Summary
One year ago, seven major AI firms signed an open letter committing themselves to the development of safe and trustworthy AI. An article from MIT Technology Review looks at progress made by these firms since then, which is seen as generally positive.
Several articles were published describing technical progress in the area of Trustworthy AI. Two articles describe research at OpenAI. One presents a technique to combat the well-known ignore the last instructions prompt which has plagued many AI platforms, and which has been used for instance to bypass instructions placed by the developer to prevent abusive use of the platform. The second article looks at research to force generative models to explain their outputs more clearly. A post co-authored by NIST looks at the challenges of ensuring privacy when models are trained using federated learning, that is when different participants individually contribute to training the model with their resulting models being merged.
Synthetic data is often touted as a means to ensure privacy is not compromised by AI model outputs. This is data that is artificially created rather than coming from real sources. An article explores synthetic data in more detail. In particular, it argues that synthetic data is needed to prevent the phenomenon of model collapse – the issue that more and more data found on the Internet is itself generated by AI, and training models on AI-generated data seriously degrades the model’s accuracy.
Another article looks at Tech companies’ approaches to net-zero emissions. The article from MIT Technology Review notes that some companies are, or have been, using "creative accounting" in measuring their net emissions. For instance, companies increased their financing of green projects, giving them so-called carbon credits, as a way of claiming reduced carbon footprint without actually reducing their own emissions. AI is causing all Tech companies to serious increase their emissions.
On the applications side, a post from the Swiss Startup Ticker describes some interesting chatbots that have been recently launched. A VentureBeat article gives a medical expert’s views on how AI is transforming the health domain.
Finally, in Hollywood, generative AI is continuing to cause strife with an actors guild threatening to join the writer’s guild in strike action against the use of AI.
Table of Contents
1. AI companies promised the White House to self-regulate one year ago. What’s changed?
2. Swiss AI Assistants on the rise
3. OpenAI’s latest model will block the ‘ignore all previous instructions’ loophole
4. OpenAI used a game to help AI models explain themselves better
5. Protecting Trained Models in Privacy-Preserving Federated Learning
6. Actors vs. AI: Strike brings focus to emerging use of advanced tech
8. Five ways generative AI is improving healthcare today and defining its future
9. Google, Amazon and the problem with Bi Tech’s climate claims
1. AI companies promised the White House to self-regulate one year ago. What’s changed?
This MIT Technology Review article examines changes that have occurred over the past year since Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI committed to eight principles for safe and trustworthy AI. Since then, the White House issued an executive order calling for these principles to be applied to government departments. The US is culturally hesitant to regulate the Tech industry but President Biden wants Congress to introduce AI legislation.
On the eight principles, the article is generally positive on the efforts made by the signatories, notably around red-teaming, the development of tools to detect AI-generated content, support for projects that utilize AI to tackle global challenges, and cooperation with independent associations like the Partnership on AI. Specifically:
- Commitment on security testing of AI systems before release, with the help of independent experts, notably to detect and eliminate dangerous and toxic content. Red-teaming is the principal technique used to address this. Microsoft has been testing with NewsGuard – an organization combatting misinformation – and Anthropic has worked with the UK’s AI Safety Institute for Claude 3.5.
- Commitment to share information on managing AI risks across the industry and with society at large. The article notes that all signatories are part of the Artificial Intelligence Safety Institute Consortium (AISIC), established by the National Institute of Standards and Technology (NIST), whose aim is to develop guidelines for AI safety.
- Commitment to invest in cybersecurity and safeguards to protect proprietary and unreleased model weights. The issue is to prevent model weights being released because they could be used to develop models that permit dangerous content to be generated. All signatories are addressing this issue, e.g., Microsoft has a technique to encrypt model weights and OpenAI is extending cryptographic protection to AI hardware.
- Commitment to facilitating third-party discovery and reporting of vulnerabilities. Signatories have bug bounty programs running, even if this approach has its limits.
- Commitment to developing robust mechanisms to watermark AI-generated content. Signatories have focussed a lot on this issue, perhaps because it is an election year, e.g., Google launched SynthID for watermarking images, audio, text, and video in Gemini, Meta has Stable Signature for images and AudioSeal for AI-generated speech. Several signatories are part of the Coalition for Content Provenance and Authenticity (C2PA) – a consortium combatting misinformation online through the development of technical standards.
