• Hugging Face vulnerabilities revealed.
• Supply chain attacks can get into Hugging Face safetensors.
• That means the whole Hugging Face community could be under threat.

READ NEXT

AI improves with the right additional tools

Recent research has found that the new Hugging Face Safetensors conversion services are vulnerable to supply chain attacks, with hackers able to hijack AI models submitted by users. Reported by The Hacker News, cybersecurity researchers from HiddenLayer discovered that it is “possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform.” The researchers also found that it was possible to “hijack any models that are submitted through the conversion service.”

For those who don’t know, Hugging Face is a collaboration platform used by software developers to host and work together on an infinite number of datasets, machine learning models, and applications, all of which are pre-trained. Users can build, implement, and train these to their choosing.

Vulnerabilities in Hugging Face

Safetensors, a format designed by Hugging Face, store tensors, prioritizing security. Users can also convert PyTorch models to Safetensor through a pull request if desired. Safetensors is in contrast to “pickles,” another format, which may have been exploited by malicious actors to deploy tools such as Mythic and Cobalt Strikes, and run unauthorized code.

The recent revelation of possible vulnerabilities comes as a shock to many of Hugging Face’s 1.2 million registered users. It became evident through the research that malicious pull requests could be accomplished via a hijacked model. Since the service should convert this model, it enables harmful actors to pose as the conversion bot and request modifications to any repository on the platform.

It’s also possible for hackers to extract tokens associated with SFConvertbot. This is a bot made to generate a pull request. These tokens can be extracted, sending out a dangerous pull request to any repository on the Hugging Face site. From here, a threat actor could manipulate the model, even implanting neural backdoors.

According to researchers, “an attacker could run any arbitrary code any time someone attempted to convert their model.” Essentially, a model could be hijacked upon conversion without the user even knowing it.

An attack could result in the theft of a user’s Hugging Face token if they try to convert their personal repository. Hackers may also be able to access datasets and internal models, resulting in malicious interference.

The complexities of these vulnerabilities don’t stop there. An adversary could exploit the ability for any users to submit a conversion request for a public repository, resulting in a possible modification or hijacking of a widely utilized model. That poses a substantial risk to the overall supply chain. Researchers summed this up by saying, “the conversion service has proven to be vulnerable and has had the potential to cause a widespread supply chain attack via the Hugging Face official service.”

Attackers could get access to a container that runs the service, and choose to compromise any models that have been converted by it.

Hugging Face – traditionally, bad things happen afterwards…

READ NEXT

How to run your own AI

The implications go beyond singular repositories. The overall trustworthiness and reliability of the Hugging Face service and its community is under threat.

Co-founder and CEO of Hidden Layer, Chris “Tito” Sestito, emphasized the effects this vulnerability could have on a wider scale, saying, “This vulnerability extends beyond any single company hosting a model. The compromise of the conversion service has the potential to rapidly affect the millions of users who rely on these models to kick-start their AI projects, creating a full supply chain issue. Users of the Hugging Face platform place trust not only in the models hosted there but also in the reputable companies behind them, such as Google and Microsoft, making them all the more susceptible to this type of attack.”

LeftoverLocals

Hidden Layer’s exposure to certain vulnerabilities comes just one month after Trail of Bits revealed a vulnerability known as LeftoverLocals (CVE-2023-4969, Common Vulnerability Scoring System (CVSS) score – 6.5). This particular security flaw enables the retrieval of data from general-purpose graphics processing units (GPGPUs), manufactured by Apple, AMD, Qualcomm, and Imagination. The CVSS score of 6.5 indicates that this vulnerability was on a moderate level of severity, putting sensitive data at risk.

Trail of Bits’ memory leak stemmed from a failure to isolate process memory. Therefore, a local attacker could gain access and read memory from various processes. This includes the interactive sessions of other users within a Large Language Model (LLM).

READ NEXT

Tech tools for business: best text-based video editing apps

The Hugging Face vulnerabilities, as well as those at Trail of Bits, only emphasizes the need for AI technologies to have stricter security protocols in place. Currently, the adoption of AI is growing at such a rate that sufficient security measures cannot keep up. HiddenLayer is one company that is creating solutions for such shortcomings, with its AISec platform offering a range of products designed to protect ML models against malicious code injections and attacks.

Nevertheless, the revelation of Hugging Face’s Safetensors conversion tool issues gives us a stark reminder of the challenges faced by AI and machine learning sectors. Supply chain attacks could put the integrity of AI models at risk, as well as the ecosystems that rely on such technologies. Right now, investigations are continuing into the vulnerability, with the machine learning community on high alert, and more vigilant than ever before.

The post Hugging Face Safetensors vulnerable to supply chain attacks appeared first on TechHQ.

• EU’s Interoperable Europe Act comes into force.
• Open standards, reusability and data exchange.
• Latest in range of laws to limit big tech monopolies.

The adoption on February 6th, 2024, of the EU’s Interoperable Europe Act will help ensure that public bodies in the Community use software and systems that can exchange information and technology freely between them. It aims to promote the reuse of data between public bodies, reducing separate silos of what can be effectively the same information, and to actively deploy and use systems that will make sure that happens easily.

READ NEXT

EU eyes technology sovereignty with its European Chips Act

A vital part of the framework rests on open systems and software that will not hinder public organizations from accessing information from others that’s held behind behind inaccessible barriers, such as paid-for API access, or proprietary (closed) data formats and databases. The de facto choice, therefore, for public bodies’ IT decision-makers should be a combination of free (as in libre) software and open standards.

The text of the Interoperable Europe Act contains a clear definition of free software licenses – “solutions that do not carry restrictive licensing terms, such as open source solutions.” The Act also states that public administrations should prioritize open-source software “when [it is] equivalent in functionalities, total cost, user-centricity, cybersecurity or other relevant objective criteria.” That, unfortunately, gives publicly-funded EU bodies an opt-out clause from using free and open-source software. According to the FSFE (Free Software Foundation Europe), the ambiguous wording in the Act means “the Commission is going in the opposite direction of the ‘Free Software first’ approach that this legislation needs,” and furthermore, “It […] shows a lack of ambition which could have led [the Interoperable Europe Act] to become a real game-changer.”

Lobbying by the FSFE throughout the progress of the IEA succeeded in mandating the Commission to provide an annual report on interoperability solutions for public services. The Act contains what it calls ‘Innovation and Support Measures,’ which include regulatory sandboxes (trial of new services and methods without some of the usual rules applying) to promote policy experimentation and the eventual scaling-up of interoperability solutions for reuse across the EU.

Open standards and interoperability

READ NEXT

Exploring the groundbreaking EU AI Act

Mandatory assessments for interoperability will also become a feature of IT decision-makers’ administrative burden, alongside the existing raft of reporting around data sovereignty, cybersecurity and data usage. To aid choices in technology solutions that use open standards, the Act describes an Interoperable Europe Portal where shared and reusable solutions can be listed and described.

Although, in general, the Interoperable Europe Act is a positive step to engender a more open approach to data exchange and the choice of systems deployed by public bodies, the progress of its implementation will have to be closely monitored. Open standards in technology drive platform agnosticism and vendors of large technology solutions will want to discourage migration away from closed systems to equivalent open-source software and open standards.

