With the world’s focus turning to misinformation,  manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we’re learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic governance and public protection.

Just three Big Tech firms (Microsoft, Google, and Amazon) control about two-thirds of the global market for the cloud computing resources used to train and deploy AI models. They have a lot of the AI talent, the capacity for large-scale innovation, and face few public regulations for their products and activities.

The increasingly centralized control of AI is an ominous sign for the co-evolution of democracy and technology. When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the general public or ordinary consumers.

To benefit society as a whole we also need strong public AI as a counterbalance to corporate AI, as well as stronger democratic institutions to govern all of AI.

One model for doing this is an AI Public Option, meaning AI systems such as foundational large-language models designed to further the public interest. Like public roads and the federal postal system, a public AI option could guarantee universal access to this transformative technology and set an implicit standard that private services must surpass to compete.

Widely available public models and computing infrastructure would yield numerous benefits to the U.S. and to broader society. They would provide a mechanism for public input and oversight on the critical ethical questions facing AI development, such as whether and how to incorporate copyrighted works in model training, how to distribute access to private users when demand could outstrip cloud computing capacity, and how to license access for sensitive applications ranging from policing to medical use. This would serve as an open platform for innovation, on top of which researchers and small businesses—as well as mega-corporations—could build applications and experiment.

Versions of public AI, similar to what we propose here, are not unprecedented. Taiwan, a leader in global AI, has innovated in both the public development and governance of AI. The Taiwanese government has invested more than $7 million in developing their own large-language model aimed at countering AI models developed by mainland Chinese corporations. In seeking to make “AI development more democratic,” Taiwan’s Minister of Digital Affairs, Audrey Tang, has joined forces with the Collective Intelligence Project to introduce Alignment Assemblies that will allow public collaboration with corporations developing AI, like OpenAI and Anthropic. Ordinary citizens are asked to weigh in on AI-related issues through AI chatbots which, Tang argues, makes it so that “it’s not just a few engineers in the top labs deciding how it should behave but, rather, the people themselves.”

A variation of such an AI Public Option, administered by a transparent and accountable public agency, would offer greater guarantees about the availability, equitability, and sustainability of AI technology for all of society than would exclusively private AI development.

Training AI models is a complex business that requires significant technical expertise; large, well-coordinated teams; and significant trust to operate in the public interest with good faith. Popular though it may be to criticize Big Government, these are all criteria where the federal bureaucracy has a solid track record, sometimes superior to corporate America.

After all, some of the most technologically sophisticated projects in the world, be they orbiting astrophysical observatories, nuclear weapons, or particle colliders, are operated by U.S. federal agencies. While there have been high-profile setbacks and delays in many of these projects—the Webb space telescope cost billions of dollars and decades of time more than originally planned—private firms have these failures too. And, when dealing with high-stakes tech, these delays are not necessarily unexpected.

Given political will and proper financial investment by the federal government, public investment could sustain through technical challenges and false starts, circumstances that endemic short-termism might cause corporate efforts to redirect, falter, or even give up.

The Biden administration’s recent Executive Order on AI opened the door to create a federal AI development and deployment agency that would operate under political, rather than market, oversight. The Order calls for a National AI Research Resource pilot program to establish “computational, data, model, and training resources to be made available to the research community.”

While this is a good start, the U.S. should go further and establish a services agency rather than just a research resource. Much like the federal Centers for Medicare & Medicaid Services (CMS) administers public health insurance programs, so too could a federal agency dedicated to AI—a Centers for AI Services—provision and operate Public AI models. Such an agency can serve to democratize the AI field while also prioritizing the impact of such AI models on democracy—hitting two birds with one stone.

Like private AI firms, the scale of the effort, personnel, and funding needed for a public AI agency would be large—but still a drop in the bucket of the federal budget. OpenAI has fewer than 800 employees compared to CMS’s 6,700 employees and annual budget of more than $2 trillion. What’s needed is something in the middle, more on the scale of the National Institute of Standards and Technology, with its 3,400 staff, $1.65 billion annual budget in FY 2023, and extensive academic and industrial partnerships. This is a significant investment, but a rounding error on congressional appropriations like 2022’s $50 billion  CHIPS Act to bolster domestic semiconductor production, and a steal for the value it could produce. The investment in our future—and the future of democracy—is well worth it.

