OpenAI Wants to TRACK GPUs?! They Went Too Far With This…

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
open aai released a lengthy blog post going over their new ideas about AI Safety and Security and a lot of it has me scratching my head some of it makes sense but other parts of it make it clear that they are going all in on the Clos sourced architecture and it makes me really thankful that meta a company the size of meta is going all in on the open source model so we're going to look at this blog post today and I'm going to share my thoughts and go through it together with you so let's get into it so here's the blog post reimagining secure infrastructure for advanced Ai and open AI calls for an evolution in infrastructure security to protect Advanced AI so here they say we're sharing six security measures that we believe will complement the security controls of today and contribute to the protection of advanced AI here they talk about their mission that's fine first the threat model AI is the most strategic and sought-after Technology of our time it is pursued with Vigor by sophisticated cyber threat factors with strategic aims and then at open AI we want to defend against it now immediately this is where I diverge from open ai's opinion on Safety and Security and really the entire approach to AI protecting model weights is an important priority for many AI developers model weights are the output of the model training process so immediately they are saying protecting model weights not open source not open weights so this is already very different from what I believe the future future of artificial intelligence should look like I am a big proponent of open-source AI but right at the very top of this blog post they are already saying they don't believe that and if you're not familiar with what model weights are they're actually going to describe what they are in detail so I'll get to that in a moment model training combines three essential ingredients sophisticated algorithms curated training data sets and vast amounts of computing resources now two of the three of those things are very difficult to get sophisticated algorithms everybody pretty much has these ideas already with these algorithms there isn't some silver bullet that we're going to get all of a sudden that leads us to AGI it's going to be very incremental as many AI leaders have said now curated training data sets for the most part these data sets are actually publicly available making them high quality on the other hand is very difficult having a very high quality training data set and especially getting data sets that are not publicly available are very unique is actually very difficult and very expensive that is why Elon Musk shut down the X API that is why Reddit shut down their API essentially all of these companies that have immense data sets that are not public that are really owned by these individual companies are protecting them more and more and last vast amounts of computing resources this is the most costly element of the three ingredients necessary to train a model now you can train small models and find fune smaller models on pretty mediocre Hardware but if you want to train Frontier models like llama 3 you have to spend a lot of money getting gpus all right so what are model weights the resulting model weights are sequences of numbers stored in a file or series of files so basically the model weights are the output of the training process and the model weights inform the model on how to process the prompts essentially AI developers may wish to protect these files because they embody the power and potential of the algorithms training data and Computing resources that went into them here they go on to talk about how large language models are actually being used and where the utility is being found and they say from online use that makes sense in order to power tools like chat GPT users must be able to send API requests in order to develop new AI models model weights must be deployed to research infrastructure so researchers can perform model training and they go on to say while this enables the exploration of new scientific Frontiers research infrastructure and credentials that provide access to it also represent potential attack surface this is true now their conclusion from this fact is something I disagree with they say well if that's a potential attack surface we should just shut down the model weights we should close it up and not allow other people to get access to it and obviously I've mentioned it already in this video and many other videos that I've made I don't believe that I think model weight should be freely accessible and that is the way to harden the infrastructure model weights are merely files that must be decrypted and deployed in order to be used and if the infrastructure and operations providing their availability are compromise the model weights are liable to be stolen again a big assumption that closed source is the way to go thanks to the sponsor of this video Domo AI if you're ready to take your creativity to the next level Domo AI is for you it is your ultimate AI companion for transforming ordinary content into extraordinary masterpieces and Domo is more than just just an AI tool it is your gateway to a world of endless creativity right from Discord with Domo AI you can breathe life into your videos and images turning them into captivating works of art so let me just talk about a couple features that Domo has so if you simply type slide you can turn your videos into endless different styles from mesmerizing anime Aesthetics to vibrant 3D cartoons and so much more then there's slash MO move so if you've ever wanted to make one of your characters dance or jump or walk around and interact with surroundings this is the command for you this uses Domo ai's motion capture technology which will bring your characters to life like you've never seen and then they have SLG which allows you to create stunning images just from a simple text description then you can type slash animate and take those static images or really any image and bring them to life in video which will add movement flare and make it look really