Risks

Here we discuss AI safety, risks, and mitigations. This is an important and complex topic, so it’s great to see wide public interest in it.

To start with, AI safety refers to the field of study concerned with ensuring that artificial intelligence and machine learning technologies are developed and implemented in a manner that is beneficial to humanity and does not pose unreasonable risks to human values, autonomy, or well-being.

As in most controversial subjects, we look at both sides of the argument. In setting laws and informal guidelines for AI research and deployment, it is important to not lose site of advantages that AI will provide society

• Reduction in Human Error: One of the biggest advantages of Artificial Intelligence is that it can significantly reduce errors and increase accuracy and precision. The decisions taken by AI in every step is decided by information previously gathered and a certain set of algorithms. When programmed properly, these errors can be reduced to null1.
• Increased Efficiency: AI can drive down the time taken to perform a task, enable multi-tasking, and ease the workload for existing resources. It enables the execution of hitherto complex tasks without significant cost outlays2.
• 24x7 Availability: AI operates 24x7 without interruption or breaks and has no downtime2.

Wearing “rose colored glasses” we can imagine more far reaching advantages:

• In the medical field, AI can help solve several healthcare challenges, including administrative workflow automation, virtual nurses, robot-assisted surgery, diagnosis aid, and health monitoring. Soon, AI will be able to predict an individual’s risk of certain diseases and suggest preventative measures. Deep learning models like Alpha Fold have already accelerated medical and biological research.
• In terms of environmental challenges, AI can help reduce errors and increase efficiency in processes, reducing energy use. It can also monitor raw materials use and create opportunities to use less. AI can play a role in tackling environmental challenges from designing more energy-efficient buildings to monitoring deforestation to optimizing renewable energy deployment.
• AI can also help address social and political problems. Some solutions to address AI’s anticipated negative impacts include improving collaboration across borders and stakeholder groups, developing policies to assure that development of AI will be directed at augmenting humans and the common good, and shifting the priorities of economic, political and education systems to empower individuals and countries to thrive.

These advantages are just a few examples of how AI can benefit society. In the next section we return to the broad subject of AI safety.

Billionaire investor Vinod Khosla makes strong arguments against international agreements limiting and controlling AI development and deployment. He argues that while run-away AI poses some small risk, this risk is less than an asteroid hitting the earth and much less than an economic (and perhaps military) adversary like China winning the AI race. On Kara Swisher’s podcast, Khosla argues that while international regulation of nuclear weapons and biowarfare can be effective, it is not possible to monitor the use of AI for producing propaganda, changing public opinion on a global scale and other applications of AI are difficult to detect and monitor.

As I write this chapter, the US Congress is holding hearings on a national level regarding the regulation of AI. I am personally against this, you dear reader might have different opinions. I don’t like the idea of regulations that entrench large corporate incumbents like Microsoft, Google, Facebook, OpenAI, etc. It is an uphill battle but let’s at least try to have a level playing field.

There are several key aspects of AI safety, including:

• Robustness: AI systems should continue to operate correctly even under novel conditions or when facing adversarial attacks. They should be robust to changes in their environment and not break in unexpected ways.

• Interpretability: It’s crucial that we can understand and interpret what an AI is doing and why. This helps in diagnosing issues, improving the AI, and building trust in its decisions.

• Alignment: AI systems should be designed to understand and respect human values and goals, even as they learn and evolve. This is known as the problem of value alignment.

• Fairness: AI systems should not perpetuate or amplify existing biases. They should treat all individuals and groups in a fair and unbiased way.

Risks associated with AI primarily revolve around its misuse, the amplification of existing societal biases, decision-making transparency, and the concept of an intelligence explosion or singularity. Mitigation strategies involve careful design, ongoing monitoring, regulation, and public dialogue.

Do you have specific aspects of AI safety and risks that you’re particularly interested in, or should we delve more deeply into one of the topics I’ve outlined?

We will also consider following risks in using LLMs:

• Leaking customer data.
• Inaccurate results from LLMs.
• Legal exposure to the use of possibly private data used to train LLMs.
• Protecting your business processes from competition.
• Building a system that does not respect the best interests of its users.

Leaking of customer data is a serious concern in the field of AI, as well as in the broader context of information technology and data privacy. This isn’t a risk unique to AI, but AI systems can potentially exacerbate the issue if they are not designed and used responsibly.

There are a few ways in which AI systems might contribute to the risk of leaking customer data:

• Data storage and handling: AI models are trained on large datasets, which might include sensitive customer information. If this data is not stored and handled securely, it could be at risk of being accessed or stolen by malicious actors.
• Model inversion attacks: This is a specific type of attack where an adversary tries to recover sensitive data from the outputs of an AI model. For example, if a model was trained on medical data, an attacker might be able to input synthetic data to the model and infer sensitive information about individuals from the model’s outputs.
• Membership inference attacks: This is another type of attack where an adversary attempts to determine if a specific data record was part of the training dataset. If successful, it could reveal that a specific individual’s data was used in the training of the model.

To mitigate these risks, several strategies are commonly employed:

• Data anonymization and pseudonymization: Removing personally identifiable information from datasets can help protect individual privacy. However, this alone is not enough as sophisticated techniques can often re-identify data.
• Differential privacy: This is a mathematical framework for quantifying the privacy leakage of a system. It provides a way to train AI models while ensuring that the output does not reveal specific information about the individuals in the training dataset.
• Secure multi-party computation and homomorphic encryption: These are cryptographic techniques that allow AI models to be trained on encrypted data, providing a high level of data security.
• Federated learning: This is a machine learning approach where the model is trained across multiple devices or servers holding local data samples, without exchanging the data itself. This can help protect sensitive data while still allowing for AI model training.
• Regular audits and security measures: Regular security audits can help identify and fix potential security vulnerabilities. Additionally, best practices like least privilege access, robust authentication methods, and strong encryption should be used when storing and handling data. However, despite these measures, the risk can never be completely eliminated. Therefore, transparency about data usage and robust legal frameworks to protect individuals’ data is crucial.

