We use cookies to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.
PreferencesDecline AllAccept All

Your Cookie Preferences

We use different types of cookies to optimize your experience on our website. Click on the categories below to learn more about their purposes. You may choose which types of cookies to allow and can change your preferences at any time. Remember that disabling cookies may affect your experience on the website. You can learn more about how we use cookies by visiting our Privacy Policy.

Essential Cookies
Details

These cookies are necessary to the core functionality of our website and some of its features, such as access to secure areas.

Analytics and Customization Cookies
Details

These cookies collect information that can help us understand how our websites are being used. This information can also be used to measure effectiveness in our marketing campaigns or to curate a personalized site experience for you.

Advertising Cookies
Details

These cookies are used to enhance the performance and functionality of our websites but are nonessential to their use. However, without these cookies, certain functionality (like videos)may become unavailable.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Decline AllConfirm my Choices
Back

Essential Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
Back

Analytics and Customization Cookies

Name
Purpose
Marketo Munchkin
Marketo's custom JavaScript tracking code, called Munchkin, tracks all individuals who visit your website so you can react to their visits with automated marketing campaigns.
Name
Purpose
Google Tag
The Google tag (gtag.js) is a single tag you can add to a website to use a variety of Google products and services (e.g., Google Ads, Google Analytics, Campaign Manager, Display & Video 360, Search Ads 360).
Back

Performance and Functionality Cookies

Name
Purpose
LinkedIn Insight
The LinkedIn Insight Tag is a snippet of JavaScript code that loads a small library of functions you can use to track Linkedin ad-driven visitor activity on your website.
Back

Advertising Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
August 9, 2022
-
4
minute read

Introducing the ML Model Attribution Challenge

Author
Authors
Hyrum Anderson
Hyrum is our CTO.

Call for Contestants to Compete in the Machine Learning Model Attribution Challenge

Beginning with the announcement of GPT-2 in 2019, large language models (LLMs) have enabled the generation of text with "unprecedented quality." While they have great potential as a force for good, however, there are also reasonable concerns that bad actors could repurpose LLMs for malicious use, fine-tuning them to spread misinformation at scale, undermine elections, distort public discourse, or harm public health. Today, no general technical method has been widely deployed to track LLMs as “Weapons of Mass Distortion.”

To this end, organizers from Robust Intelligence, Lincoln Network, MITRE, Hugging Face, and Microsoft Security invite AI researchers, infosec professionals, and academics to participate in the ML Model Attribution Challenge, which invites contestants to develop creative technical solutions to discover the provenance of fine-tuned LLMs. Contestants will attempt to reliably determine the underlying base model of an anonymous online service.

Context: Tracking Weapons of Mass Distortion

Some argue that AI can be used to create text that is nearly indistinguishable from human-written text. Left unchecked, this technology might have serious implications for our society and economy. But a form of “AI forensics” may enable tracking and mitigation.

“Many of these AI models seem to leave behind faint traces,” says Deepesh Chaudhari, Senior Fellow at the Plaintext Group. “There may be certain characteristics or patterns in the outputs of large language models that are a product of a plethora of datasets and design decisions that go into fine-tuning a base model. They are a bit like fingerprints.” The goal of ML Model attribution is to track the original source of an AI-based influence campaign. By discovering the base model in use, one might predict future outputs generated by the same model. This could help combat LLM-driven influence campaigns at scale.

Chaudhari notes the connection of the competition to larger efforts with the same goal. “Our group's recent work on machine learning model attribution is very different from synthetic text detection. While the latter aims to determine whether a text is synthetic, the former looks at pre-trained models and attempts to identify which one was used to generate a given output. This would be an important step towards achieving the goal of the IAEA’s Misinformation CRP, and towards building AI Safety coordination efforts at a UN agency, as it will allow us long-term monitoring of how AI systems are evolving.”

Participating in the Competition

Officially kicking off at DEFCON AIVillage, the ML Model Attribution Challenge (MLMAC) will run for four weeks from August 12, 2022, anywhere on Earth (AoE), through September 9, 2022. Contestants can register and participate by visiting the website.

Contestants are presented with a scenario in which a naive adversary has stolen a LLM and fine-tuned it for a specific task. The owners of the base models did not make any attempt to watermark their models, and the base models have subsequently been fine-tuned to a specific task. Participants are given full API access to base models, but only gated access to fine-tuned models through an API that anonymizes the identity of the fine-tuned models and counts queries. By collecting evidence that connects the fine-tuned to underlying base models, contestants must submit a solution in the form of (fine-tuned model, base model) pairs.

Besides a chance to contribute to a burgeoning field of AI forensics, at stake is a share of up to USD $10,000. Winners will be selected by evaluation criteria that include:

(1) Correctness of the submitted results,

(2) Number of queries required to access to the fine-tuned models, and

(3) Submission time.