What services would such an agency, if established, actually provide? Its principal responsibility should be the innovation, development, and maintenance of foundational AI models—created under best practices, developed in coordination with academic and civil society leaders, and made available at a reasonable and reliable cost to all US consumers.

Foundation models are large-scale AI models on which a diverse array of tools and applications can be built. A single foundation model can transform and operate on diverse data inputs that may range from text in any language and on any subject; to images, audio, and video; to structured data like sensor measurements or financial records. They are generalists which can be fine-tuned to accomplish many specialized tasks. While there is endless opportunity for innovation in the design and training of these models, the essential techniques and architectures have been well established.

Federally funded foundation AI models would be provided as a public service, similar to a health care private option. They would not eliminate opportunities for private foundation models, but they would offer a baseline of price, quality, and ethical development practices that corporate players would have to match or exceed to compete.

And as with public option health care, the government need not do it all. It can contract with private providers to assemble the resources it needs to provide AI services. The U.S. could also subsidize and incentivize the behavior of key supply chain operators like semiconductor manufacturers, as we have already done with the CHIPS act, to help it provision the infrastructure it needs.

The government may offer some basic services on top of their foundation models directly to consumers: low hanging fruit like chatbot interfaces and image generators. But more specialized consumer-facing products like customized digital assistants, specialized-knowledge systems, and bespoke corporate solutions could remain the provenance of private firms.

The key piece of the ecosystem the government would dictate when creating an AI Public Option would be the design decisions involved in training and deploying AI foundation models. This is the area where transparency, political oversight, and public participation could affect more democratically-aligned outcomes than an unregulated private market.

Some of the key decisions involved in building AI foundation models are what data to use, how to provide pro-social feedback to “align” the model during training, and whose interests to prioritize when mitigating harms during deployment. Instead of ethically and legally questionable scraping of content from the web, or of users’ private data that they never knowingly consented for use by AI, public AI models can use public domain works, content licensed by the government, as well as data that citizens consent to be used for public model training.

Public AI models could be reinforced by labor compliance with U.S. employment laws and public sector employment best practices. In contrast, even well-intentioned corporate projects sometimes have committed labor exploitation and violations of public trust, like Kenyan gig workers giving endless feedback on the most disturbing inputs and outputs of AI models at profound personal cost.

And instead of relying on the promises of profit-seeking corporations to balance the risks and benefits of who AI serves, democratic processes and political oversight could regulate how these models function. It is likely impossible for AI systems to please everybody, but we can choose to have foundation AI models that follow our democratic principles and protect minority rights under majority rule.

Foundation models funded by public appropriations (at a scale modest for the federal government) would obviate the need for exploitation of consumer data and would be a bulwark against anti-competitive practices, making these public option services a tide to lift all boats: individuals’ and corporations’ alike. However, such an agency would be created among shifting political winds that, recent history has shown, are capable of alarming and unexpected gusts. If implemented, the administration of public AI can and must be different. Technologies essential to the fabric of daily life cannot be uprooted and replanted every four to eight years. And the power to build and serve public AI must be handed to democratic institutions that act in good faith to uphold constitutional principles.

Speedy and strong legal regulations might forestall the urgent need for development of public AI. But such comprehensive regulation does not appear to be forthcoming. Though several large tech companies have said they will take important steps to protect democracy in the lead up to the 2024 election, these pledges are voluntary and in places nonspecific. The U.S. federal government is little better as it has been slow to take steps toward corporate AI legislation and regulation (although a new bipartisan task force in the House of Representatives seems determined to make progress). On the state level, only four jurisdictions have successfully passed legislation that directly focuses on regulating AI-based misinformation in elections. While other states have proposed similar measures, it is clear that comprehensive regulation is, and will likely remain for the near future, far behind the pace of AI advancement. While we wait for federal and state government regulation to catch up, we need to simultaneously seek alternatives to corporate-controlled AI.

In the absence of a public option, consumers should look warily to two recent markets that have been consolidated by tech venture capital. In each case, after the victorious firms established their dominant positions, the result was exploitation of their userbases and debasement of their products. One is online search and social media, where the dominant rise of Facebook and Google atop a free-to-use, ad supported model demonstrated that, when you’re not paying, you are the product. The result has been a widespread erosion of online privacy and, for democracy, a corrosion of the information market on which the consent of the governed relies. The other is ridesharing, where a decade of VC-funded subsidies behind Uber and Lyft squeezed out the competition until they could raise prices.

