May 2, 2023
As part of the programming celebrating the fifth anniversary of its founding, the School of Computing and Information (SCI) has been hosting a Dean’s Spotlight lecture series, in which researchers from academia and industry deliver presentations of their works in-progress. In February, the SCI welcomed back an alumna of its information science doctoral program, Dr. Nathalie Baracaldo. After earning her PhD from SCI in 2016, Baracaldo joined IBM Research and she currently works there as Manager of AI Security and Privacy Solutions.
Baracaldo’s talk, titled “Can We Make AI Foundation Models Secure, Private and Trustworthy?,” showcased her expertise in “protecting data privacy and machine learning pipelines.” Baracaldo said, “In order to make the entire application secure, you need to make sure that the machine learning pipeline is secure.” Baracaldo focused on “foundational models” of artificial intelligence, exemplified by platforms like ChatGPT. She noted that they are “self-supervised at scale” and use massive amounts of unlabeled data. While recognizing its capacity to provide accurate responses to a range of queries, Baracaldo questioned whether the security of the foundational model was sufficiently robust enough to withstand a number of different threats. Some of these hazards include general uncertainty, antagonistic actors, and the possibility that a model’s training set contains data that skews it towards providing inaccurate information.
These dangers have particular importance when it comes to making sure that data taken from users for training purposes is utilized in both an ethical and legal fashion. Baracaldo noted that companies are often reluctant to share information about how they train their models, due to the risk of disclosing a trade secret or otherwise negatively affecting their reputation. She identified “federated learning” as an alternative approach to AI development that allows for privacy rights to be protected while still aggregating data. While praising the foundational model for its ability to circumvent the need for labeling data, she emphasized that researchers cannot forget about the need “for accountability” in the process of developing such models.
Recordings of this lecture and others in the series be found here. Other recent presentations have concerned applications of augmented reality in the operating room and approaches to integrating artificial intelligence in the classroom.
--Daniel Beresheim