To be awarded a prize, a winning team must publish their solution. To allow for a variety of backgrounds to participate, publishing might mean a conference submission, an arXiv preprint, or even a blogpost. First and second places include cash equivalent of USD $3,000 and $1,500, respectively. In addition, up to three student bonus awards will be granted to undergraduate or graduate degree-seeking students at an accredited university for a USD $1,500 travel voucher plus admission to attend either CAMLIS 2022 in October or SATML 2023.

The ML Model Attribution Challenge is a contest sponsored by some of the leading AI and security companies in the world. The goal of the challenge is to develop creative techniques in ML Model attribution. The most successful entrants in the competition should be able to predict, using creative techniques, which pre-trained models were used to produce a subsequent fine-tuned model with the highest accuracy and the fewest queries to fine-tuned models.

Competition Details

  • The competition runs from August 12, 2022, AoE, through September 9, 2022.
  • Registration will remain open through the duration of the competition.
  • Winners will be announced in late September, and will be contacted via the email address provided during solution submission.
  • Prizes totaling up to USD $10,000 for first place, second place, and student bonus prizes will be awarded.

Societal and Business Risks of AI

This competition is part of a broader effort to address the risk associated with developing and deploying AI systems.

Competition organizers are collaborating with researchers at Hugging Face, Microsoft Security, MITRE, OpenAI, Anthropic, and other leading organizations to address societal risk. As highlighted by BCG, capable AI platforms must adhere to societal guidelines every bit as much as they adhere to technical guidelines for responsible AI development. The ML Model Attribution Challenge aims to drive awareness and technical methods that will instill accountability in the organizations that develop and deploy AI systems.

Our customers at Robust Intelligence understand that AI risk is business risk. They want to ensure that the systems are operationally reliable, that outcomes are ethical, and that they are secure from threat actors that might exploit a growing attack surface of deployed AI. Organizations must be empowered to know what their AI models are doing, especially in settings not originally envisioned by the developers. The combination of stress testing pre-deployment, continuously testing and monitoring post-deployment, and protecting against bad inputs help organizations be proactive about maximizing business value while minimizing risk.

About Robust Intelligence

Robust Intelligence is an end-to-end machine learning integrity solution that proactively eliminates failure at every stage of the ML lifecycle. From pre-deployment vulnerability detection and remediation to post-deployment monitoring and protection, Robust Intelligence gives organizations the confidence to scale models in production across a variety of use cases and modalities. This enables teams to harden their models and stop bad data from entering AI systems, including adversarial attacks.

Author
Authors
Hyrum Anderson
Hyrum is our CTO.
Share article
Social

Follow us on LinkedIn

Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.

Related articles

April 2, 2024
-
3
minute read

Robust Intelligence Partners with CrowdStrike to Bring Our Real-Time AI Security Telemetry to Falcon LogScale

For:
March 28, 2024
-
4
minute read

AI Governance Policy Roundup (March 2024)

For:
March 27, 2024
-
5
minute read

AI Cyber Threat Intelligence Roundup: March 2024

For:
+   More Articles

Related articles

No items found.
+   More Articles

Ready to learn more?

See why we’re the enterprise choice for AI application security.
Get a Demo
August 9, 2022
-
4
minute read

Introducing the ML Model Attribution Challenge

Author
Authors
Hyrum Anderson
Hyrum is our CTO.

Call for Contestants to Compete in the Machine Learning Model Attribution Challenge

Beginning with the announcement of GPT-2 in 2019, large language models (LLMs) have enabled the generation of text with "unprecedented quality." While they have great potential as a force for good, however, there are also reasonable concerns that bad actors could repurpose LLMs for malicious use, fine-tuning them to spread misinformation at scale, undermine elections, distort public discourse, or harm public health. Today, no general technical method has been widely deployed to track LLMs as “Weapons of Mass Distortion.”

To this end, organizers from Robust Intelligence, Lincoln Network, MITRE, Hugging Face, and Microsoft Security invite AI researchers, infosec professionals, and academics to participate in the ML Model Attribution Challenge, which invites contestants to develop creative technical solutions to discover the provenance of fine-tuned LLMs. Contestants will attempt to reliably determine the underlying base model of an anonymous online service.

Context: Tracking Weapons of Mass Distortion

Some argue that AI can be used to create text that is nearly indistinguishable from human-written text. Left unchecked, this technology might have serious implications for our society and economy. But a form of “AI forensics” may enable tracking and mitigation.

