Assessing AI’s acquired knowledge from an organization’s database
Researchers at the University of Surrey have developed software that can assess the amount of data that an artificial intelligence (AI) system has acquired from a digital database of an organization, in response to the increasing global interest in generative AI systems.
This verification software can be used as part of a company’s online security protocol, helping an organisation understand whether an AI has learned too much or even accessed sensitive data.
The software is also capable of identifying whether AI has identified and is capable of exploiting flaws in software code. For example, in an online gaming context, it could identify whether an AI has learned to always win in online poker by exploiting a coding fault.
“In many applications, AI systems interact with each other or with humans, such as self-driving cars in a highway or hospital robots. Working out what an intelligent AI data system knows is an ongoing problem which we have taken years to find a working solution for,” said Dr Solofomampionona Fortunat Rajaona, Research Fellow in formal verification of privacy at the University of Surrey and the lead author of the paper.
“Our verification software can deduce how much AI can learn from their interaction, whether they have enough knowledge that enable successful cooperation, and whether they have too much knowledge that will break privacy. Through the ability to verify what AI has learned, we can give organisations the confidence to safely unleash the power of AI into secure settings,” Rajaona added.
Professor Adrian Hilton, Director of the Institute for People-Centred AI at the University of Surrey, said:
“Over the past few months there has been a huge surge of public and industry interest in generative AI models fuelled by advances in large language models such as ChatGPT. Creation of tools that can verify the performance of generative AI is essential to underpin their safe and responsible deployment. This research is an important step towards maintaining the privacy and integrity of datasets used in training.”