The need for competent and faithful administration is not unique to AI, and it is not a problem we can look to AI to solve. Serious policymakers from both sides of the aisle should recognize the imperative for public-interested leaders not to abdicate control of the future of AI to corporate titans. We do not need to reinvent our democracy for AI, but we do need to renovate and reinvigorate it to offer an effective alternative to untrammeled corporate control that could erode our democracy.

Read More

Sensitive data from Switzerland government departments were leaked by the Play ransomware group after an attack on Xplain, including classified documents and log in credentials

Read More

With the proliferation of AI/ML enabled technologies to deliver business value, the need to protect data privacy and secure AI/ML applications from security risks is paramount. An AI governance  framework model like the NIST AI RMF to enable business innovation and manage risk is just as important as adopting guidelines to secure AI. Responsible AI starts with securing AI by design and securing AI with Zero Trust architecture principles.

Vulnerabilities in ChatGPT

A recent discovered vulnerability found in version gpt-3.5-turbo exposed identifiable information. The vulnerability was reported in the news late November 2023. By repeating a particular word continuously to the chatbot it triggered the vulnerability. A group of security researchers with Google DeepMind, Cornell University, CMU, UC Berkeley, ETH Zurich, and the University of Washington studied the “extractable memorization” of training data that an adversary can extract by querying a ML model without prior knowledge of the training dataset.

The researchers’ report show an adversary can extract gigabytes of training data from open-source language models. In the vulnerability testing, a new developed divergence attack on the aligned ChatGPT caused the model to emit training data 150 times higher. Findings show larger and more capable LLMs are more vulnerable to data extraction attacks, emitting more memorized training data as the volume gets larger. While similar attacks have been documented with unaligned models, the new ChatGPT vulnerability exposed a successful attack on LLM models typically built with strict guardrails found in aligned models.

This raises questions about best practices and methods in how AI systems could better secure LLM models, build training data that is reliable and trustworthy, and protect privacy.

U.S. and UK’s Bilateral cybersecurity effort on securing AI

The US Cybersecurity Infrastructure and Security Agency (CISA) and UK’s National Cyber Security Center (NCSC) in cooperation with 21 agencies and ministries from 18 other countries are supporting the first global guidelines for AI security. The new UK-led guidelines for securing AI as part of the U.S. and UK’s bilateral cybersecurity effort was announced at the end of November 2023.

The pledge is an acknowledgement of AI risk by nation leaders and government agencies worldwide and is the beginning of international collaboration to ensure the safety and security of AI by design. The Department of Homeland Security (DHS) CISA and UK NCSC joint guidelines for Secure AI system Development aims to ensure cybersecurity decisions are embedded at every stage of the AI development lifecycle from the start and throughout, and not as an afterthought.

Securing AI by design

Securing AI by design is a key approach to mitigate cybersecurity risks and other vulnerabilities in AI systems. Ensuring the entire AI system development lifecycle process is secure from design to development, deployment, and operations and maintenance is critical to an organization realizing its full benefits. The guidelines documented in the Guidelines for Secure AI System Development aligns closely to software development life cycle practices defined in the NSCS’s Secure development and deployment guidance and the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

The 4 pillars that embody the Guidelines for Secure AI System Development offers guidance for AI providers of any systems whether newly created from the ground up or built on top of tools and services provided from others.

1.      Secure design

The design stage of the AI system development lifecycle covers understanding risks and threat modeling and trade-offs to consider on system and model design.

Maintain awareness of relevant security threats
Educate developers on secure coding techniques and best practices in securing AI at the design stage
Assess and quantify threat and vulnerability criticality
Design AI system for appropriate functionality, user experience, deployment environment, performance, assurance, oversight, ethical and legal requirements
Select AI model architecture, configuration, training data, and training algorithm and hyperparameters using data from threat model

2.     Secure development

The development stage of the AI system development lifecycle provides guidelines on supply chain security, documentation, and asset and technical debt management.

