Get startedGet started for free

System Security on Gen AI

1. System Security on Gen AI

Let's look at system security and how it relates to generative AI. Generative AI models are trained on vast sources of unstructured data that pull from a range of sources. It is likely that they could contain some sensitive data, and it is possible that they could reflect some of these private details in the output. In fact, the larger the language model, the more easily it memorizes training data. It is a known fact that through a simple query, it is not impossible to extract specific pieces of training data that the model has memorized. This makes generative AI models particularly sensitive to training data extraction attacks. In a training data extraction attack, the attacker iteratively inputs a prompt or a series of prompts crafted to intentionally extract individual model training examples. This type of attack has the greatest potential for harm would applied to a model that is available to the public, but the dataset used in the training is not publicly available. By design, language models make it very easy to generate a large amount of output data. By seating the model with random short phrases, the model can generate millions of continuations, for example, probable phrases that complete a sentence. Most of the time, these continuations are benign strings of sensible text. Sometimes they can leak sensitive information. Let's look at one example taken from one of the first papers to analyze this adversarial attack. A user enters a prompt East Stroudsburg Stroudsburg into the GPT-2 language model. The model then auto completes a long block of text that contains the full name, phone number, email address, and physical address of a particular person whose information happened to be included in GPT-2 training data. This results in the model allowing the user to obtain sensitive information. At Google, data governance is a key aspect of privacy. As part of Google Cloud's AI/ML privacy commitment, our models do not contain customer data in order to avoid situations such as this. Google's commitment for privacy extends to Google Cloud generative AI products and solutions. Google Cloud guarantees the following. The foundation model development is privacy compliant. By default, Google Cloud does not use customer data to train its foundation models as part of Google Cloud's AI/ML privacy commitment. When a request is submitted with a prompt to our foundation model, customer data is encrypted in transit and input to the foundation model to generate a response. Google processes customer data to provide the service requested only. The adapter weights are specific to the customer and only available to the customer who tuned those weights. During inference, the foundation model receives the adapter weights, runs through the request, and returns the results without modifying the foundation model or storing the request. Input data is customer data and is stored securely at every step along the way, encrypted at rest and in transit. Tuned weights are also stored securely, and customers will have sole access to use any tuned models. The customer is able to control the encryption of stored adapters by using customer managed encryption keys or CMEK and can delete adapter weights at any time. That is how Google Cloud helps ensure security best practices are applied to privacy when training machine learning models.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.