Sunday, May 26, 2024

US intelligence agencies' embrace of generative AI is at once wary and urgent

Frank Bajak
Fri, May 24, 2024 




ARLINGTON, Virginia (AP) — Long before generative AI's boom, a Silicon Valley firm contracted to collect and analyze non-classified data on illicit Chinese fentanyl trafficking made a compelling case for its embrace by U.S. intelligence agencies.

The operation's results far exceeded human-only analysis, finding twice as many companies and 400% more people engaged in illegal or suspicious commerce in the deadly opioid.

Excited U.S. intelligence officials touted the results publicly — the AI made connections based mostly on internet and dark-web data — and shared them with Beijing authorities, urging a crackdown.

One important aspect of the 2019 operation, called Sable Spear, that has not previously been reported: The firm used generative AI to provide U.S. agencies — three years ahead of the release of OpenAI’s groundbreaking ChatGPT product — with evidence summaries for potential criminal cases, saving countless work hours.

“You wouldn’t be able to do that without artificial intelligence,” said Brian Drake, the Defense Intelligence Agency's then-director of AI and the project coordinator.

The contractor, Rhombus Power, would later use generative AI to predict Russia’s full-scale invasion of Ukraine with 80% certainty four months in advance, for a different U.S. government client. Rhombus says it also alerts government customers, who it declines to name, to imminent North Korean missile launches and Chinese space operations.

U.S. intelligence agencies are scrambling to embrace the AI revolution, believing they’ll otherwise be smothered by exponential data growth as sensor-generated surveillance tech further blankets the planet.

But officials are acutely aware that the tech is young and brittle, and that generative AI — prediction models trained on vast datasets to generate on-demand text, images, video and human-like conversation — is anything but tailor-made for a dangerous trade steeped in deception.

Analysts require “sophisticated artificial intelligence models that can digest mammoth amounts of open-source and clandestinely acquired information,” CIA director William Burns r ecently wrote in Foreign Affairs. But that won't be simple.

The CIA’s inaugural chief technology officer, Nand Mulchandani, thinks that because gen AI models “hallucinate” they are best treated as a “crazy, drunk friend” — capable of great insight and creativity but also bias-prone fibbers. There are also security and privacy issues: adversaries could steal and poison them, and they may contain sensitive personal data that officers aren't authorized to see.

That's not stopping the experimentation, though, which is mostly happening in secret.

An exception: Thousands of analysts across the 18 U.S. intelligence agencies now use a CIA-developed gen AI called Osiris. It runs on unclassified and publicly or commercially available data — what's known as open-source. It writes annotated summaries and its chatbot function lets analysts go deeper with queries.

Mulchandani said it employs multiple AI models from various commercial providers he would not name. Nor would he say whether the CIA is using gen AI for anything major on classified networks.

“It’s still early days,” said Mulchandani, “and our analysts need to be able to mark out with absolute certainty where the information comes from.” CIA is trying out all major gen AI models – not committing to anyone -- in part because AIs keep leapfrogging each other in ability, he said.

Mulchandani says gen AI is mostly good as a virtual assistant looking for "the needle in the needle stack.” What it won’t ever do, officials insist, is replace human analysts.

Linda Weissgold, who retired as deputy CIA director of analysis last year, thinks war-gaming will be a "killer app."

During her tenure, the agency was already using regular AI — algorithms and natural-language processing — for translation and tasks including alerting analysts during off hours to potentially important developments. The AI wouldn’t be able to describe what happened — that would be classified — but could say “here’s something you need to come in and look at.”

Gen AI is expected to enhance such processes.

Its most potent intelligence use will be in predictive analysis, believes Rhombus Power’s CEO, Anshu Roy. “This is probably going to be one of the biggest paradigm shifts in the entire national security realm — the ability to predict what your adversaries are likely to do.”

Rhombus’ AI machine draws on 5,000-plus datastreams in 250 languages gathered over 10-plus years including global news sources, satellite images and data cyberspace. All of it is open-source. “We can track people, we can track objects,” said Roy.

AI bigshots vying for U.S. intelligence agency business include Microsoft, which announced on May 7 that it was offering OpenAI’s GPT-4 for top-secret networks, though the product must still be accredited for work on classified networks.

A competitor, Primer AI, lists two unnamed intelligence agencies among its customers — which include military services, documents posted online for recent military AI workshops show. It offers AI-powered search in 100 languages to “detect emerging signals of breaking events" of sources including Twitter, Telegram, Reddit and Discord and help identify “key people, organizations, locations.” Primer lists targeting among its technology's advertised uses. In a demo at an Army conference just days after the Oct. 7 Hamas attack on Israel, company executives described how their tech separates fact from fiction in the flood of online information from the Middle East.

Primer executives declined to be interviewed.