The private sector, in the form of big tech companies, has a significant interest in the EU’s public sector procurement processes: the most often-told tale that epitomizes this fact involves Microsoft’s move of its headquarters to near Munich, right around the time when there was significant impetus by city hall to shift its workforce from Microsoft’s platform and services to open-standard formats and vendor-neutral software.

That means that the acid test of the effectiveness of the Interoperable Europe Act will come as public sector technology contracts come due for renewal across Europe.

“European Union Expansion Celebration” by rockcohen is licensed under CC BY-SA 2.0.

The EU is often seen as an area of the world in which large technology companies have a more limited scope to practice compared to, for example, the US. The Digital Services Act and the Digital Markets Act, for example, impose new obligations and potential fines on companies for non-compliance that can amount to 10% of a business’s annual revenue. Under the Digital Markets Act, the European Commission has the authority to break up businesses that are repeat offenders against its legislation. These laws and ensuing powers granted to the intragovernmental body are designed to encourage competition and remove monopolistic practices from the European continent.

With IT playing an increasing and inescapable part of civil life, the EU’s attempts to protect its citizens are inextricably linked with technology, its implementation and use. In the same way as it legislates around drinking water quality, air pollution, and safety in the workplace, its concerns are not anti-business, but pro-people. Its ethos may be not appreciated everywhere in the world, but since the end of World War II, European countries have acted on the realization that peace and prosperity come through unity and collectivism, not unfettered free markets.

Lina Ceballos, FSFE policy project manager, stated, “We will monitor the implementation to make sure that free software reaches its full potential as an enabler of transparent, reusable and shareable solutions. We will also keep a close watch for opportunities where the free software community can engage and by providing its expertise support public administrations throughout the EU in delivering free software interoperable digital services.”

The post Europe becomes data-interoperable – but do its open standards fall short of the mark? appeared first on TechHQ.

• US lawmakers want Biden to impose export restrictions around RISC-V.
• US firms like Qualcomm and Google have embraced RISC-V.
• But would such restrictions damage US business prospects too?
  

The US export controls imposed in late 2022 kept the US busy for a brief period, with the Biden Administration gathering allies and closing all possible loopholes for China to strengthen its technological prowess — especially in semiconductors. Then Huawei released its 5G-enabled Mate 60 smartphone collection, despite the mounting sanctions against the company.

READ NEXT

US-China trade war: New executive order, same old mistakes?

That was enough to trigger the US to want to escalate its technological rivalry with China. China’s evidence of resilience immediately stimulated discussions about the efficacy of the US-imposed sanctions. So now, the US is looking to impede China’s development even further – this time, by targeting RISC-V chip technology.

“We are trying to use every single tool at our disposal to deny the Chinese the ability to advance their technology in ways that can hurt us,” Commerce Secretary Gina Raimondo said after Huawei released the 5G-capable Mate 60 Pro during her visit to the country in late August. Raimondo, like other US lawmakers, has been emphasizing the importance of the US maintaining technological superiority and innovation.

WASHINGTON, DC – SEPTEMBER 19: U.S. Commerce Secretary Gina Raimondo testifies before the House Committee on Science, Space, and Technology at the Rayburn House office building on September 19, 2023 in Washington, DC. Raimondo testified on a one year review of the Chips and Science Act. Kevin Dietsch/Getty Images/AFP (Photo by Kevin Dietsch / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

So, the US is considering restricting American companies from participating in RISC-V, an open-source chip design architecture on which China is doubling down to reduce its dependence on foreign technologies. Two Republican House of Representatives committee chairmen, Republican Senator Marco Rubio and Democratic Senator Mark Warner – are urging President Biden’s administration to take action soon, citing national security grounds.

The move came shortly after the Biden administration warned Beijing of its plans to update rules that curb shipments of AI chips and chip-making tools to China as soon as this month. The Commerce Department, which oversees export controls, is working on an update of export restrictions first released last year. 

The update seeks to limit access to more chipmaking tools in line with new Dutch and Japanese rules, other sources said, and to close some loopholes in export restrictions on AI chips.

What is RISC-V, and why is it the center of the US-China tech war?

RISC-V (pronounced as “risk five”) is an open standard instruction set architecture (ISA) for computing that competes with costly proprietary technology from British semiconductor and software design company Arm Holdings. As a global standard, RISC-V is not controlled by any single company or country. Therefore, it has become a new hope for China to reduce its dependence on foreign intellectual property (IP) suppliers amid an escalating tech war with the US.

RISC-V can be a crucial ingredient for anything from a smartphone chip to advanced processors for AI. According to RISC-V International, the global non-profit home of the open standard RISC-V ISA, related specifications, and stakeholder community, the development of RISC-V specifications is based on contributions that have been made available on a non-proprietary basis or cultivated in the open from members evenly distributed in North America, Europe, and Asia. 

“The only difference is that the marketplace can use these standards without proprietary licenses from a controlling company. Competition does not happen at the standards level. Still, rather competition is at the implementation level,” the organization said, adding that RISC-V has ushered in tremendous potential for companies worldwide to participate in the rapidly growing semiconductor space.

The chief executive of RISC-V International said that possible government restrictions on the open-source technology will slow down the development of new and better chips, holding back the global technology industry.

Experts and analysts have stood firmly by RISC-V, which has grown tremendously in global adoption and influence as the open computer standard. “The entire tech ecosystem benefits from standards being open, whether it’s RISC-V or other popular standards such Ethernet, HTTPS, JPEG, or USB,” Calista Redmond, chief of RISC-V International, said in a blog posting.

Unfortunately, US lawmakers, including both Republican and Democratic senators, are urging the Biden administration to take action on RISC-V on national security grounds, according to a Reuters report. The move marked the first time US politicians have considered restricting the tech standard.

China leads the RISC-V adoption

Despite its origins in 2010 at the University of California, RISC-V is overseen by a Swiss-based non-profit foundation, coordinating efforts among for-profit companies to develop the technology. RISC-V has found favor in China as a potential means to navigate technology restrictions imposed by the US.

This means having access to open standards allows companies, including those from China, to innovate faster and spend their time creating differentiated products rather than trying to reinvent the wheel. “Just as companies everywhere have adopted Ethernet, HTTPS, JPEG, and USB standards, we’re seeing a similar trend for RISC-V as an open standard. The flexibility, extensibility, and scalability of RISC-V give developers unparalleled design freedom,” Redmond stated.

This move aligns with commercial motivations, including cost reduction and diversification away from Arm, the British semiconductor design giant. Under US regulations, Arm faces constraints on selling specific advanced intellectual properties to Chinese clients. 

Similarly, US electronic design automation firm Synopsys can only offer a limited-function version of its software to Chinese companies like Huawei Technologies, as confirmed by a Synopsys engineer during a RISC-V event in Beijing earlier this year.

According to an article by the South China Morning Post (SCMP), Of the 21 premier members of RISC-V International, nearly half are Chinese, including Alibaba Cloud, Huawei, ZTE, and Tencent Holdings. 

READ NEXT

US-China relations – bluster, blunder, and strategy?

“Meanwhile, China has set up a domestic RISC-V alliance. Nine Chinese chip companies – including Alibaba Group Holding’s chip unit T-Head and Shanghai-listed VeriSilicon Holdings – agreed in August to join together, with the condition that members not sue each other over patent infringement.”

Citing Edward Wilford, senior principal analyst of IoT hardware at research company Omdia, SCMP reported that Chinese firms represent 60 to 80% of start-ups using RISC-V. In 2022, global shipments of RISC-V architecture chips exceeded 10 billion units, with half of them coming from China, according to RISC-V International.

“You can stop US firms in RISC-V International from working with Chinese companies, but the collaboration built on RISC-V’s open-standard nature is out there. One can also turn to the internet for the instruction set,” said Wilford. However, the US sees it as Beijing exploiting a culture of open collaboration among American companies to advance its semiconductor industry.

“Communist China is developing open-source chip architecture to dodge our sanctions and grow its chip industry,” Rubio said in a statement to Reuters. “If we don’t broaden our export controls to include this threat, China will one day surpass us as the global leader in chip design.” The lawmakers are urging the Commerce Department to “require any American person or company to receive an export license before engaging with China entities on RISC-V technology.”

In China, executives from Huawei have embraced RISC-V as a pillar of that nation’s progress in developing its chips. The States and its allies also jumped on the technology, with chip giant Qualcomm working with a group of European automotive firms on RISC-V chips, and Alphabet’s Google said it would make Android, the world’s most popular mobile operating system, work on RISC-V chips.

What’s next?

The dynamics of open standard technology is such that if President Biden’s administration were to regulate US companies’ participation in the Swiss-based foundation in the way lawmakers are seeking, it would complicate how American and Chinese companies work together on open technical standards. 

READ NEXT

Apple’s move to ARM expected in ‘chip wars’

Certainly, such measures could obstruct China’s quest for self-reliance in chip manufacturing. But they would also hinder US and European endeavors to create cheaper and more versatile chips.

The question is whether the US can find ways to acknowledge the truth of Rubio’s statement and evolve domestic chip production around it, without shooting itself in the foot over RISC-V.

A tech war for the future of the world?

The post Here’s why restricting China from RISC-V tech would hurt the US appeared first on TechHQ.

• What is Moodle and how is it engaging with the AI education debate?
• The themes for the MoodleMoot Global 2023 included the impact of AI on both education and work.
• Moodle’s 4.3 release will likely fix more than 300 bugs and add a host of new features.

READ NEXT

AI in Edtech – the answer to a growing teaching crisis?

In recent years, technology has enhanced the world of higher education – whether that world wanted it to or not. Given the wide availability of AI tools for both teachers and students though, more needs to be done to help a range of players in this industry navigate the challenges of technologically-enhanced teaching in the modern era.

A new UNESCO survey of over 450 schools and universities around the world found that fewer than 10% have developed institutional policies or formal guidance concerning the use of generative AI applications.

Moodle, however, is pushing the AI conversation forward — especially at this year’s MoodleMoot Global in Barcelona, Spain. Over 700 participants from 56 countries and more than 100 speakers from 24 countries took part in the conference.

Moodlers of the world, unite!

“It’s a place for the community to meet together, learn about what the other people are doing, [and] learn about what Moodle is doing,” event organizer Diego Fabra explained. “They can meet people from the [headquarters and] ask them questions directly. This is something that doesn’t happen in other conferences.”

What is Moodle?

READ NEXT

Edtech, Part 1: How Online Learning Succeeds

Moodle’s open-source learning management system (LMS) is free to download, modify and share with others. It bills itself as the “ultimate expression of the values that unite our community of developers, system administrators, educators, and learners.”

Moodle is actually the world’s most popular LMS, so it has something to back up such press office language. It is used by any number of schools, universities, non-profits and companies to manage their education and training needs. Portsmouth Hospitals University NHS Trust, responsible for running the Queen Alexandra Hospital in Portsmouth, Hampshire, has turned to Titus Learning — a certified, premium Moodle partner — to develop a custom Moodle Workplace solution.

Core teams at Moodle HQ coordinate with over 1000 developers, and the Moodle LMS also has an ever-growing community of Certified Partners, developers, system administrators, educators and learners who write new features, fix bugs, update documentation, and share resources and ideas to constantly evolve the platform.

Since Moodle is modular, users can search and download official plugins from the Moodle Plugin Database. They allow users to extend and customize the LMS’s functions beyond what Moodle has envisioned. This flexibility is what makes Moodle collaborative and community-enhanced.

Moodle’s 4.3 release is set to launch on October 9 and will likely contain more than 300 bug fixes, improvements and new features.

Those new features include an “In Course” communication option that will empower better collaboration. The matrix messaging system will also make working with other messaging systems like Slack and Teams relatively seamless.

The potential of artificial intelligence in eLearning

MoodleMoot Global 2023 covered a wide range of interests and expertise, including:

• The use of augmented and virtual reality in education and training
• How AI is changing education and the workplace
• Building core competencies with Moodle
• Addressing inclusivity and equity with Moodle courses
• Soft skills revolution — strengthening learners’ critical thinking, interpersonal & creative skills
• Using Moodle to support Science, Technology, Engineering, and Mathematics (STEM) delivery

On the morning of Day Three at MoodleMoot Global 2023, a panel discussion explored the transformative power of AI in education and workplace learning. The session, titled “How artificial intelligence is changing education and the workplace” was hosted by Brett Dalto, Head of Education Solutions at Moodle HQ.

It featured a host of experts, including Heikki Wilenius from the University of Helsinki, Tim Hunt from The Open University UK, Elizabeth Dalton from IntelliBoard, Rajnish Kumar from Verificient, and Meghan Mencer of Harnessing Your Potential.

Dalto posed three questions to the panel: are our educational institutions equipped or prepared to address potential AI? How will regulating AI impact the education industry? and how will AI have the greatest positive impact on education?

Moodlin’ along.

Discussing bias in AI, Dalton suggested that we need to broaden our data to be inclusive of all demographics for AI to be unbiased. Conversely, Kumar from Verificient argued that we should consider the intention behind building an AI system rather than focusing on whether AI is biased.

The panelists also raised thought-provoking questions. Hunt, for example, questioned whether we understand the implications of AI well enough to draft effective legislation. The conversation also touched on how current and future generations will adapt to the growing impact of AI in society.

MoodleMoot 2023 covered a lot of ground involved in the AI education debate as it stands in 2023. How many of the issues will be resolved by the time of MoodleMoot 2024? Watch this space.

The post How is Moodle advancing the AI education debate? appeared first on TechHQ.

• The laest AI model by Meta, LLaMA 2, is available to major cloud providers, including Microsoft.
• Qualcomm is scheduled to make LLaMA 2-based AI implementations available on flagship smartphones and PCs starting in 2024.
• LLaMA models are available at three levels of pre-training.

Meta has intensified the generative AI race by unveiling its latest large language model, LLaMA 2, which will be open-source and free for commercial and research use. The move puts the social media company in a position to go head-to-head with OpenAI’s free-to-use GPT-4, which powers tools like ChatGPT and Microsoft Bing.

READ NEXT

Meta teases Quest 3 right before Apple’s WWDC event

Meta’s press release explains the decision to open up LLaMA, to give businesses, startups, and researchers access to more AI tools, allowing for experimentation as a community. In short, the tech giant is sticking to its long-held belief that allowing all sorts of programmers to tinker with technology is the best way to improve it. 

LLaMA 2 will not be limited to researchers. Meta said it is open-sourcing the AI model for commercial use through partnerships with major cloud providers, including Microsoft Corp. “We believe an open approach is the right one for the development of today’s AI models, especially those in the generative space where the technology is rapidly advancing,” Meta said in a blog posting on Tuesday (June 18). 