LLMs like ChatGPT can sometimes produce inaccurate or misleading results. There are several reasons for this:

• Training Data Limitations: LLMs are trained on a vast amount of text data from the internet. However, the internet is full of both accurate information and misinformation. The models do not have a way of distinguishing truth from falsehood in their training data.
• Lack of World Knowledge: LLMs don’t have real-world knowledge or experiences. They don’t “know” facts in the way humans do, but rather, generate responses based on patterns they’ve learned from their training data. Their understanding is limited to the information available up to their training cut-off (for example, this version of ChatGPT was last trained on data up to September 2021).
• Inference Errors: Even when the training data is correct and comprehensive, LLMs can still make mistakes during the inference process (i.e., when generating responses). This could be due to the inherent complexity of language and the many ambiguities and nuances it contains.

Mitigation strategies for these risks include:

• Model Improvements: Continuous research and development can help improve the accuracy and reliability of LLMs. This could involve better training techniques, improved architectures, or more diverse and high-quality training data.
• User Education: It’s crucial for users to understand the limitations of LLMs and to not rely on them for critical or sensitive decisions without further verification.
• External Fact-Checking: In some cases, it may be beneficial to pair LLMs with external databases or fact-checking services to improve their accuracy. However, this comes with its own set of challenges, including ensuring the accuracy and impartiality of the fact-checking source itself.
• Feedback Mechanisms: Allowing users to flag and report inaccurate or misleading responses can help improve the system over time.

Remember, while LLMs can be useful tools, they should be used as a part of a larger toolkit, and their outputs should be critically evaluated and cross-checked with other reliable sources.

The use of private data to train LLMs can indeed lead to legal exposure and ethical concerns. Privacy laws vary by country and region, but globally there is a growing emphasis on the protection of personal data.

The most significant legal framework for data protection in the context of AI training is the General Data Protection Regulation (GDPR) in the European Union, but many countries have similar regulations. The GDPR specifies that personal data must be processed lawfully, fairly, and in a transparent manner. It also introduces the concepts of “data minimization” and “purpose limitation”, meaning that only the minimum necessary data should be collected for the specific purpose stated, and not used beyond that purpose.

Here are the key points of concern when it comes to using private data for training LLMs:

• Informed Consent: If private data is used, the individuals from whom the data is collected should give informed consent. This means they should be fully aware of how their data will be used, and agree to it. Using data without informed consent could lead to legal consequences.
• Anonymization and De-identification: Even with consent, the data used for training should ideally be anonymized or de-identified to protect the privacy of individuals. However, it’s important to note that anonymization is not always foolproof, and sophisticated techniques can sometimes re-identify anonymized data.
• Data Minimization and Purpose Limitation: As per GDPR and similar regulations, only the minimum necessary data should be used, and it should not be used beyond the stated purpose. This is particularly relevant for LLMs, which are often trained on large amounts of data.
• Potential for Privacy Breaches: There’s a risk that LLMs could inadvertently reveal private information used in their training. For example, if an LLM was trained on a dataset that included private conversations, it might generate text that closely resembles those conversations, potentially exposing private information.

To mitigate these legal risks, companies and researchers need to follow best practices for data handling and privacy, including obtaining informed consent, anonymizing data, regularly auditing their data practices, and ensuring their methods are in line with the latest regulations and ethical guidelines. They may also need to explore advanced techniques like differential privacy, federated learning, and secure multi-party computation, which can provide additional layers of privacy protection.

Overall, the use of private data in AI training is a complex issue that needs to be navigated with care. It requires a balance between developing effective AI models and respecting individual privacy rights.

Protecting your business processes from competition is a significant concern, particularly in the age of AI and digital technology. Here are a few strategies that you can employ:

• Intellectual Property Protection: If your business processes involve unique methodologies or technologies, consider seeking intellectual property protection. This could include patents, copyrights, or trade secrets. It’s important to consult with a legal expert to understand the best options for your specific situation.
• Non-Disclosure Agreements (NDAs): If you’re sharing sensitive information with employees, contractors, partners, or investors, make sure they sign NDAs. This legally prevents them from disclosing your confidential information to others.
• Secure Your Data: Make sure all your business data is stored securely, with robust encryption and regular backups. Limit access to sensitive data to only those who need it, and use strong authentication methods to prevent unauthorized access.
• Employee Training: Ensure your employees are well-trained in data security and understand the importance of keeping business processes confidential. This includes awareness of common security threats like phishing and social engineering.
• Monitor AI Usage: If you’re using AI technologies, it’s important to monitor their usage and outputs. AI models can sometimes inadvertently reveal sensitive information, particularly if they’re trained on sensitive data. Use privacy-preserving techniques like differential privacy or federated learning to reduce this risk.
• Competitive Intelligence: Keep an eye on what your competitors are doing. While you don’t want to copy them, understanding their strategies can help you stay one step ahead.
• Continual Innovation: One of the best ways to stay ahead of the competition is through continual innovation. Keep improving your processes, products, or services to provide better value to your customers.

Remember, while competition can be challenging, it can also drive innovation and growth. The key is to find a balance between protecting your business processes and staying open to new ideas and opportunities.