In the near term, how U.S. intelligence officials wield gen AI may be less important than counteracting how adversaries use it: To pierce U.S. defenses, spread disinformation and attempt to undermine Washington's ability to read their intent and capabilities.

And because Silicon Valley drives this technology, the White House is also concerned that any gen AI models adopted by U.S. agencies could be infiltrated and poisoned, something research indicates is very much a threat.

Another worry: Ensuring the privacy of “U.S. persons” whose data may be embedded in a large-language model.

“If you speak to any researcher or developer that is training a large-language model, and ask them if it is possible to basically kind of delete one individual piece of information from an LLM and make it forget that -- and have a robust empirical guarantee of that forgetting -- that is not a thing that is possible,” John Beieler, AI lead at the Office of the Director of National Intelligence, said in an interview.

It's one reason the intelligence community is not in "move-fast-and-break-things” mode on gen AI adoption.

“We don’t want to be in a world where we move quickly and deploy one of these things, and then two or three years from now realize that they have some information or some effect or some emergent behavior that we did not anticipate,” Beieler said.

It's a concern, for instance, if government agencies decide to use AIs to explore bio- and cyber-weapons tech.

William Hartung, a senior researcher at the Quincy Institute for Responsible Statecraft, says intelligence agencies must carefully assess AIs for potential abuse lest they lead to unintended consequences such as unlawful surveillance or a rise in civilian casualties in conflicts.

“All of this comes in the context of repeated instances where the military and intelligence sectors have touted “miracle weapons” and revolutionary approaches -- from the electronic battlefield in Vietnam to the Star Wars program of the 1980s to the “revolution in military affairs in the 1990s and 2000s -- only to find them fall short,” he said.

Government officials insist they are sensitive to such concerns. Besides, they say, AI missions will vary widely depending on the agency involved. There's no one-size-fits-all.

Take the National Security Agency. It intercepts communications. Or the National Geospatial-Intelligence Agency (NGA). Its job includes seeing and understanding every inch of the planet. Then there is measurement and signature intel, which multiple agencies use to track threats using physical sensors.

Supercharging such missions with AI is a clear priority.

In December, the NGA issued a request for proposals for a completely new type of generative AI model. The aim is to use imagery it collects — from satellites and at ground level – to harvest precise geospatial intel with simple voice or text prompts. Gen AI models don't map roads and railways and "don’t understand the basics of geography,” the NGA’s director of innovation, Mark Munsell, said in an interview.

Munsell said at an April conference in Arlington, Virginia that the U.S. government has currently only modeled and labeled about 3% of the planet.

Gen AI applications also make a lot of sense for cyberconflict, where attackers and defenders are in constant combat and automation is already in play.

But lots of vital intelligence work has nothing to do with data science, says Zachery Tyson Brown, a former defense intelligence officer. He believes intel agencies will invite disaster if they adopt gen AI too swiftly or completely. The models don't reason. They merely predict. And their designers can't entirely explain how they work.

Not the best tool, then, for matching wits with rival masters of deception.

“Intelligence analysis is usually more like the old trope about putting together a jigsaw puzzle, only with someone else constantly trying to steal your pieces while also placing pieces of an entirely different puzzle into the pile you’re working with,” Brown recently wrote in an in-house CIA journal. Analysts work with “incomplete, ambiguous, often contradictory snippets of partial, unreliable information.”

They place considerable trust in instinct, colleagues and institutional memories.

“I don’t see AI replacing analysts anytime soon,” said Weissgold, the former CIA deputy director of analysis.

Quick life-and-death decisions sometimes must be made based on incomplete data, and current gen AI models are still too opaque.

“I don’t think it will ever be acceptable to some president,” Weissgold said, “for the intelligence community to come in and say, ‘I don’t know, the black box just told me so.’”

Frank Bajak, The Associated Press

Attempts to regulate AI’s hidden hand in Americans’ lives flounder in US statehouses

Jesse Bedayn
Thu, May 23, 2024 




DENVER (AP) — The first attempts to regulate artificial intelligence programs that play a hidden role in hiring, housing and medical decisions for millions of Americans are facing pressure from all sides and floundering in statehouses nationwide.

Only one of seven bills aimed at preventing AI’s penchant to discriminate when making consequential decisions — including who gets hired, money for a home or medical care — has passed. Colorado Gov. Jared Polis hesitantly signed the bill on Friday.

Colorado’s bill and those that faltered in Washington, Connecticut and elsewhere faced battles on many fronts, including between civil rights groups and the tech industry, and lawmakers wary of wading into a technology few yet understand and governors worried about being the odd-state-out and spooking AI startups.

Polis signed Colorado’s bill “with reservations,” saying in an statement he was wary of regulations dousing AI innovation. The bill has a two-year runway and can be altered before it becomes law.