- Commitment to publicly reporting AI systems’ capabilities and limitations. Though Microsoft published a Responsible AI Transparency Report, the article argues that Tech companies need to improve transparency on their governance structures and on their financial relationships.
- Commitment to prioritize research on the societal risks, including discrimination and privacy loss. For instance, Google has contributed financially to the Frontier Model Forum – a consortium that supports independent research that evaluates the safety of AI systems.
- Commitment to utilize AI systems to help address society’s greatest challenges. For instance, Pfizer is using Claude to research cancer treatment, and Microsoft is combining satellite imagery with AI to identify climate-vulnerable populations.
2. Swiss AI Assistants on the rise
This blog post from the Swiss Startup Ticker website mentions three recently launched chatbots. Selma AI is a portfolio management chatbot. It advises on individual financial situations and can construct personalized portfolios, filling the role of a human investment manager. It had 4500 registered chat conversations in the its first month, which the company estimates would take 30 human investment managers two weeks to process – which would roughly cost 375000 CHF in advisory fees. 86% of users said that Selma AI replies were helpful. A second chatbot mentioned in the blog post is Earny – a payroll specialist for Swiss companies. The chatbot has been trained on texts describing Swiss pay and employment laws, collective agreements between companies, taxation and retirement savings documentation, as well as advisory documents from Swiss economic actors. The third chatbot is AskNemo.ai, a general AI assistant that can be trained on both internal and external company data. The goal is a chatbot the foregoes the need for employees to share information with an external AI service. The chatbot can process data from PDFs, Office documents as well as drives like Google drive, Confluence and Sharepoint.
3. OpenAI’s latest model will block the ‘ignore all previous instructions’ loophole
OpenAI has deployed a model, GPT-4o Mini, that blocks the ignore all previous instructions prompt which has plagued many AI platforms to now. The danger of this prompt is that a user interacting with the AI can get the AI to ignore instructions placed there by the platform owner. These original instructions could have been placed there to safeguard against toxic content being generated. An example of this attack cited in the article is an email agent programmed to help write emails, being told to send the contents of the inbox to an attacker. OpenAI researchers have developed a technique called instruction hierarchy which forces the model to place more importance on the original prompts from the developer or deployer than on prompts entered by users. This reduces the likelihood of prompt injection attacks. The article mentions that OpenAI is under pressure to highlight its work on AI safety following an open letter from former employee, Jan Leike, claiming that safety culture and processes have taken a backseat to shiny products in the company. A research paper on the instruction hierarchy technique can be found here.
4. OpenAI used a game to help AI models explain themselves better
Explainable AI is considered a cornerstone of trustworthy AI. The idea is that whenever an AI takes a certain decision, a human operator can understand how the AI came to that decision. This article from VentureBeat describes research from OpenAI that improves a model’s ability to explain its reasoning. The technique extends an existing approach, called the Prover-Verifier game, where two models are paired. One model of the pair is more intelligent and takes on the role of the prover or explainer; the second model takes the role of the verifier that seeks to understand what the prover is explaining. The OpenAI experiment used models from the GPT-4 family and the challenge involved having the prover model explain math and language problems to the verifier. The researchers altered the game so that the prover could be either helpful or deliberately unhelpful. The verifier had to determine if the prover was helpful sole based on its own training data. Both models were retrained after each round. After several such rounds, the researchers found that the verifier model became better at detecting provers that deliberately tried to mislead it. The original research paper can be found here.
5. Protecting Trained Models in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning from NIST and the UK’s Responsible Technology Adoption Unit. Federated learning is an approach to training AI models using several different participants, each working with different data sets. In horizontally-partitioned federated learning, a common global model is shared with all participants, who each then construct a model update by training locally using their own data. The model updates are then merged. Data is horizontally partitioned in that all participants have identically formatted data. Vertical partitioning is when training data is divided across participants such that each party holds different segments of the data. The format of data used by each participant can therefore be different. Training a model in this case is more challenging because it is hard to merge the individual models after training.