“Many of these AI models seem to leave behind faint traces,” says Deepesh Chaudhari, Senior Fellow at the Plaintext Group. “There may be certain characteristics or patterns in the outputs of large language models that are a product of a plethora of datasets and design decisions that go into fine-tuning a base model. They are a bit like fingerprints.” The goal of ML Model attribution is to track the original source of an AI-based influence campaign. By discovering the base model in use, one might predict future outputs generated by the same model. This could help combat LLM-driven influence campaigns at scale.

Chaudhari notes the connection of the competition to larger efforts with the same goal. “Our group's recent work on machine learning model attribution is very different from synthetic text detection. While the latter aims to determine whether a text is synthetic, the former looks at pre-trained models and attempts to identify which one was used to generate a given output. This would be an important step towards achieving the goal of the IAEA’s Misinformation CRP, and towards building AI Safety coordination efforts at a UN agency, as it will allow us long-term monitoring of how AI systems are evolving.”

Participating in the Competition

Officially kicking off at DEFCON AIVillage, the ML Model Attribution Challenge (MLMAC) will run for four weeks from August 12, 2022, anywhere on Earth (AoE), through September 9, 2022. Contestants can register and participate by visiting the website.

Contestants are presented with a scenario in which a naive adversary has stolen a LLM and fine-tuned it for a specific task. The owners of the base models did not make any attempt to watermark their models, and the base models have subsequently been fine-tuned to a specific task. Participants are given full API access to base models, but only gated access to fine-tuned models through an API that anonymizes the identity of the fine-tuned models and counts queries. By collecting evidence that connects the fine-tuned to underlying base models, contestants must submit a solution in the form of (fine-tuned model, base model) pairs.

Besides a chance to contribute to a burgeoning field of AI forensics, at stake is a share of up to USD $10,000. Winners will be selected by evaluation criteria that include:

(1) Correctness of the submitted results,

(2) Number of queries required to access to the fine-tuned models, and

(3) Submission time.

To be awarded a prize, a winning team must publish their solution. To allow for a variety of backgrounds to participate, publishing might mean a conference submission, an arXiv preprint, or even a blogpost. First and second places include cash equivalent of USD $3,000 and $1,500, respectively. In addition, up to three student bonus awards will be granted to undergraduate or graduate degree-seeking students at an accredited university for a USD $1,500 travel voucher plus admission to attend either CAMLIS 2022 in October or SATML 2023.

The ML Model Attribution Challenge is a contest sponsored by some of the leading AI and security companies in the world. The goal of the challenge is to develop creative techniques in ML Model attribution. The most successful entrants in the competition should be able to predict, using creative techniques, which pre-trained models were used to produce a subsequent fine-tuned model with the highest accuracy and the fewest queries to fine-tuned models.

Competition Details

  • The competition runs from August 12, 2022, AoE, through September 9, 2022.
  • Registration will remain open through the duration of the competition.
  • Winners will be announced in late September, and will be contacted via the email address provided during solution submission.
  • Prizes totaling up to USD $10,000 for first place, second place, and student bonus prizes will be awarded.

Societal and Business Risks of AI

This competition is part of a broader effort to address the risk associated with developing and deploying AI systems.

Competition organizers are collaborating with researchers at Hugging Face, Microsoft Security, MITRE, OpenAI, Anthropic, and other leading organizations to address societal risk. As highlighted by BCG, capable AI platforms must adhere to societal guidelines every bit as much as they adhere to technical guidelines for responsible AI development. The ML Model Attribution Challenge aims to drive awareness and technical methods that will instill accountability in the organizations that develop and deploy AI systems.

Our customers at Robust Intelligence understand that AI risk is business risk. They want to ensure that the systems are operationally reliable, that outcomes are ethical, and that they are secure from threat actors that might exploit a growing attack surface of deployed AI. Organizations must be empowered to know what their AI models are doing, especially in settings not originally envisioned by the developers. The combination of stress testing pre-deployment, continuously testing and monitoring post-deployment, and protecting against bad inputs help organizations be proactive about maximizing business value while minimizing risk.

About Robust Intelligence

Robust Intelligence is an end-to-end machine learning integrity solution that proactively eliminates failure at every stage of the ML lifecycle. From pre-deployment vulnerability detection and remediation to post-deployment monitoring and protection, Robust Intelligence gives organizations the confidence to scale models in production across a variety of use cases and modalities. This enables teams to harden their models and stop bad data from entering AI systems, including adversarial attacks.

Author
Authors
Hyrum Anderson
Hyrum is our CTO.
Share article
Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.
Blog

Related articles

June 7, 2021
-
5
minute read

How Does Your Favorite ML Library Handle Bad Data?

For:
November 23, 2021
-
6
minute read

Machine Learning Actionability: Fixing Problems with Your Model Pipelines

For:
February 16, 2023
-
3
minute read

Fairness and Bias Testing with Robust Intelligence

For:
No items found.
+   More Articles

Achieve AI Integrity Today

Request a Demo