“I encourage (lawmakers) to significantly improve on this before it takes effect,” Polis wrote.

Colorado’s proposal, along with six sister bills, are complex, but will broadly require companies to assess the risk of discrimination from their AI and inform customers when AI was used to help make a consequential decision for them.

The bills are separate from more than 400 AI-related bills that have been debated this year. Most are aimed at slices of AI, such as the use of deepfakes in elections or to make pornography.

The seven bills are more ambitious, applying across major industries and targeting discrimination, one of the technology’s most perverse and complex problems.

“We actually have no visibility into the algorithms that are used, whether they work or they don’t, or whether we’re discriminated against,” said Rumman Chowdhury, AI envoy for the U.S. Department of State who previously led Twitter’s AI ethics team.

While anti-discrimination laws are already on the books, those who study AI discrimination say it’s a different beast, which the U.S. is already behind in regulating.

“The computers are making biased decisions at scale,” said Christine Webber, a civil rights attorney who has worked on class action lawsuits over discrimination including against Boeing and Tyson Foods. Now, Webber is nearing final approval on one of the first-in-the-nation settlements in a class action over AI discrimination.

“Not, I should say, that the old systems were perfectly free from bias either,” said Webber. But “any one person could only look at so many resumes in the day. So you could only make so many biased decisions in one day and the computer can do it rapidly across large numbers of people.”

When you apply for a job, an apartment or a home loan, there’s a good chance AI is assessing your application: sending it up the line, assigning it a score or filtering it out. It’s estimated as many as 83% of employers use algorithms to help in hiring, according to the Equal Employment Opportunity Commission.

AI itself doesn’t know what to look for in a job application, so it’s taught based on past resumes. The historical data that is used to train algorithms can smuggle in bias.

Amazon, for example, worked on a hiring algorithm that was trained on old resumes: largely male applicants. When assessing new applicants, it downgraded resumes with the word “women’s” or that listed women’s colleges because they were not represented in the historical data — the resumes — it had learned from. The project was scuttled.

Webber’s class action lawsuit alleges that an AI system that scores rental applications disproportionately assigned lower scores to Black or Hispanic applicants. A study found that an AI system built to assess medical needs passed over Black patients for special care.

Studies and lawsuits have allowed a glimpse under the hood of AI systems, but most algorithms remain veiled. Americans are largely unaware that these tools are being used, polling from Pew Research shows. Companies generally aren’t required to explicitly disclose that an AI was used.

“Just pulling back the curtain so that we can see who’s really doing the assessing and what tool is being used is a huge, huge first step,” said Webber. “The existing laws don’t work if we can’t get at least some basic information.”

That’s what Colorado’s bill, along with another surviving bill in California, are trying to change. The bills, including a flagship proposal in Connecticut that was killed under opposition from the governor, are largely similar.

Colorado’s bill will require companies using AI to help make consequential decisions for Americans to annually assess their AI for potential bias; implement an oversight program within the company; tell the state attorney general if discrimination was found; and inform to customers when an AI was used to help make a decision for them, including an option to appeal.

Labor unions and academics fear that a reliance on companies overseeing themselves means it'll be hard to proactively address discrimination in an AI system before it's done damage. Companies are fearful that forced transparency could reveal trade secrets, including in potential litigation, in this hyper-competitive new field.

AI companies also pushed for, and generally received, a provision that only allows the attorney general, not citizens, to file lawsuits under the new law. Enforcement details have been left up to the attorney general.

While larger AI companies have more or less been on board with these proposals, a group of smaller Colorado-based AI companies said the requirements might be manageable by behemoth AI companies, but not by budding startups.

“We are in a brand new era of primordial soup,” said Logan Cerkovnik, founder of Thumper.ai, referring to the field of AI. “Having overly restrictive legislation that forces us into definitions and restricts our use of technology while this is forming is just going to be detrimental to innovation.”

All agreed, along with many AI companies, that what’s formally called “algorithmic discrimination” is critical to tackle. But they said the bill as written falls short of that goal. Instead, they proposed beefing up existing anti-discrimination laws.

Chowdhury worries that lawsuits are too costly and time consuming to be an effective enforcement tool, and laws should instead go beyond what even Colorado is proposing. Instead, Chowdhury and academics have proposed accredited, independent organization that can explicitly test for potential bias in an AI algorithm.

“You can understand and deal with a single person who is discriminatory or biased,” said Chowdhury. “What do we do when it’s embedded into the entire institution?”

___

Bedayn is a corps member for the Associated Press/Report for America Statehouse News Initiative. Report for America is a nonprofit national service program that places journalists in local newsrooms to report on undercovered issues.

Jesse Bedayn, The Associated Press



White House pushes tech industry to shut down market for sexually abusive AI deepfakes

Matt O'brien And Barbara Ortutay
Thu, May 23, 2024 

The Associated Press


President Joe Biden's administration is pushing the tech industry and financial institutions to shut down a growing market of abusive sexual images made with artificial intelligence technology.