The Facebook parent company believes making its large language model open-source is a safer option. “Opening access to today’s AI models means a generation of developers and researchers can stress test them, identifying and solving problems fast, as a community. By seeing how others use these tools, our teams can learn from them, improve those tools, and fix vulnerabilities,” the company stated.

Separately, Mark Zuckerberg, in a post on his personal Facebook page, said Meta had a long history of open-sourcing its infrastructure and AI work. “From PyTorch, the leading machine learning framework, to models like Segment Anything, ImageBind, and Dino, to basic infrastructure as part of the Open Compute Project. This has helped us build better products by driving progress across the industry,” he claimed.

Mark Zuckerberg’s Facebook post.

The move by Meta would also establish the company alongside other tech giants as having a pivotal contribution to the AI arms race. For context, Chief Executive Officer Mark Zuckerberg has said incorporating AI improvements into all the company’s products and algorithms is a priority and that Meta is spending record amounts on AI infrastructure. According to Meta, there has been a massive demand for Llama 1 from researchers — with more than 100,000 requests for access to the large language model.

What’s new with the latest AI model by Meta?

LLaMA 2 is the first project to come out of the company’s generative AI group, a new team assembled in February 2023. According to Zuckerberg, LLaMA 2 has been pre-trained and fine-tuned on models with 7 billion, 13 billion, and 70 billion parameters. “LLaMA 2 was pre-trained on 40% more data than LLaMA 1 and had improvements to its architecture,” he said.

YOU MIGHT LIKE

GENERATIVE AI

Can generative AI ever be safe to use with proprietary data?

It also says it “outperforms” other LLMs like Falcon and MPT in terms of reasoning, coding, proficiency, and knowledge tests. For the fine-tuned models, Zuckerberg said Meta had collected more than one million human annotations and applied supervised fine-tuning and reinforcement learning with human feedback (RLHF) with leading results on safety and quality. 

Meta developed and released the LLaMA 2 family of large language models (LLMs), a collection of pretrained and fine-tuned generative text models ranging in scale from 7 billion to 70 billion parameters. Source: Meta

Meta also announced that Microsoft would distribute the new version of the AI model through its Azure cloud service and will run it on the Windows operating system.

Meta said in its blog post that Microsoft was its “preferred partner” for the release. In the generative AI race, Microsoft has emerged as the clear leader through its investment and technology partnership with ChatGPT creator OpenAI, which charges for access to its model.

“Starting today, LLaMA 2 is available in the Azure AI model catalog, enabling developers using Microsoft Azure to build with it and leverage their cloud-native tools for content filtering and safety features. It is also optimized to run locally on Windows, giving developers a seamless workflow as they bring generative AI experiences to customers across different platforms,” the tech giant said.

Meta said LLaMA 2 is available through Amazon Web Services (AWS), Hugging Face, and other providers.

Qualcomm partners with Meta to run LLaMA 2 on phones

Shortly after Meta unveiled LLaMA 2, Qualcomm announced that it is partnering with the tech giant for the new large language model. “Qualcomm Technologies Inc. and Meta are working to optimize the execution of Meta’s LLaMA 2 large language models directly on-device – without relying on the sole use of cloud services,” Qualcomm said.

For the US chip designer, the ability to run generative AI models like LLaMA 2 on devices such as smartphones, PCs, VR/AR headsets, and vehicles allows developers to save on cloud costs and provide users with private, more reliable, personalized experiences. Qualcomm is scheduled to make LLaMA 2-based AI implementation available on devices powered by Snapdragon from 2024 onwards. 

“We applaud Meta’s approach to open and responsible AI and are committed to driving innovation and reducing barriers-to-entry for developers of any size by bringing generative AI on-device,” said Durga Malladi, senior vice president and general manager of technology, planning, and edge solutions businesses, Qualcomm Technologies, Inc. 

Malladi believes that to scale generative AI into the mainstream effectively, AI will need to run on both the cloud and devices at the edge, such as smartphones, laptops, vehicles, and IoT devices.

The post Meta, Microsoft release new AI language model for commercial use appeared first on TechHQ.

• Knowledge graph technology is a new way of visualizing data across organizations.
• It can help inform and guide stronger business decisions.
• It’s using open-source generative AI to deliver focused data.

Knowledge graph technology is re-writing the way in which objects, people, companies and supply chains can be visualized, examined, and mined for data that can help bring efficiency savings, deal with data reporting requirements and a lot more.

In Part 1 of this article, we sat down with Paul Hopton, CTO at Scoutbee, a leading company offering knowledge graph technology to enterprise clients, to understand how it could be used in supply chains.

But while we had Paul in the chair, we decided to take a deeper dive into knowledge graph technology as it applied to corporate governance and better decision-making.

GenAI delivering knowledge graph technology.

THQ:

Correct us if we’re wrong here, but you use generative AI to deliver your knowledge graph technology, right?

PH:

We do, but it’s not… quite ChatGPT as we know it, Captain.

THQ:

Intriguing. How so?

PH:

Effectively we have our knowledge graph, where we capture all the information which we find, and then we make elements of that graph available to the customer. What’s very important, both in terms of thinking about knowledge graph technology, but also AI in general, is having multi-tenancy support.

READ NEXT

Knowledge graphs:  have supply chain data your way with generative AI

Scoutbee – using open-source generative AI to boost business value.

ChatGPT is wonderful, but as it stands, it’s not really designed for thinking about enterprise customers. Or at least, the customers we speak to are very nervous about bringing those kinds of things across into their systems.

So we think that actually training our AI specifically on the customer’s data is a big difference. Once you can actually give that insight into what the customer wants to know, what the AI can learn from their customer’s data, you can actually come to much deeper, more business-valuable conclusions, which gives the customer a competitive advantage.

Knowledge graph technology improves data focus.

THQ:

Ah yes. We’ve spoken to other companies doing different things generative AI, and how it can be used in ways to really boost a company’s productivity, and that seems to be key to all of the standout offerings, that focus on either the area of interest or the company specifically. Training with specific data, rather than training a sort of more generalized AI down into that scenario.

Finding valuable data and drawing business conclusions – priceless.

PH:

Exactly. I mean, you can ask ChatGPT “Who was the star of a 1970s TV film?” And it will give you an answer. You can ask it to explain Foucault’s theorem or, and it will come up with some kind of answer. Which is great in terms of use by the general public, but not strictly relevant to a lot of enterprises.

We’ve built our models on open-source models. They’re smaller, but they don’t need to know anything about TV stars, or mathematicians, or how to bake an apple pie.

They need to know about suppliers, and products, and certifications. They understand geography. They understand things that are pertinent to the task of improving our customers’ knowledge of their own company and their relationships with others.

YOU MIGHT LIKE

GENERATIVE AI

SPLOG – the data management issues facing generative AI

That still means we’ve been working with 7 billion data point models, and we’re now moving up to some 14 billion point models, which give us much better, much more interesting results. But we don’t need to have the same kind of scale that ChatGPT or Bard will do, because we’re solving a niche problem.

That specialist knowledge is really valuable. And having all that information in the knowledge graph database which the AI can interrogate feels exciting, and has been clearly shown to add value to our customers’ businesses.

Knowledge graph technology and open-source.

THQ:

Was it that idea of smaller, more focused generative AI models that drew you to open-source? We remember the ripple of terror that went through the big players when it became clear that the open-source community were getting their hands on generative AI models, precisely because they could do more focused, flexible things with significantly less compute and cost.

