122
you are viewing a single comment's thread
view the rest of the comments
[-] WalnutLum@lemmy.ml 8 points 5 months ago

I suppose the importance of the openness of the training data depends on your view of what a model is doing.

If you feel like a model is more like a media file that the model loaders are playing back, where the prompt is more of a type of control over how you access this model then yes I suppose from a trustworthiness aspect there's not much to the model's training corpus being open

I see models more in terms of how any other text encoder or serializer would work, if you were, say, manually encoding text. While there is a very low chance of any "malicious code" being executed, the importance is in the fact that you can check the expectations about how your inputs are being encoded against what the provider is telling you.

As an example attack vector, much like with something like a malicious replacement technique for anything, if I were to download a pre-trained model from what I thought was a reputable source, but was man-in-the middled and provided with a maliciously trained model, suddenly the system I was relying on that uses that model is compromised in terms of the expected text output. Obviously that exact problem could be fixed with some has checking but I hope you see that in some cases even that wouldn't be enough. (Such as malicious "official" providence)

As these models become more prevalent, being able to guarantee integrity will become more and more of an issue.

[-] FaceDeer@fedia.io 1 points 5 months ago

Even if you trained the AI yourself from scratch you still can't be confident you know what the AI is going to say under any given circumstance. LLMs have an inherent unpredictability to them. That's part of their purpose, they're not databases or search engines.

if I were to download a pre-trained model from what I thought was a reputable source, but was man-in-the middled and provided with a maliciously trained model

This is a risk for anything you download off the Internet, even source code could be MITMed to give you something with malicious stuff embedded in it. And no, I don't believe you'd read and comprehend every line of it before you compile and run it. You need to verify checksums

As I said above, the real security comes from the code that's running the LLM model. If someone wanted to "listen in" on what you say to the AI, they'd need to compromise that code to have it send your inputs to them. The model itself can't do that. If someone wanted to have the model delete data or mess with your machine, it would be the execution framework of the model that's doing that, not the model itself. And so forth.

You can probably come up with edge cases that are more difficult to secure, such as a troubleshooting AI whose literal purpose is messing with your system's settings and whatnot, but that's why I said "99% of the way there" in my original comment. There's always edge cases.

this post was submitted on 15 Jun 2024
122 points (93.0% liked)

Privacy

32024 readers
1132 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS