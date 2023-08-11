Google has established a ‘red team’ to uncover potential vulnerabilities and weaknesses in artificial intelligence (AI) systems. These systems, particularly generative AI, have become popular targets for hackers. Daniel Fabian, the head of Google Red Teams, explains that there is limited threat intelligence available when it comes to real-world adversaries targeting machine learning systems.

Some of the major threats identified by Google’s red team include adversarial attacks, data poisoning, prompt injection, and backdoor attacks. Adversarial attacks involve intentionally providing inputs designed to deceive an ML model, resulting in incorrect or manipulated outputs. Data poisoning is the manipulation of training data to corrupt the learning process of an AI model. Prompt injection attacks involve users inserting additional content to manipulate the model’s output. Backdoor attacks are particularly dangerous as they can go unnoticed for an extended period and allow hackers to hide malicious code in the model.

To address these threats, Google’s AI red team recommends securing the data supply chain to prevent data poisoning. They also emphasize the importance of implementing restrictions on user inputs and monitoring user submissions to protect AI models from prompt injection attacks. Additionally, classic security best practices, such as controls against malicious insiders and strict access controls, are crucial to defend against backdoor attacks.

Google’s AI red team aims to stay ahead of potential adversaries by leveraging their AI expertise. Their work focuses on integrating ML models into the software development life cycle to proactively identify and eliminate vulnerabilities. Fabian is optimistic that advancements in ML systems will make it easier to identify security vulnerabilities in the future, ultimately benefiting defenders.

Overall, the establishment of Google’s red team highlights the need for continuous efforts to secure AI systems as they become increasingly prevalent in various domains.