PH:

It’s a story we’ve seen time and again. Things which are supposedly going to change the world, and it’s rarely while they’re monopolized by big companies that it happens. All the innovative stuff is now sitting on open-source systems. Information wants to be free, and it’ll will find a way of becoming free. And that’s what the open-source movement is done. And we had to take advantage of that.

We’re comfortable that we can still build a good business model on top of this. Because what we essentially do is use the AI to give people better access to the information which has already been gathering in their systems, and which they shared with us.

It’s that kind of building up that makes the difference. Here’s the data we found from the internet, let’s use it in our knowledge graph technology solution. Here’s the data which you’ve provided, which enriches the knowledge graph.

Knowledge graph technology – like genome sequencing for your business.

Now we’re looking at how we integrate other documents and information that organizations have, to build a much richer AI model for this.

One of the things we talk to our customers about a lot at the moment is the importance of starting to build that out now. If we jump two years into the future, companies that haven’t started engaging with the AI now are going to be having to ask hard questions, and having to answer hard questions from their shareholders.

READ NEXT

The New Challenges in Unstructured Data Management

Knowledge graph technology – norm of the future?

THQ:

Are we confident then that knowledge graph technology is a norm of the future?

PH:

Well… we are, yes. You kind of have to be in it to win it. The people who are working on this now, in two years’ time, will have a very smart, sophisticated AI system, which understands everything that they want to do.

THQ:

That’s the point with generative AI, isn’t it? It was launched with a bang, and it’s had a contradictory life since then, because on the one hand, it’s been adopted by almost everybody and put it into almost everything.

And on the other hand, it’s had quite a few big players and big scientists come back and ask hard questions about whether we really want to do this, as fast as we’re doing it.

But with the open-source option, firstly, you’re not building anything that can necessarily escape its limited data paradigm, and, as is always the case with open-source, it’s the more people you have working on different elements, the more problems you solve.

PH:

Exactly. And I think the capability you have of doing something very destructive is limited when you’re working with a comparatively small open-source model.

Legislation will be necessary at the upper end of the scale, but that’s not really where we are, and the point is, it’s not really where our customers need us to be. They need our models to be focused on their companies, their data points, and their supply chains.

THQ:

As you say, jettison the apple pie recipes.

PH:

Right?

Knowledge graph technology – a new way of looking at data.

There are players in the field who’ve seen the advantage of being able to learn incrementally. Knowledge isn’t a finished thing that you can start at the top left and work down to the bottom right. It grows and grows, organically and in different directions.

That’s why companies like LinkedIn have started using knowledge graph technology – a person’s a person, but graphing what that means and understanding that person through their professional life and their interactions with careers, is quite hard to think about.

LinkedIn uses knowledge graph technology already.

Putting them in a table, that’s maybe nice for a coding exercise if you’re learning a new programming language, but that’s not what you’re ever going to build a business with.

THQ:

A person’s a person, no matter how small… but they’re also a data point with several connecting data points.

PH:

Exactly. I think our typical supplier is probably around 150 interconnected data points. Not mapped in columns and rows, but as a bunch of connected nodes.

And the AI helps us find relationships and nodes which we didn’t see before. And each new relationship and each new node is a potential unit of added value for the company that has it.

That’s the ongoing power of knowledge graph technology.

The post Knowledge graph technology: sharpening data visibility for better decisions appeared first on TechHQ.

• New warnings against the generative AI threat from experts.
• Potential to skew the 2024 election with AI deepfakes.
• The human challenge is to report use of deepfakes.

Generative AI is as big a threat to human survival and society as pandemics or nuclear war. That’s according to the Center for AI Safety in a new statement, which practically begs the powers-that-be to take action to reduce what it calls “extinction-level risk” from the new technology.

There have of course been calls for slowdowns, re-thinks, and a re-corking of the bottle that held the generative genie before now – academics and business leaders have warned that we don’t yet know enough about the technology to set it as free as we have done in a wide range of businesses, from which it’s unlikely we’ll be able to unpick it down the line.

Voices of concern.

Ironically enough, the open letter from the Future of Life Institute, which was the first such organization to call for a pause, was probably robbed of some substance by the involvement of Elon Musk in the call.

READ NEXT

Data management specialist warns against data dangers of generative AI

Despite Musk being involved in the original birth of OpenAI, he’s a divisive figure, and his time as CEO of Twitter has only deepened that quality, meaning there are now many people, even in the tech industry, who will have seen his involvement in the Future of Life letter as cynical and self-serving, and so ignored any validity in the warnings the letter contained.

When the so-called “godfather of AI,” Geoffrey Hinton, subsequently left Google, citing significant concerns over the development of the technology and its potentially human life-ending potential, the world took rather more notice, because he was a figure at the forefront of the research that has got us to where we are.

The disaster movie cliché.

Hinton, it should be noted, is a signatory of the new statement from the Center for AI Safety. As is Open AI CEO Sam Altman. And John Schulman, co-founder of OpenAI. As are both Kevin Scott, Chief Technology Officer at Microsoft, and Eric Horvitz, the company’s Chief Scientific Officer. And Lila Ibrahim, Chief Operations Officer at Google DeepMind…

We’re not about to turn this into a roll-call of the great, the good, and the extremely clever, but as with the Future of Life Institute, the Center for Safe AI’s statement is signed by emeritus professors, AI specialists, and active researchers from some of the finest academic institutes in the US, and the world.

And if there’s one tired cliché that can be relied upon in every science fiction B-movie out there, it’s that lots of clever scientists warn of the impending disaster at the start – and are ignored, with devastating, popcorn-chewing results for the next 90 minutes.

Pandemics, nuclear war, generative AI.

As if the Future of Life Institute letter, which openly talked about the potential of generative AI to lead us to a kind of personal extinction wasn’t bald and hysterical-sounding enough, the Center for Safe AI makes precisely zero bones about the scope of the problems it claims generative AI can lead us to.

“Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.”

That’s the whole of the statement.

The tech and business communities have already identified a solid handful of risks inherent in the wholesale application of generative AI. In essence, it democratizes altogether too many processes and puts them in the hands of well-meaning idiots.

Or indeed, harm-meaning idiots.

YOU MIGHT LIKE

OPEN-SOURCE

What might open-source generative AI mean for proprietary software?

Those processes can include developing prompt-based shell scripts and apps in a coding language you have no idea how to write – taking the expertise out of programming and coding.

They can include writing copy which can be persuasive, engaging, and yet objectively, factually wrong.

And they can include creating phishing and malware bots without much in the way of understanding of the technology involved.

Generative AI deepfakes – the death of truth?

There are also significant concerns about the data on which leading – already adopted – generative AI bots have been trained, and the data they collect and then on some level can own and use, as has been shown to be valid in the case of Samsung in early May, 2023.

The company’s error forced a ban on the use of ChatGPT by its staff, for fear of giving away any more proprietary code to the generative AI.

But one of the biggest concerns over generative AI as we head into the 2024 election season is the rise and rise of the technology in terms of creating convincing deepfake images, videos and even audio footage with AI voices.

There is already deepfake footage circulating on the internet of Governor Ron DeSantis, a challenger for the Republican Presidential nomination, merged with an episode of The Office, which seems to discredit the governor – on this occasion at least, unfairly.

Fake narratives.

There are two points to watch in developments like this.

