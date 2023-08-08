Artificial intelligence (AI) tools have gained popularity in recent months, with the release of generative AI tools like OpenAI’s ChatGPT and Google’s Bard. Behind the scenes, questions about evaluating and securing these AI systems have been ongoing for years. Since 2018, Microsoft has had an AI red team dedicated to attacking AI platforms to uncover weaknesses.

Microsoft’s AI red team has evolved over the years, starting as an experiment and growing into a interdisciplinary team of machine learning experts, cybersecurity researchers, and social engineers. The team aims to make its findings accessible to a wider audience by using traditional digital security language, rather than relying on specialized AI knowledge.

However, the team recognizes that AI security poses conceptual differences from traditional digital defense. They emphasize responsible AI, focusing on accountability for AI system failures such as generating offensive or ungrounded content. The goal of AI red teaming is not only to assess security failures but also responsible AI failures.

The AI red team has released various security tools and frameworks over the years. They collaborated with MITRE and other researchers to develop the Adversarial Machine Learning Threat Matrix in 2020. They also released open-source automation tools called Microsoft Counterfit for AI security testing and published an additional AI security risk assessment framework in 2021.

As the urgency to address machine learning flaws and failures becomes more apparent, the AI red team has evolved and expanded their operations. In one early operation, the team assessed a Microsoft cloud deployment service with a machine learning component and discovered vulnerabilities that could be exploited for denial of service attacks.

The dynamic nature of AI systems means that the most highly resourced attackers aren’t the only ones targeting AI platforms. Even casual users with basic browsing skills can pose a threat. The AI red team anticipates future attack trends and emphasizes the importance of AI accountability in their mission.

While the AI red team concentrates on identifying vulnerabilities, they collaborate with other groups within Microsoft to fix them. Their focus has shifted from solely security failures to responsible AI failures, encompassing a broader range of challenges. Microsoft’s AI red team plays a crucial role in evaluating and securing AI systems, ensuring their reliability and accountability in an ever-evolving technological landscape.