LLM watermarks are still fragile

Hugging Face has teamed up with Wiz to enhance security within its platform and the broader AI/ML community. Wiz specializes in cloud security, aiding clients in developing and maintaining secure software practices. The collaboration focuses on Cloud Security Posture Management (CSPM). Hugging Face uses multiple Kubernetes clusters across several regions and cloud providers, so a centralized security management is helpful.

The article underscores the risks associated with Pickle files, a widely used serialization format in ML and the default for PyTorch model weights. Loading a pickle file can expose systems to code injection attacks. In response, Hugging Face is exploring Safetensors, a new serialization format for weights designed to be more secure.

Security measures implemented by Hugging Face include Picklescan, developed in partnership with Microsoft, Safetensors, a secure alternative to pickle files, a bug bounty program, malware scanning, secret scanning to detect hardcoded passwords or API keys in code, and accepting models only from trusted sources.

In the past, contact centers relied solely on phone calls to manage customer interactions. However, today's contact centers have expanded to include multiple channels such as email, social media, and chatbots. Sentiment analysis helps contact centers identify calls that require escalation or further support in real-time. Additionally, AI tools can summarize calls and automate note-taking, allowing agents to focus more on other customer needs. Instead of traditional IVR (Internal Voice Recording) systems, artificially intelligent routing can predict why a customer is calling and direct them to the most appropriate agent. Data and AI are used to measure customer sentiment during interactions and summarize calls afterward. Contact centers typically set goals around measuring customer experience, including metrics such as CSAT (Customer Satisfaction Score), sentiment analysis, first call resolution, average handle time, digital resolution rate, and digital containment rate (metric that assesses a chatbot's ability to address user queries and issues without the need for human intervention).

This article interviews an expert in customer service experience management about the use of AI in this field. According to the expert, once a consumer makes a decision to buy, 80% of their decision to continue doing business with a brand depends on the quality of their customer service experience. Emerging AI applications are revolutionizing efficiency in customer service, including sentiment analysis, co-pilots that aid employees in resolving customer issues, and integration tools for the whole of the customer journey. As an example of the latter, instead of customers initiating contact with a chatbot or contact center, AI tools can proactively identify issues with a customer's device in advance. This early detection allows the AI system to redirect the customer to a live chat with a representative. An example of tools for employees is note-taking. The expert claims that spending 30 to 60 seconds on note-taking for each of 1,000 employees can cost millions of dollars annually. The recommendation is to prioritize clear, high-probability use cases for efficiency gains in specific tasks. Finally, AI and machine learning play a crucial role in identifying areas of variability within business processes – something often seen as a goal for large businesses, and for which Starbucks is considered a typical example. Maintaining consistency across global operations significantly contributes to the overall customer experience and brand reputation.

Watermarking involves embedding hidden patterns in AI-generated text, enabling computers to recognize that the text originates from an AI system. With the European Union's AI Act coming into effect in May, developers will be mandated to watermark AI-generated content. However, a paper from ETH Zürich scrutinized five different watermarking methods, revealing that they were susceptible to attacks, achieving over 80% success rate. These attacks can be categorized into two types: spoofing attacks and watermark removal attacks. Spoofing attacks enable malicious actors to exploit stolen watermark information to produce text that appears to be watermarked. Watermark removal attacks allow hackers to erase watermarks from AI-generated text, making it indistinguishable from human-written content.

Alex Reben, from OpenAI, is interested in the intersection of AI and art. He notes that traditional roles like artists painting products for advertisements, such as cans of peaches for magazines or billboards, have largely disappeared. This shift is attributed to the advent of photography, which made capturing images more accessible to everyone. However, Reben highlights that fine-art photography still requires a significant level of skill, and that photography has influenced subsequent art movements. Rather than using AI to replicate photographic reality, artists might emerge that create new forms of representation – equivalent to movements like Impressionism and Cubism.

This paper, which will appear in the High Confidence Computing journal, presents a survey of Large Language Models (LLMs) in relation to their security and privacy, classified into positive impacts, negative impacts, and vulnerabilities with corresponding defenses. It covers the beneficial uses of LLMs in enhancing code security (e.g., through test case generation, vulnerability identification), data privacy (by identifying personal data), and detecting and mitigating network security threats. It addresses the potential for LLMs to be exploited in executing various cyberattacks, including hardware-level, OS-level, software-level, network-level, and particularly user-level attacks which deal with social engineering and over-reliance on content generated by LLMs. The document further delves into inherent vulnerabilities within LLMs, such as data poisoning, backdoor attacks (manipulating the model), and prompt injection. The paper also outlines defense strategies such as data cleaning, adversarial training, instruction pre-processing to remove malicious prompts, and post-processing to remove toxic outputs.

Infrastructure as code (IaC) manages and provisions IT infrastructure using machine-readable code by enabling automation, consistency across the environments, reproducibility, version control, error reduction and enhancement in scalability. Automation of IaC is a necessity and example frameworks include HashiCorp’s Terraform, Ansible, Puppet and Chef. However, IaC orchestration is often a painstaking effort which requires specialized skills as well as a lot of manual intervention. The paper explores the feasibility of using Large Language Models (LLMs) for IaC, where it can handle tasks such as generating configuration files for IaC tools as well as static analysis of instructions and of code being deployed. The challenges mentioned include the steep learning curve, over-reliance, security risks and maintaining an LLM-based infrastructure.