New generative AI tools have made it easy to transform someone's likeness into a sexually explicit AI deepfake and share those realistic images across chatrooms or social media. The victims — be they celebrities or children — have little recourse to stop it.

The White House is putting out a call Thursday looking for voluntary cooperation from companies in the absence of federal legislation. By committing to a set of specific measures, officials hope the private sector can curb the creation, spread and monetization of such nonconsensual AI images, including explicit images of children.

“As generative AI broke on the scene, everyone was speculating about where the first real harms would come. And I think we have the answer,” said Biden's chief science adviser Arati Prabhakar, director of the White House's Office of Science and Technology Policy.

She described to The Associated Press a “phenomenal acceleration” of nonconsensual imagery fueled by AI tools and largely targeting women and girls in a way that can upend their lives.

“If you’re a teenage girl, if you’re a gay kid, these are problems that people are experiencing right now,” she said. “We’ve seen an acceleration because of generative AI that’s moving really fast. And the fastest thing that can happen is for companies to step up and take responsibility.”

A document shared with AP ahead of its Thursday release calls for action from not just AI developers but payment processors, financial institutions, cloud computing providers, search engines and the gatekeepers — namely Apple and Google — that control what makes it onto mobile app stores.

The private sector should step up to “disrupt the monetization” of image-based sexual abuse, restricting payment access particularly to sites that advertise explicit images of minors, the administration said.

Prabhakar said many payment platforms and financial institutions already say that they won't support the kinds of businesses promoting abusive imagery.

“But sometimes it’s not enforced; sometimes they don’t have those terms of service,” she said. “And so that’s an example of something that could be done much more rigorously.”

Cloud service providers and mobile app stores could also “curb web services and mobile applications that are marketed for the purpose of creating or altering sexual images without individuals’ consent," the document says.

And whether it is AI-generated or a real nude photo put on the internet, survivors should more easily be able to get online platforms to remove them.

The most widely known victim of pornographic deepfake images is Taylor Swift, whose ardent fanbase fought back in January when abusive AI-generated images of the singer-songwriter began circulating on social media. Microsoft promised to strengthen its safeguards after some of the Swift images were traced to its AI visual design tool.

A growing number of schools in the U.S. and elsewhere are also grappling with AI-generated deepfake nudes depicting their students. In some cases, fellow teenagers were found to be creating AI-manipulated images and sharing them with classmates.

Last summer, the Biden administration brokered voluntary commitments by Amazon, Google, Meta, Microsoft and other major technology companies to place a range of safeguards on new AI systems before releasing them publicly.

That was followed by Biden signing an ambitious executive order in October designed to steer how AI is developed so that companies can profit without putting public safety in jeopardy. While focused on broader AI concerns, including national security, it nodded to the emerging problem of AI-generated child abuse imagery and finding better ways to detect it.

But Biden also said the administration's AI safeguards would need to be supported by legislation. A bipartisan group of U.S. senators is now pushing Congress to spend at least $32 billion over the next three years to develop artificial intelligence and fund measures to safely guide it, though has largely put off calls to enact those safeguards into law.

Encouraging companies to step up and make voluntary commitments “doesn’t change the underlying need for Congress to take action here,” said Jennifer Klein, director of the White House Gender Policy Council.

Longstanding laws already criminalize making and possessing sexual images of children, even if they're fake. Federal prosecutors brought charges earlier this month against a Wisconsin man they said used a popular AI image-generator, Stable Diffusion, to make thousands of AI-generated realistic images of minors engaged in sexual conduct. An attorney for the man declined to comment after his arraignment hearing Wednesday.

But there's almost no oversight over the tech tools and services that make it possible to create such images. Some are on fly-by-night commercial websites that reveal little information about who runs them or the technology they're based on.

The Stanford Internet Observatory in December said it found thousands of images of suspected child sexual abuse in the giant AI database LAION, an index of online images and captions that’s been used to train leading AI image-makers such as Stable Diffusion.

London-based Stability AI, which owns the latest versions of Stable Diffusion, said this week that it “did not approve the release” of the earlier model reportedly used by the Wisconsin man. Such open-sourced models, because their technical components are released publicly on the internet, are hard to put back in the bottle.

Prabhakar said it's not just open-source AI technology that's causing harm.

“It's a broader problem,” she said. “Unfortunately, this is a category that a lot of people seem to be using image generators for. And it’s a place where we’ve just seen such an explosion. But I think it’s not neatly broken down into open source and proprietary systems.”

——

AP Writer Josh Boak contributed to this report.

Matt O'brien And Barbara Ortutay, The Associated Press

No comments:

Post a Comment