As per the National Institute of Standards and Technology (NIST), there exist various risks linked with the swift advancement of artificial intelligence, including misdirection, data poisoning, and privacy infringements.
In a declaration by NIST, it is acknowledged that there is no foolproof defense against malicious actors capable of launching deceptive attacks on AI systems.
The primary objective of the document is to foster a prudent approach to the development of AI tools and to alert businesses to the susceptibility of all AI systems to attacks, underscoring the need for heightened vigilance in their utilization.
Avoidance, Toxicity, and Abuse
The comprehensive validation of the data utilized to train AI, particularly in the creation of large language models (LLM), poses a significant challenge due to the vastness of the dataset, resulting in potential gaps in accuracy, content relevance, and response adequacy to specific queries.
One prevalent form of attack, known as data poisoning, involves injecting offensive or harmful language into the training data, leading the AI to incorporate such inappropriate elements into its learning process. Instances have been reported where AI trained on corrupted data has exhibited biased and derogatory responses to certain inquiries.
Furthermore, concerns arise regarding evasion attacks post-deployment, where AI systems may be manipulated to misinterpret inputs or exhibit altered responses. For instance, a self-driving car might fail to recognize a stop sign at an intersection if additional colors are introduced, potentially leading to accidents. This scenario is highlighted in the publication.
The article also underscores the potential of identifying the training sources of AI by manipulating its responses to queries and introducing detrimental examples or data, thereby inducing inappropriate behaviors in the AI’s interactions.
Lastly, malicious actors retain the capability to compromise the authentic data sources utilized in AI training, altering their contents to modify the AI’s behavior and render it dysfunctional in its intended context.
The publication highlights a significant concern regarding these attacks being executed through “black-box” methodologies, where adversaries necessitate minimal knowledge of AI techniques to orchestrate potent attacks. The term “white-box” denotes complete knowledge of a system, while partial comprehension is referred to as “gray-box.”
According to NIST computer scientist Apostol Vassilev, the publication provides an inclusive overview of attack strategies and methodologies applicable to various types of AI systems.
Moreover, the document delves into the latest mitigation techniques outlined in recent literature; however, these defenses currently lack robust assurances of completely mitigating risks, underscoring the urgency for enhanced defense mechanisms within the community.