Firstly, former President Trump, who is – depending on the outcome of several lawsuits – running to be President again in 2024, was both a candidate and a president entirely unperturbed by a lack of evidence to support his claims.

READ NEXT

White House underscores responsibilities of the generative AI industry

Witness the entirely false narrative of a stolen election in 2020, which led to the Capitol insurrection of January 6^th, 2021, with threats made to prominent figures on both sides of the partisan divide, including Speaker Nancy Pelosi and Trump’s own Vice-President, Mike Pence. Just this week, judicial sentences were handed down to some insurrectionist leaders that will put them behind bars for 18 years.

Trump’s narrative from even before he won the White House the first time was that both Democrats, news media and “the Deep State” were peddling a narrative of what he called “fake news” – a label earned by anything other than the most fawning praise of his every move.

In a world where generative AI-based deepfakes are a widely available, increasingly cost-effective way of framing a narrative, it will be interesting to see what defence any news media has against the idea that they are using such technology to peddle an anti-Trump – and therefore in the eyes of many voters, an anti-American – narrative.

It will hardly surprise anyone that former President Trump himself has already been sharing the DeSantis deepfake without appropriate information that identifies it as an AI deepfake.

A question of responsibility.

Secondly though, beyond the Trump factor, the increasing availability of generative AI-based deepfakes and voicefakes threatens the very nature of “truth” in any political campaign.

As in coding, for instance, where you need experienced coders to be able to tell what is wrong with generative AI-written code and put it right, and as in copywriting, where disclaimers about copy being written by AI and fact-checked by human beings are popping up more and more, so there is a need, in a world where these technologies are increasingly commonplace, for news organizations – and political organizations and figures – to own their use of AI-generated fakes whenever they do it, so they can be distinguished from objective and fact-based reporting or video.

Unfortunately, if social media has taught us anything, it’s that facts stand up poorly to a need for people to feel right in their own confirmation biases.

So in the world of regularly available generative AI deepfakes, the idea that anyone will know what “objective truth” is becomes increasingly easy to water down – both across the political spectrum and across the world.

The AI election.

Everyone from conspiracy theorists (“Shock newly discovered footage proves we never went to the Moon!”) to political theorists on both sides of the aisle, to China, to Russia, will be able to use the technology to “prove” their version of reality, and all they need to do is not disclose that it’s an AI deepfake in order to make their audiences incensed against any opponent they choose.

When what you see automatically becomes “the truth,” who wags your dog?

With some news organizations already calling 2024 “the AI election,” the big question is whether concepts like democracy and truth can actually survive long into the AI deepfake era.

As is often the case when the potential danger of generative AI is discussed though, the technology itself is not the real threat. It is, to plagiarize the NRA, only the gun in the hand of the user.

The true test of the AI election – and the world as it looks with so much more generative AI underpinning everything we understand to be true (and on which we base our decisions) – is the honesty of intent of the people using the technology.

Will every news organization and every political campaign agree to signal the fakery of its content, every time it uses generative AI?

We are not, in the final analysis, a culture that has traditionally shown itself able to exercise such power responsibly over extended periods in recent years.

The post Generative AI a threat to human survival – CAIS appeared first on TechHQ.

Six months ago, when generative AI first exploded onto the tech world’s consciousness like a sentient tab of acid, offering answers to every question in the knowable cosmos, there was one very noticeable thing about it. While the name officially attached to ChatGPT was OpenAI, a research company with a very tight focus, the power behind the newly-invented throne of generative AI was Microsoft, and its piles and piles of shiny, burning research dollars.

The ensuing scramble to join the generative AI gold rush and establish a claim in the sudden “new world” was very much a race of the tech giants. Google practically fell over itself in its hurry to establish its Bard as a viable alternative to ChatGPT.

READ NEXT

Open-source coders have generative AI now – and it could change everything

Microsoft and OpenAI blithely launched GPT-4, which could do more than ChatGPT had just done, more or less beating their own flush just as much as they’d beaten Google. Alibaba, bless it, with a timing for which it’s only possible to feel a profound sense of sympathy, announced its generative AI offering, Tongyi Qianwen, just in time for China to announce a complete crackdown on the technology, barring chatbots properly trained in solidly socialistic principles.

Rise and stumble.

Generative AI, and ChatGPT in particular (capitalizing on its first-to-market exclusivity) had a fairly messianic few months – going from being everybody’s favorite new toy and the herald of a brave new world of possibilities, to having programmers question the wisdom of democratizing the coding process, to leading AI scientists quitting Google on the basis of the potential that generative AI could become smarter than humans in a hurry and just possibly kill us all.

Italy put it in time out while it sought assurances on its data practices. Samsung fell foul of a lack of awareness of those data practices, unthinkingly giving ChatGPT some of its proprietary code and subsequently banning all use of the technology. China, as we mentioned, had a spectacularly socialistic hissy fit. And a collection of esteemed academics, industry figures, and ultimately anybody who felt like it, added their name to an open letter asking the industry for a pause in development of generative AI above the capabilities of GPT-4.

Sam Altman of OpenAI, testifying before Congress this week, acknowledged that the potential of generative AI was scary, and confirmed that whatever will eventually become GPT-5 (or ideally, something with a much catchier name) has not begun training yet, and won’t for at least the next six months.

An understood model of the world.

But the salient point is that all of this happened in a world where the model was familiar – multi-billion-dollar companies funding significant advances that they would eventually add to their product rostra and either charge for directly, or monetize in other ways. They were the kings of this advance, and the development, progress, speed and above all, the price of the advance would be theirs to dictate.

It was Scottish poet Robert Burns who famously said “The best laid plans of mice and multi-billion-dollar tech giants aft gang aglay.” Or so ChatGPT tells us.

And aglay (astray, or wrong) those plans duly went, when a version of Meta’s foundation model,  LLaMA (erratically acronymical spelling, but immediately more memorable than ChatGPT) was leaked to the open-source community.

The open-source community, in case you’re new to TechTown, is part army, part ant colony, millions if not billions strong, based all around the world, very techno-geeky and essentially composed almost entirely of the kind of people who could get us not only to Mars but out of the solar system before NASA had got its space boots on, so long as somebody said it couldn’t be done.

READ NEXT

Cybersecurity firms examine ChatGPT threat model

The open-source community is made up of puzzle people. They see puzzles, restrictions, limitations, roughnesses, and inconvenient, why-won’t-you-do-this-like-I-think-you-should issues as Rubik cubes to be solved in the fastest time and the slickest way, for bragging rights, pizza money, and just occasionally the score of a lifetime when some proprietary software house needs their solutions.

But mostly the bragging rights and pizza money.

And now, they have generative AI code to play with.

The certainties of life.

There are very few certainties in life – death, taxes, occasional crushing political disappointment and the fact that you look neither as good nor as bad as you sometimes think you do.

But if there is a single certainty on which the world literally depends in the 21^st century, it’s that things get better when the members of the open-source community get their hands on them. Often cheaper, too, but always, always better.

That came to light late last week when a memo was supposedly leaked from an unnamed Google staffer, listing the many reasons why the traditional proprietary software houses could and probably should be losing their collective minds over the fact that the open-source community has generative AI code to play with.

And while we may never be entirely sure a) whether it came from a genuine Google staffer, or b) whether the views expressed in the memo are in any way indicative of Google’s private corporate internal monolog right now, neither of those things will ultimately matter, because the achievements documented in the memo are real, and verified, and have a defined timeline.