awesome Domo AI has flexible subscription plans so you can find which one is right for you and they also have standard and pro plans which include unlimited credits so check out Domo AI join the Domo AI server today and unlock your creativity join today and get 10% off with Domo AI I'll drop all of the information in the description below now back to the video so here they start to describe their new thinking about the infrastructure and how to secure their infastructure and here's something that looks really nice on the surface but if you think about it for more than 2 seconds it's obvious what they're trying to do our security program has sought to Manifest this principle via voluntary security commitments provided to the White House now that sounds all well and good they're voluntarily saying hey this is what we're going to do to secure our AI however they are likely also going to be pushing to make that the standard and this is also known as regulatory C capture if their approach is the standard and then you have to go through governmental approval to apply to the standard and to obey the standard then all of a sudden small companies have a much bigger hurdle to deploy Cutting Edge artificial intelligence and that makes competition much less for open AI so in the spirit of shared work and shared responsibility that bonds all security teams today we are sharing six security measures for advanced AI infrastructure that's so nice that they're sharing the security measures but not sharing the model weights all right so here are the six I'm not going to read them we're going to go through them one by one in detail first trusted Computing for AI accelerators emerging encryption and Hardware security technology like confidential Computing offer the promise of protecting model weights and inference data by extending trusted Computing Primitives beyond the CPU host and into AI accelerators themselves and AI accelerators they're really talking about gpus for the most part Maybe lpus in the future from Gro but they're really just talking about gpus right now extending cryptographic protection to the hardware layer has the potential to achieve the following properties and this is really scary to me and hopefully I'm misreading it but I don't think I am gpus can be cryptographically attested for authenticity and integrity what does that actually mean that means if you buy a piece of Hardware from Nvidia that it is going to be signed like DRM meaning that is approved to run AI models to accelerate AI models so who gets to authorize that piece of hardware and if you're a small company building your own Hardware now you have this additional layer of approvals to go through to get your Hardware to Market and yeah this is really scary I don't really want my GPU to be signed I want my GPU to be anonymous so gpus having cryptographic Primitives can enable model weights to remain encrypted until they are staged and loaded on the GPU so am I misreading this tell me if I'm wrong I am not an expert in cryptography so maybe I am misunderstanding what they're trying to get at here but it pretty much sounds like there's going to be some kind of signature on each piece of Hardware that allows you to run Ai and that sounds absurd because if there's a signature on it that also means they can revoke the signature and who gets to decide that so gpus having unique cryptographic identity can enable model weights and inference data to be encrypted for specific gpus or groups of gpus yeah I don't think I'm Mr reading this this is exactly what it means fully realized this can enable model weights to be decryptable only by gpus belonging to authorized parties oh my God this is so crazy to me this is absurd I could not disagree more with this approach because again who gets to decide all right next Network and tenant isolation guarantees air gaps are often cited as an essential security mechanism and that is not unfounded Network segmentation is a powerful control used to protect sensitive workloads like the control systems for critical infrastructure this is completely true air gaps is a practice that has been around for a long time and that essentially means let's say you have a laptop it does not have a network connection it does not have Bluetooth it has no way to interact with the outside world or if it does it can only interact with a certain set of computers it's really cut off from the broader internet so instead we prioritize flexible Network isolation that allows AI systems to work offline line separated from untrusted networks including the internet so I guess that's fine as long as it's optional and I of course love the idea of AI systems being able to work offline and so really what they're talking about is designing networks that are very isolated in nature and that's fine for really sensitive workloads but I don't believe models and model weights should be treated as extremely sensitive workloads and here they go on again this is all describing very close Source system for example their architecture so the networks that they're describing must eliminate classes of vulnerabilities that could allow a threat actor with access to one tenant to compromise model weights stored in another tenant again the model weights can't get out all right three innovation in operational and physical security for data centers so operations and physical security measures for AI data centers are necessary to ensure resilience against Insider threats that can compromise the confidentiality integrity and availability of the data Center and its workloads so technically I agree that's great we should have Security in the data centers we should have confidentiality we should be able to protect sensitive data but again it goes back to whether or not you believe model weights should be closed Source or not if they're open source none of this security really matters because everybody's going to have access to it anyways and here they go on to describe some common data center security measures next AI specific audit and compliance programs since AI Developers need assurance that their intellectual property is protected when working with infrastructure providers AI infrastructure