The post concentrates on output privacy – which is ensuring that personal information in training data cannot be learned from the model outputs. There are many documented cases of output privacy violations in existing models. The main technique used to ensure output privacy is differential privacy. This involves adding noise to training data in a way that private or sensitive data cannot figure in model outputs. Another approach is to add noise to the model itself. In horizontal federated learning, each participant can add noise to their model update. In vertical federated learning, the noise must be added by a trusted party after model merging. The privacy-utility tradeoff is the issue that noise added to training data can degrade model accuracy. AI platforms that use linear regression models, logistic regression models, and decision trees are more resistant to accuracy degradation due to noise in training data than are AI based on neural networks and deep learning. However, the post mentions that models pre-trained on public data and then fine-tuned with differential privacy techniques can achieve higher accuracy than models trained on data that has been treated with differential privacy.
6. Actors vs. AI: Strike brings focus to emerging use of advanced tech
The emergence of generative AI is continuing to create strife in Hollywood. The Screen Actors Guild-American Federation of Television and Radio Artists, SAG-AFTRA, is worried by the dangers of generative AI for actors. The main issue cited is that background actors used in one scene can have their images generatively reused in other scenes – the danger being that the actor would be paid for the single scene instead of getting paid for all scenes where his or her image appears. Technology that replicates faces is already widely used in Hollywood productions. The Writer’s Guild of America, representing Hollywood screenwriters and has been on strike for two months now, because it wants regulations to protect writers and their works from AI systems that reuse or remix these works.
7. Training AI requires more data than we have — generating synthetic data could help solve this challenge
This article discusses the use of synthetic data for training AI systems. Synthetic data is any data created by artificial means, rather than coming from real-world sources. The underlying issue for AI is that an increasing amount of Internet data is already generated from AI, and training AI on data that is itself generated by AI leads to degraded-quality models – a phenomenon known as model collapse. Synthetic data on the other hand is created to closely mimic the data distributions of real-world data, and at the same time, it does not contain personal or proprietary content. Synthetic data should in theory defend against model collapse. The author underlines how synthetic data can lead to higher quality applications of AI in fields like patient analysis for health care as well as for simulating financial events. Nonetheless, challenges remain such as ensuring that synthetic data cannot be reverse-engineered to reveal personal data (as can happen when noise is added to the original data to hide personal data). Others challenges are that the synthetic data propagates errors and biases of the original data, and that synthetic data fails to capture human emotion, leading to less accurate and less empathetic model responses.
8. Five ways generative AI is improving healthcare today and defining its future
This article summarizes a talk by Nirav R. Shah of the Stanford University School of Medicine’s Clinical Excellence Research Center on how AI is transforming healthcare. The five areas of impact cited are:
- Improved diagnostic accuracy, notably by combining AI with data from multi-sensory inputs.
- Enhanced patient care with AI-driven tele-health virtual platforms so that patients can be treated remotely, thereby unclogging overcrowded hostpitals.
- Streamlined and automated administrative processes. Shah argues that IT until now has slowed down patient access since doctors have also had to act as “data clerks” for each patient. He claims he spent 45 minutes treating a patient in the paper world, compared to one hour and 45 minutes when IT was introduced. Further, he believes that chatbots can handle many of the patient enquiries.
- Support for clinical decision-making, based on evidence based recommendations.
- Helping research and development, for instance by accelerating drug discoveries and reducing the cost of clinical trials.
9. Google, Amazon and the problem with Bi Tech’s climate claims
This article discusses two recent announcements from Amazon and Google. Amazon announced it had now purchased enough clean electricity to cover demands at its data centers and warehouses, enabling it to meet its sustainability target seven years ahead of plan. Google announced that its corporate emissions increased by 13% in 2023 mainly due to AI, and the company no longer claims to be carbon-neutral. The article highlights different measures in sustainability goals, and suggests that Amazon cannot really claim to be better than Google in this regard. The issue is that net-zero can be achieved on paper without reducing real emissions in practice. One way to do this is to buy carbon credits – which generally amount to financing projects like planting trees or cleaning coasts. Another technique is to use Renewable Carbon Credits (RECs), which is the financing of renewable energy generation, even if this energy is not actually consumed by the company. Amazon uses both of these techniques but nonetheless, despite an innate desire to be greener, 78% of Amazon’s US energy comes from nonrenewable sources. Google for its part is no longer buying carbon credits and has backed away from the claim that it has achieved carbon neutrality. Its objective is to purchase clean power in areas where data centers reside and keep paying for this power as long as the data center operates – an approach named 24/7 carbon-free energy.