An Unreliable Foundation: Security & Privacy of Large Scale Machine Learning

22 September 2021
Presented by Nicholas Carlini (Google)


Abstract

Instead of training neural networks to solve any one particular task, it is now common to train neural networks to behave as a “foundation” upon which future models can be built. Because these models train on unlabeled and uncurated datasets, their objective functions are necessarily underspecified and not easily controlled.

In this talk I argue that while training underspecified models at scale may benefit accuracy, it comes at a cost to security and privacy. Compared to their supervised counterparts, large underspecified models are more easily attacked by adversaries. As evidence, I give three case studies where larger models are less reliable across three different problem setups. Addressing these challenges will require new solutions than those that have been studied in the past.


See video on YouTube