must be audited for and compliant with applicable security standards and so we have existing standards like sock 2 ISO IEC and nist families will still apply we expect the list will grow to include AI specific security and Regulatory standards that address the unique challenges of securing AI systems now again I believe in securing systems but not necessarily closed source model weights sorry I keep repeating myself but I can't stress that enough security is great model weights should be open so next AI for cyber defense We Believe AI will be transformative for cyber defense and has the potential to level the playing field between attackers and Defenders Defenders across the globe struggle to ingest and analyze signals needed to detect and respond to threats to their networks additionally the resources required to build a sophisticated security program are significant placing meaningful cyber defense Out Of Reach for many and uh I wonder who the many is that they're talking about probably the small companies that they are going to be competing with in the future all of this all of it really sounds like regulatory capture to me and if you haven't seen this talk by Bill Gurley at the all-in summit about regulatory capture I cannot emphasize enough how good this video is this talk it's 36 minutes and he goes through end to endend an experience that he had and how that can extrapolate to the understanding of regulatory capture so please watch this bill Gurley is a goat and this talk is amazing I'll drop a link to it in the description below so AI presents an opportunity to enable cyber Defenders and improve security AI can be incorporated into security workflows to accelerate security engineers and reduce the toil in their work completely agree I have no caveats to that we should and we will be integrating AI into every layer of security and then it's really about who is going to have the best AI model and here's the thing if everything's open source everybody is going to have the best model and it kind of will cancel each other out so attackers and Defenders both have the exact amount of AI quote unquote power and here's the thing I believe the world has more good actors than Bad actors I also believe there are more resources for the good actors than Bad actors and that's why I'm not worried about open source and open weights for AI because ultimately we're not going to have this huge overnight jump in technology or capabilities for AI and especially not for the Bad actors I've heard this again and again from AI thought leaders there is no overnight huge leap in technology for AI it is incremental and it is going to be overtime so that means let's say just for example the best AI model might only be 5 10% better than the the second best AI model and then they go on to say at open AI we use our models to analyze high volume and sensitive security Telemetry that would otherwise be Out Of Reach for teams of human analysts they keep using that term Out Of Reach and again they're really setting themselves up to say this is the standard and if you don't have the resources to have this standard maybe you shouldn't have ai and that's absurd all right number six last resilience redundancy and research we need to test these measures and appreciate that these concepts are likely just the beginning continuous security research is required given the Green Field and swiftly evolving state of AI security I agree with everything they said there this includes research on how to circumvent the measures outlined above as well as to close the gaps that will inevitably be revealed lastly these controls must provide defense in depth there are no Flawless systems and there is no perfect security okay so they're just talking about defense redundancy now which yeah okay I agree with and so that's it those are their ideas on AI Safety and Security and I want to know what you think I am a staunch supporter of open weights open source I am super appreciative of the meta AI team Mark Zuckerberg really he's the decision maker at meta and his Allin attitude on open source is vastly needed because if meta weren't doing it Google's certainly not doing it and open AI is a proponent of completely close Source models well we would be in a very different state today if llama did not exist so again very thankful to The Meta AI team and their positioning in the AI landscape if you enjoyed this video please consider giving a like And subscribe and I'll see you in the next one
Info
Channel: Matthew Berman
Views: 113,507
Rating: undefined out of 5
Keywords: ai, openai, security, ai news, llm, large language model
Id: lQNEnVVv4OE
Channel Id: undefined
Length: 16min 44sec (1004 seconds)
Published: Thu May 09 2024
Related Videos
Ollama UI - Your NEW Go-To Local LLM
Matthew Berman
96K
Elon's Monster GPU Farm, Apple/MSFT Ditch OpenAI, Nintendo AI, Big Claude Updates, Robots, Ollama
Matthew Berman
52K
Generative AI Has Peaked? | Prime Reacts
ThePrimeTime
210K
Yi Large: Surprisingly Great at Logic and Reasoning! (Fully Tested)
Matthew Berman
10K
Ex-OpenAI Employee Reveals TERRIFYING Future of AI
Matthew Berman
245K
Does This Worm Prove We're In a Computer Simulation? 🤯
Matthew Berman
247K
What Is Q*? The Leaked AGI BREAKTHROUGH That Almost Killed OpenAI
Matthew Berman
388K
Why this top AI guru thinks we might be in extinction level trouble | The InnerView
TRT World
829K
Is AI A Bubble?
KnowledgeHusk
235K
The moment we stopped understanding AI [AlexNet]
Welch Labs
598K
The Wait is Over! Gen-3 is OUT! - First Testing & Impressions
MattVidPro AI
27K
Anthropic Founders Share Roadmap to Advance AI
Bloomberg Live
43K
Cosmology in Crisis? Confronting the Hubble Tension
World Science Festival
82K
Run your own AI (but private)
NetworkChuck
1.2M
AI Pioneer Shows The Power of AI AGENTS - "The Future Is Agentic"
Matthew Berman
470K
Stack Overflow stopped caring about developers a long time ago
Coding with Dee
31K
AI says why it will kill us all if we continue. Experts agree.
Digital Engine
1M
AI and the Future of Truth | SXSW 2024
SXSW
3.8K
Nvidia's Breakthrough AI Chip Defies Physics (GTC Supercut)
Ticker Symbol: YOU
1.4M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.