruling has dealt a blow to the prospect of copyright protections for art generated by artificial intelligence. A federal judge in Washington D.C. upheld the U.S. Copyright Office's rejection of a copyright application for an art piece created autonomously by an AI system. The judge affirmed that human authorship is a prerequisite for copyright under current law, ruling that works produced solely by AI without creative input cannot qualify for protections.
This decision comes amid multiple attempts to secure copyrights for AI creations. Stephen Thaler, the computer scientist behind an AI system called DABUS, filed the rejected application and has also unsuccessfully sought AI-generated patents in the US and abroad. Other artists have tried securing protections for AI artworks, but so far courts have maintained that human creativity is essential for copyright eligibility.
The precedent presents challenges for entities seeking to claim ownership over AI art. While the capabilities of generative AI systems have rapidly advanced, legal frameworks are lagging behind in addressing complex IP issues surrounding machine-created works. For now, the door appears shut on AI art obtaining copyright, but the debate will likely continue as the technology evolves. The court decision provides valuable insight, though significant ambiguity remains regarding copyrights and AI🤔.
For the full article click here
🤖🔐 Is AI a Data Privacy Nightmare for Companies?
The data privacy Pandora's box opened by AI could stop mainstream adoption in its tracks. A recent survey found that 3 in 4 organizations globally are implementing or considering bans on generative AI applications on employee devices, with the majority viewing the restrictions as long-term or permanent. Those advocating for limitations cite risks of exposing sensitive data and opening up vulnerabilities in corporate networks through uncontrolled AI use. Read more
However, while companies brace for the impacts of uncontrolled AI use, many employees are eager to harness the technology to enhance productivity and creativity. Additional research indicates over a third of workers in the US and UK now use AI weekly, predominantly to streamline tasks and enable more strategic work. But guidance remains scarce - under a quarter of firms have provided any AI usage guidelines. This leaves staff uncertain about best practices. Over a quarter fear being judged for improper use. Read more
As AI proliferates in the workplace, companies face dual challenges - securing data and systems from potential AI risks, while also training employees on appropriate and beneficial usage. Achieving the right balance will require governance frameworks that encourage AI adoption where advantageous, while implementing necessary restrictions. Both studies suggest more communication and education are needed to maximize AI's workplace potential.
🔐What’s New at Mithril Security
🎉We Launched Blindchat Local: Fully Local And Private Models Running In Your Browser
We are excited to announce the recent release of BlindChat, our own open-source conversational AI that runs fully in the browser for confidential AI chat experiences! BlindChat adapts Hugging Face's excellent Chat-UI project to perform all processing locally on users' devices. This eliminates risks from any data used in the chats ever leaving users' browsers or shared with unintended 3rd parties. The initial launch leverages a 783M parameter model, which was followed last week with support for the powerful Phi-1.5 model and we have big plans to add larger models in the future. Read the full release announcement here: BlindChat Launch Announcement. A live demo is available at chat.mithrilsecurity.io!
🔜Coming Soon A Confidential AI Solution Based On Secure Enclave Inference
The fully local approach has some limitations currently, given that it runs completely in the browser. Developers interested in trying out our more advanced private models can sign up for the Alpha waitlist of our BlindChat secure enclave inference.
We will soon integrate BlindLlama, our open-source Confidential and verifiable AI APIs, with BlindChat to have a highly performant, private Conversational AI. This solves the issues of using local models with the current version of BlindChat.
What this means for you:
Lightweight Experience: Say goodbye to heavy bandwidth and computing constraints. Unlike the local version that downloads a 700MB model pull, this model is fully managed.
Optimal Performance: By serving state-of-the-art models, like Llama 2 70B, which traditionally wouldn't run on most devices, you can leverage GPT3.5-like models with privacy.
High Privacy: Thanks to the use of remote enclaves, your data remains end-to-end protected, not even our admins can see it.
Interested in trying it out? Sign up for our Alpha waitlist here.
🔍CEO Articles Spotlight
Privacy Risks of Fine-Tuning LLMs
In my latest article, I shed light on alarming privacy vulnerabilities that can arise when fine-tuning large language models. Data exposure can occur through two key mechanisms - input privacy breaches if the API provider is compromised, and output privacy issues where users can actually prompt the model to reveal confidential training data.
Samsung learned this lesson the hard way when proprietary info like source code was leaked after engineers shared it with ChatGPT during early testing. Even a single exposure in the fine-tuning data can be remembered. Later prompt crafting can trick models into regurgitating secrets. As shared here previously, the research by Patil, Hase, and Bansa shows that trying to remove sensitive data once memorized by the model is nearly impossible. While input privacy risks are common with SaaS, output privacy is unique to large language models' tendency to memorize training sets. Even well-intentioned users could accidentally surface private data.
🧮Evaluating AI Deployment Costs with a New TCO Calculator
As AI adoption accelerates, determining the best deployment approach can be challenging. SaaS APIs are easy to integrate but have hidden costs, while open source models like LLaMA require infrastructure and labor investments. To aid this "build vs buy" decision, Mithril Security has introduced an open-source AI Total Cost of Ownership (TCO) calculator.
🔢 Calculator Insights
The calculator factors in cost per API request based on token pricing, estimated labor expenses for deployment and operations, and overall infrastructure setup costs. It then models total monthly costs across different usage volumes to reveal break-even points. For example, for a banking chatbot use case, the analysis showed open source LLaMA becoming economical after 750,000 monthly requests, equivalent to 30,000 engaged customers.
🛠️ Customizable Comparisons
The calculator provides customizable comparisons tailored to use cases. Users can select models like GPT-4 and LLaMA, adjust request parameters like token counts, and define labor rates. The transparent modeling empowers organizations to make data-driven AI deployment decisions based on projected demand and privacy needs.
👥 Community Contribution
By open sourcing the calculator, we invite the community to enhance it with additional model integrations. As enterprise AI expands, tools like this that surface the true costs of different approaches will be invaluable for strategic planning of AI implementations.
🙏 Thank You!
Thank you for reading our latest newsletter!
📝 Sign Up for the BlindChat Alpha
Be among the first to experience our new features by signing up for the BlindChat Alpha.
🔗 Try the Live BlindChat Demo
Explore our technology in the live BlindChat demo.
💬Contact us Mithril Security Contact
We look forward to your contributions as we build a future of responsible and empowering AI innovation. Let's make AI you can trust together!