Things like LLMs on a phone, fully-functioning generative AI that take only around the power of a handful of threadrippers to use, rather than the resource-intensive versions of the technology, developed and deployed by the tech giants.

Most particularly of all, there are two ideas in the “leaked memo” that might well revolutionize the way the world interacts with generative AI.

READ NEXT

ChatGPT versus Google – the future of search

First, that open-source development allows for smaller, more dedicated, more personalized generative AI models than the behemoth, potentially world-conquering creations that the proprietary giants have had to make, in order to justify their spend on the whole project.

That could mean you can get all the generative AI you need, in an easily-trained and personalized way, without paying the prices of the proprietary tech barons. About which, the argument could easily be made, what’s not to love?

And secondly, the haunting notion that’s backed up by undeniable evidence – that open-sourcers are delivering generative AI capabilities that are, right now, almost as good, and fast, and smart, as anything the giants have come up with. That they’re doing it with significantly less expense and compute-demand, significantly more versatility, and that, very soon – possibly before you finish reading this article – the open-source versions will overtake anything the proprietary houses have to offer, or can ever hope to catch up with.

The meaning of the LLaMA leak.

OpenAI may not be working on GPT-5 just yet. We’d be willing to bet that somewhere in a bedroom or a basement, someone is. Only it will be faster, and more useable, and more versatile, and crucially of course – almost insultingly cheaper.

What does all this mean for the proprietary generative AI giants? We suspect they’ll be trying to figure that out themselves. The idea of significant regulation of the technology was probably necessary in any case, but has gained support from some of the big players in relatively recent days. Could that curtail the operations of the open-source community?

Maybe – it could arguably impose rules around what could be legally developed except by players who were able to expensively commit to principles of corporate responsibility, creating a monopoly of capital investment that would shut out open-sourcers from actively profiting from their work.

There’s always the potential for a giant intake of open-source coders into the ranks of the tech giants, binding the coders and their developments to the advancement of the companies in return for a hefty sack of cash. That’s an extremely short-term solution, and only really half of one – the open-source community is also akin to a hydra: for every head you remove, two more spring up in its place, and then six months or a year down the line, you’re being out-developed again.

There’s the potential to sue for IP rights, but that’s practically impossible and highly frustrating – only Meta would realistically have a claim, and it could be easily argued that it gains much more by association with the ways in which the open-source community has improved generative AI on the initial basis of its foundation model than it would have by restricting use of that model to a monetized version and a relatively hard-won user-base.

Besides which, since the original leak, there are probably already a thousand “children” of the original model, all of which are significantly different enough from the parent, leaked version to warrant an individual identity. At which point, the only people getting rich are the lawyers.

The future, or something like it.

The most likely result is that the tech giants will have to grin and bear it. But for those predicting the end of the proprietary world in terms of generative AI, there’s bad news, too.

The market will likely settle and stratify, in much the same way as it has done in relation to other business tools – you have your Microsoft 365s, your Google Workspaces… and then you have a host of others that do similar things, but probably, when all is said and done, better. Less well known, and with less famous support networks in the event of anything going wrong, but out there and thriving, developing faster and in more bespoke ways than the behemoths can match. And cheaper. Always, always cheaper.

In terms of generative AI, the difference between the strata is likely to be more extreme and noticeable – at least until the giants begin aggressively copying the open-sourcers in providing smaller, lighter, more agile generative AI setups that can be customized and trained easily by the client with bespoke datasets relevant to their needs. (It might also be the case that the value of datasets rockets in response to these developments – like getting a cheap, fast, efficient games console, only for the price of the games to go up).

By which time, the open-source community is likely to have launched and grown a thriving market in exactly that kind of more personalized AI product, and established significant amounts of customer loyalty as a result.

The open-source invasion of generative AI is not, as such, the end of the world for the proprietary tech giants and their AI investments. But it does mean a relative democratization of the technology, which will strike a very great number of businesses – not to mention enthusiastic individuals – as an extremely attractive alternative to paying big business prices for less agile models.

The post What might open-source generative AI mean for proprietary software? appeared first on TechHQ.

Just six months ago, on November 30^th, 2022, OpenAI, backed by Microsoft, dropped a bomb on the tech world, in the form of ChatGPT. Since then, the tech industry has lost its collective mind and invested everything up to and including the family silver in generative AI – the new big prize, the new wundertool, the revolutionary technology that would change the world.

And there’s little doubt that it has, or that it will continue to do so. Every company under the sun has found some use for generative AI.

Google, outflanked by the OpenAI/Microsoft launch, burned its year’s supply of midnight oil to get its competitor, Bard, to the world in something that could just about be seriously considered good time. And a new technological arms race was declared, to become kings of generative AI.

READ NEXT

The US and China will soon have laws in place to govern ChatGPT-like AI tools

The drag factors.

Except what also happened was that ChatGPT, GPT-4, Bard and others, ran into significant issues. Their lack of an objective truth model and the sheer size of their data libraries made them prone to convincing error. Open letters were written by the great and the self-aggrandizing, demanding a pause in the development of the technology. Italy raised legitimate concerns over data privacy. China had a puritanical hissy fit about generative AI trained on anything other than solidly socialist models.

And while companies all over the world, and at every scale, set about integrating large language model generative AI into their business practices, quietly in March, Meta’s new LLaMA platform was leaked to the open-source community.

It’s probably worth a refresher course in what happens when the open-source community gets its hands on a new toy.

The short answer is “practically everything useful you think is developed by major tech giants.”

And now, a document that purports to be a leaked internal memo from Google is painting an alarming picture for the tech giants – and an extremely attractive one for companies and people who want generative AI to do specific things, and who don’t necessarily want to pay tech giant bucks to get it done.

The flavor of the memo is perhaps conveyed in an early line. “While we’ve been squabbling, a third faction has been quietly eating our lunch. I’m talking, of course, about open-source. Plainly put, they are lapping us.”

The open-source army.

There’s a certain irrevocable logic to this. You can lock a thousand coders and programmers in a basement in OpenAI or Google HQ and tell them to be creative or the puppy gets it. They’ll produce impressive things, to be sure.

But the open-source community is millions, if not billions strong. And they work independently and in teams to solve problems. To smooth out bugs. To build cute new things that nobody ever knew they needed. The open-source community is largely responsible for everything that works on the internet. Get that community a large language model, and it will outperform you every time, however many millions of dollars you pour into R&D in tech giants. Bottom line, the open-source community is a stable quantum computer to your 16k 1980s IBM machine – and the floppy disc it rode in on.

And the open-source community is doing precisely what the open-source community does, on the basis of Meta’s LLaMa platform. Not Google’s Bard, and not OpenAI’s ChatGPT.

READ NEXT

Italy’s ChatGPT ban attracts the attention of regulators around the world. What’s next?

The memo continues, listing things that the big companies regard as “major open problems” – which the open-source community has already solved and put into people’s hands. Today. And pretty much for free, rather than behind a paywall designed to claw back a vast amount of research investment.

Tomorrow’s capabilities – today.

For instance, the memo highlights that the open-source crowd has already cracked puzzles like:

• “LLMs on a phone.
• Scalable personal AI.
• Responsible release: This one isn’t ‘solved’ so much as ‘obviated.’
• Multimodality: A current multimodal ScienceQA SOTA was trained in an hour.”