Assess and secure supply chain of AI system’s lifecycle ecosystem
Track and secure all assets with associated risks
Document hardware and software components of AI systems whether developed internally or acquired through other third-party developers and vendors
Document training data sources, data sensitivity and guardrails on its intended and limited use
Develop protocols to report potential threats and vulnerabilities

3.     Secure deployment

The deployment stage of the AI system development lifecycle contains guidelines on protecting infrastructure and models from compromise, threat or loss, developing incident management processes, and responsible release.

Secure infrastructure by applying appropriate access controls to APIs, AI models and data, and to their training and processing pipeline, in R&D, and deployment
Protect AI model continuously by implementing standard cybersecurity best practices
Implement controls to detect and prevent attempts to access, modify, or exfiltrate confidential information
Develop incident response, escalation, and remediation plans supported by high-quality audit logs and other security features & capabilities
Evaluate security benchmarks and communicate limitations and potential failure modes before releasing generative AI systems

4.     Secure operations and maintenance

The operations and maintenance stage of the AI system development life cycle provide guidelines on actions once a system has been deployed which includes logging and monitoring, update management, and information sharing.

Monitor the AI model system’s behavior
Audit for compliance to ensure system complies with privacy and data protection requirements
Investigate incidents, isolate threats, and remediate vulnerabilities
Automate product updates with secure modular updates procedures for distribution
Share lessons learned and best practices for continuous improvement

Securing AI with Zero Trust principles

AI and ML has accelerated Zero Trust adoption. A Zero Trust approach follows the principles of trust nothing and verify everything. It adopts the principle of enforcing least privilege per-request access for every entity – user, application, service, or device. No entity is trusted by default. It’s the shift from the traditional security perimeter where anything inside the network perimeter was considered trusted to nothing can be trusted especially with the rise in lateral movements and insider threats. The enterprise and consumer adoption of private and public hybrid multi-cloud in an increasingly mobile world expanded an organization’s attack surface with cloud applications, cloud service, and the Internet of Things (IoT).

Zero Trust addresses the shift from a location-centric model to a more data-centric approach for granular security controls between users, devices, systems, data, applications, services, and assets. Zero Trust requires visibility and continuous monitoring and authentication of every one of these entities to enforce security policies at scale. Implementing Zero Trust architecture includes the following components:

Identity and access – Govern identity management with risk-based conditional access controls, authorization, accounting, and authentication such as phishing-resistant MFA
Data governance – Provide data protection with encryption, DLP, and data classification based on security policy
Networks – Encrypt DNS requests and HTTP traffic within their environment. Isolate and contain with microsegmentation.
Endpoints – Prevent, detect, and respond to incidents on identifiable and inventoried devices. Persistent threat identification and remediation with endpoint protection using ML. Enable Zero Trust Access (ZTA) to support remote access users instead of traditional VPN.
Applications – Secure APIs, cloud apps, and cloud workloads in the entire supply chain ecosystem
Automation and orchestration – Automate actions to security events. Orchestrate modern execution for operations and incident response quickly and effectively.
Visibility and analytics – Monitor with ML and analytics such as UEBA to analyze user behavior and identify anomalous activities

Securing AI for humans 

The foundation for responsible AI is a human-centered approach. Whether nations, businesses, and organizations around the world are forging efforts to secure AI through joint agreements, international standard guidelines, and specific technical controls & concepts, we can’t ignore that protecting humans are at the center of it all.

Personal data is the DNA of our identity in the hyperconnected digital world. Personal data are Personal Identifiable Information (PII) beyond name, date of birth, address, mobile numbers, information on medical, financial, race, and religion, handwriting, fingerprint, photographic images, video, and audio. It also includes biometric data like retina scans, voice signatures, or facial recognition. These are the digital characteristics that makes each of us unique and identifiable.

Data protection and preserving privacy remains a top priority. AI scientists are exploring use of synthetic data to reduce bias in order to create a balanced dataset for learning and training AI systems.

Securing AI for humans is about protecting our privacy, identity, safety, trust, civil rights, civil liberties, and ultimately, our survivability.

To learn more

·       Explore our Cybersecurity consulting services to help.

Read More

Alleged Chinese spy Linwei Ding is accused of stealing proprietary IP from Google

Read More

Security experts warn of mass exploitation of critical TeamCity vulnerability

Read More

Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what’s the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast … Continue reading “Smashing Security podcast #362: Ransomware fraud, pharmacy chaos, and suicide”

Read More