Recognizing the realities of responsible AI

With the advent – and very public failures - of early generative AI implementations, there is a burgeoning business being built around shoring-up AI’s credibility as a neutral source of information and a safe environment in which to interact. Developers of frontier models (those pioneering large language models (LLMs) we hear of today) have been banging the drum of responsible and secure AI since the introduction of ChatGPT in November 2022 started giving the everyday people a sense of their power and potential pitfalls. Initially, the big consulting companies (I imagine!) took a first pass in generating detailed documents describing their clients’ policies around the training and adoption of GenAI models. It’s fair to assume, however, that these were (in most cases) simply built on Weak AI and ML practices of old. But as the need for a neutral voice rapidly arose, the next logical step - as with all tech trends - was an association.

The aptly named Frontier Model Forum was formed a year ago and, as of last month, features all the major players you would expect to show an interest in such an industry syndicate. Recently announcing a US$ 10 million pot (aka the Artificial Intelligence Safety Fund / AISF) earmarked for independent entities researching the responsible development of AI technologies, these companies are laying the groundwork for more independent oversight. Apparently, not a minute too soon. Just last week, current and former employees of OpenAI, Google, and Anthropic issued a dire warning in the form of an open letter describing a scenario where mismanagement could result in “…the loss of control of autonomous AI systems potentially resulting in human extinction.”

While such a statement certainly made me think twice about even bothering with this post – like learning a meteor strike was imminent, my first thought would not be to knock-up an article for LinkedIN – this paragraph alone is evidence that I persevered. Indeed, contextually, even the authors acknowledge that those forewarnings originated from inside their own organizations, in one form or another. But perhaps that was the point. Proclamations underscoring the awesome power of AI countered in the same breath - like a stark realization sending a shockwave through the spine - with a realization of unintended consequences. What the authors of the open letter are characterizing is an atmosphere where the velocity of innovation in the pursuit of profit could result in that doomsday scenario only previously uttered in abstract awe.

Although many may only employ GenAI to author performance reviews [cough] there are indeed real opportunities that are already being publicly pronounced in the sciences and beyond. Even Microsoft’s CEO had to admit that for all the talk about the promise of quantum computing to solve problems of an organic nature, GenAI and GPUs are more than up to the task. Given the issues around actually building a stable quantum computer (more on that in a future post) that’s a good thing, providing the potential to accelerate pharmaceutical drug development, for example. However, underscored in the open letter, these same techniques could be employed to create chemicals that advance the development of biological weapons.

So, what are the fundamental principles of responsible AI these companies are attempting to attain? They are generally categorized as fairness, privacy, inclusiveness, transparency and, ultimately, accountability. Naturally, there is also a drive to promote messaging around security and reliability. The former generally applies to the training of these frontier models, ensuring that during this process biases are not injected into the algorithm. For this, engineers employ extensive fairness-aware auditing, while also assuring interfaces are universally accessible to all individuals. While a natural language interface makes almost any interaction intuitive, generally, the former can only really be achievable through augmented technologies like speech-to-text and text-to-speech. These are generally not native to most GenAI implementations and must therefore be difficult to enforce, however OpenAI partners with Be My Eyes, in an attempt to nurture a community of AI accessibility.

The issue of transparency in the training of AI models is typically (only) amplified after any highly publicized event. The aforementioned negative OpenAI press is not exception, prompting the release of a research paper that purports to provide a peek inside the model, how it operates and what might cause it to misbehave. ?I say purports because I don’t understand a word of it. Fortunately, the nice people at OpenAI recognized this and also created a visualization tool that serves to demonstrate how words in different sentences activate concepts. Anthropic, the frontier model backed by Google and Amazon, did the same just last month, providing a way to pierce the veil of their neural network.

This pretraining, of course, does not account for AI that’s augmented by outside sources. This includes through retrieval augmented generation (RAG), that can greatly supplement large language models by combining them with a retrieval system to provide contextualized responses to queries. Prompt engineering plays a critical role in RAG by guiding the retrieval process. Naturally, in maintaining a philosophy of responsible AI it is critical that no harm is done in the development of these prompts or the supplemental information that is fed into the model.

Approaches to AI security can somewhat help mitigate such eventualities. Again, most LLM operators build extensive protections against threats to the integrity of their systems and the reliability of their results. While it seems the public almost immediately breaks each new LLM introduced, such vulnerabilities are quickly patched. Although the collective conscience of humans has an extraordinary ability to perform mischief on any open system, employing the public for the purposes of Red Teaming is not an ideal long-term strategy for protecting the integrity of these models. That said, these early missteps surely provided internal security organizations with otherwise unimaginable insights into the types of adversarial attacks possible through malicious (or mischievous) prompt injection.

The moral of this story is that the lip service paid to responsible AI by the respective marketing organizations within LLM operators must be backed-up by real actions that specifically demonstrates a commitment to practicing these concepts. While obviously a work-in-progress, each misstep seems to be met with a genuine attempt to alleviate future occurrences. With a technology that has such unimaginable potential, perhaps that’s all we can ask. For to pump the brakes on its unprecedented advancement may come with its own set of unforeseen issues and unintended consequences.