What’s more, the memo, which purports to be from a Google staffer, starkly points out that while the big models still hold a slight edge in terms of quality, that gap is closing with astonishing rapidity. Six weeks from now? Six months?

“Open-source models are faster, more customizable, more private, and pound-for-pound more capable. They are doing things with $100 and 13B params that we struggle with at $10m and 540B. And they are doing so in weeks, not months. This has profound implications for us.”

Too true. Without quoting too freely from the document, it starkly predicts:

• “We have no secret sauce. Our best hope is to learn from and collaborate with what others are doing outside Google. We should prioritize enabling 3P integrations.
• People will not pay for a restricted model when free, unrestricted alternatives are comparable in quality. We should consider where our value add really is.
• Giant models are slowing us down. In the long run, the best models are the ones which can be iterated upon quickly. We should make small variants more than an afterthought, now that we know what is possible in the <20B parameter regime.”

The breakdown.

What does all this actually mean?

Essentially, smaller, more agile, more project-specific versions of generative AI, that for instance, can be run on a handful of threadrippers, rather than the massively power-hungry processing power currently responsible for the likes of ChatGPT and Bard.

READ NEXT

Building context-based truth models for ChatGPT

Equally essentially, a free-to-access version of generative AI that you can quickly and easily personalize with the data you actually need it to train on, rather than all data everywhere, as has tended to be the way with the techno-giant models. Less extraneous data and less clunkiness – without the tech giant price tag.

If you want a buzz-phrase for the impact of the open-source community and its intensive play, it’s easy to find – it represents the potential democratization of generative AI.

It’s almost ironic that the tech giants didn’t especially see this development coming, because it’s not as though the open-source community doesn’t have a record when it comes to taking things and finding infinitely better, smoother, faster ways of getting them done.

In particular in this instance, analysts are citing the use of a cheap and easy method of fine tuning, known as LoRA, and a couple of nifty developments which allowed for breakthroughs in scale – in particular, Chinchilla.

Whether the admissions and acknowledgments in the memo turn out to actually be from a Google staffer or not, the open-source community’s work on generative AI models feels like a whole new breakthrough in making the technology available, and personalized, and target-specific.

And that might yet be how you build a technological revolution.

How the big players will officially respond to the likes of OpenLLaMA – yes, there’s already an open-source clone of Meta’s original – joining the market, one thing seems certain.

Things just got interesting.

Again.

This article was created with reference to the text of the “leaked memo” found on the Semianalysis website, with our thanks. The caveats regarding the memo’s contents on the Semianalysis page should be considered to also apply to this article.

The post Open-source coders have generative AI now – and it could change everything appeared first on TechHQ.

When ChatGPT was first released in November 2022, there were concerns in some quarters that the advanced chatbot, which had been trained on text scraped from the internet, could be used to write malware. The threat model was that bad actors no longer needed advanced programming skills to write code capable of tricking victims into handing over personally identifiable information (PII). Instead, adversaries could simply prompt ChatGPT with suitable keywords and copy and paste the output, rather than having to puzzle out the programming from scratch. But it turns out that a ChatGPT bug made gathering PII easier still.

READ NEXT

Kaspersky briefing: ChatGPT and the language of cybersecurity

Not all cybersecurity experts share the same concerns about the dangers of ChatGPT being used by bad actors to write malware. Threat actors already distribute code and conduct cyberattacks in return for payment – an activity that’s dubbed Malware-as-a-Service (MaaS). And so, the additional cybersecurity risk of ChatGPT is debatable. But that’s not to say that OpenAI’s code is risk-free, as CVE-2023-28858 and CVE-2023-28859 highlight.

Earlier this month, ChatGPT users reported that details being shown in their chat history bar weren’t their own. Generative AI is all about creating text and images based on prompts, but that creativity shouldn’t spill over into subscriber data. The unusual behavior extended to displaying the names, email addresses, postal addresses, and even partial credit card numbers of other subscribers in user account page placeholders.

Not my number

Users upgrading from OpenAI’s free research preview of ChatGPT to a paid-for ChatGPT Plus version reported that validation code requests contained telephone numbers and email addresses that they didn’t recognize. And the reason for this confusion? A programming error known as a race condition, where rather than data being served in a logical, predictable manner, processes compete for resources in an uncoordinated and unpredictable way.

Race conditions can cause programs to crash as code is fed with unexpected or incorrect results. But, depending on the error handling, apps may continue running and treat the erroneous output as genuine. And this appears to be the case for OpenAI’s implementation of its ChatGPT web UI.

READ NEXT

Cybersecurity firms examine ChatGPT threat model

“We took ChatGPT offline earlier this week due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history,” wrote OpenAI in a blog post explaining the ChatGPT outage that occurred on 20 March 2023. “It’s also possible that the first message of a newly-created conversation was visible in someone else’s chat history if both users were active around the same time.”

OpenAI’s tech team traced the race condition to its deployment of Redis –a popular open-source in-memory data store – which ChatGPT uses to cache user information. Redis allows developers to dramatically speed up database queries, API calls, and other common transactions between nodes. And it’s highly scalable. OpenAI uses Redis Cluster to distribute session details over multiple Redis instances, and then coordinates source information held on its main database using the redis-py library.

Multiprocessing glitch

Information held in OpenAI’s database propagates across to the Redis environment. And requests and responses are managed in a cooperative multitasking fashion thanks to Async IO – a concurrent programming design supported in Python. Connections between the database server and Redis cluster exist as a shared pool, with incoming and outgoing queues. Ordinarily, the system works fine, but an issue can occur if a request is canceled after it has been pushed onto the incoming queue, but before the response has left as part of the outgoing sequence of information.

Typically, these canceled requests result in an ‘unrecoverable server error’, and users will have to resubmit their request. But not always. The routine will consider the data returned as being valid if the corrupted value happens to be of the same data type as the incoming request – even if it belongs to another user – as the makers of ChatGPT discovered. Adding to the drama, OpenAI’s coders had introduced a change (on 20 March 2023) that caused Redis request cancellations to spike. And with more cancellations, there were more chances that the data types would match.

READ NEXT

Can chatbots remember what you type? NCSC issues warning

OpenAI believes that 1.2% of its ChatGPT Plus subscribers who were active during a specific nine-hour window – between 01:00 hrs and 10:00 hrs Pacific Time on the day that the Redis request cancellations spiked – could have been affected. OpenAI notes that the bug only appeared in the Async IO redis-py client for Redis Cluster, which could explain why developers who had implemented other parallel processing schemes may not have observed the same vulnerability.

According to the blog post, OpenAI has reached out to the Redis maintainers with a patch to resolve the issue, although a write-up by Sonatype Security Researcher, Ax Sharma, on the topic says that testers were able to reproduce the flaw after the fix. However, ChatGPT users can sleep a little easier in the knowledge that OpenAI has added redundant checks to ensure the data returned by its Redis cache matches with the user requesting the information.

Ironically, when ChatGPT first when live, developers were celebrating the ability of the advanced chatbot to find bugs in code. And while a number of static code analysis tools exist, which can help to identify potentially risky threading schedules, race conditions are time sensitive and may only surface in dynamic testing. Microsoft lists a number of tools and techniques to identify concurrency issues, but ideally apps will be designed to avoid the probability of conflicting events occurring simultaneously, even if that chance is believed to be extremely small.

The post ChatGPT bug exposes Redis vulnerablity issue appeared first on TechHQ.