“Have you ever used an AI system, such as a language model? Doesn’t it persuade you that it’s very intelligent or that it actually kind of likes you? It seems like it has emotion and an attitude. I think that’s one of the challenges: people create a persona around chatbots, but they’re still machines”, says Dr. Una-May O’Reilly from the Computer Science and Artificial Intelligence Laboratory (CSAIL) of Massachusetts Institute of Technology (MIT).
This October, together with other scientists from MIT and Lithuania, Dr. Una-May O’Reilly gave a presentation at the conference Human and More-Than-Human Futures: Innovating Technologies for Coexistence in Lithuania, which explored the challenges of transformative innovations and the ways of creating a better future.
Dr. O’Reilly is an expert in artificial adversarial intelligence and cybersecurity. At MIT CSAIL, she leads the Anyscale Learning For All (ALFA) Group, which is tasked with replicating artificial adversarial intelligence using computers. In other words, she uses the knowledge of adversarial behaviour to create computer programs that think like attackers and defenders, which allows network and device security experts to spot and fix weaknesses in their systems before they are exploited by actual malicious actors.
In an interview with Dr. Una-May O’Reilly before the conference, she shared some thoughts about her innovative work, the future of AI, the safety of generative AIs like ChatGPT, and the skills that are needed for someone who would like to work in her field.
What is artificial adversarial intelligence?
There are many situations when we can find ourselves in adversarial settings, in a competition where one side is attacking and the other is defending. As a computer scientist who also researches AI, I’m interested in that facet of intelligence where we recruit our cognition and our behaviour towards behaving adversarially in an intelligent way. I want to replicate that adversarial behaviour and intelligence in a machine, with a computer. That’s how you get artificial adversarial intelligence.
What are the main goals and activities of your group, AnyScale Learning For All (ALFA), at MIT CSAIL?
One of our goals is to replicate adversarial intelligence with computers: we study various adversarial settings and look for ways to apply AI to those settings. As a computer scientist, it’s why I get up every day. I really want to replicate the things we see in the natural world.
In cyber security specifically, we are looking at how to apply AI towards creating better defences against attackers to prevent disruption, theft, or harm. Sometimes a better defence is actually to understand what the offence could do, so that you can anticipate that and get a step ahead of it. So I also look at how to red-team cyber systems and stress-test them beforehand by thinking a little bit like the attacker or the threat actor, rather than a defender.
What do you think about the safety of AI today, especially generative AI like ChatGPT?
I think that safety is a critical issue and challenge in some of these latest generative AIs. They run the risk of making decisions at a very high speed without human oversight. If those decisions are critical to somebody’s or some system’s safety, then we risk that they’ll harm others by getting it wrong. That’s how the current safety landscape looks with language models. We use them all the time, but if you don’t check them carefully or if you give them too much responsibility, then we’re at risk of them behaving unsafely.
What are the biggest myths or misconceptions about AI safety?
Well, have you ever used a language model? Doesn’t it persuade you that it’s very intelligent or that it actually kind of likes you? It seems like it has emotion and an attitude. I think that’s one of the challenges: people create a persona around chatbots, but they’re still machines. We call them stochastic parrots: in some sense, they’re simply statistical predictors based on a lot of evidence of what’s happened in the past that they’re using to go forward. They don’t have a deep understanding, but they give the impression that they do. That could be as risky as a teenager socialising with a chat-bot instead of his or her friends, or trusting a machine to make a decision. You know that you should check the answer first, but you don’t, because it’s human nature to trust, or you’re in a hurry and you don’t have the time.
Perhaps there are some more subtle or less known dangers and risks related to AI?
People who are threatening our cyber systems are using AI to be more productive, to launch attacks that are faster and higher volume, perhaps a little bit more adaptive because the AI can help them with some of their strategies and rules.
Another subtle piece is that there’s internal bias inside of a large language model: it’s going to favour the experience expressed in the data it’s being trained with. If you don’t know that bias, then you don’t understand in what context it’s giving you responses. At the beginning, we could give ChatGPT a multiple-choice question with four options and it would pick C – not because it knew the correct answer but because C was more frequently the right one in multiple-choice tests. Right now, they’ve done a lot of work to remove that kind of bias. This is a modern challenge that all the model makers are working really hard to address.
An important part of your work is related to cyber security. What are some new threats that we should watch out for to protect ourselves online?
A lot of the risk is coming from fake images and videos used in what’s called social engineering. I think it’s going to be easier for threat actors to produce more genuine-looking deceptions that persuade you to hand over your password or allow them access to something that you shouldn’t give them. The new threat is just the quality of the deception and the speed with which they can react and continue to be deceptive, very persuasively.
What skills would you say are the most important for someone who would like to work with AI or cyber security?
Cyber security and AI require mathematics and computer science but I think they’re also going to involve multi-disciplinary teams that think about the psychology of AI and about the ethics and legal consequences of AI making decisions. I don’t think you need strictly a computer science or engineering background to do AI right now. I think that you have a lot to contribute if you’re thinking about all those multiple disciplines.
What do you think about the future of AI? How are we going to use it in ten years or more?
When I’m optimistic I see all the potential for AI to really change the world in very positive ways. It can help us conduct science at a much more detailed level faster. It can help us discover new things mathematically. AI can help address some of the tremendous challenges in the world today. There’s no doubt that it offers value in productivity, in innovation.
It also offers accessibility: you don’t have to be as technical to use the current AI, you get to use your natural language. It’s totally shocking that you get to speak to a computer system in your native tongue and it understands. We weren’t able to do that nearly as well before generative AI came along. This increases the accessibility to a really productive technology, and when we apply it to the right problems, I’m very very optimistic.
I’m also slightly cautious because I know that it’s a very powerful technology that’s moving and changing very quickly. It needs the engagement of not just the scientists and engineers but all of society and all these different perspectives to contribute to figuring out how to use it responsibly. We need to be conscientious and duly diligent to use this opportunity well.
Can you share some more practical examples, exciting discoveries, or something that surprised you recently in your research?
About 10 years ago we started to use open-source information that was very weakly linked and a real hassle to use: you had to open many windows, travel back and forth, and you got lost. It was many sources describing threat behaviour: the tactics, techniques, attack patterns, and strategies that get deployed against us, and even the vulnerabilities in our systems. We decided to get rid of this problem: we collected all these entries and created a big graph where every entry was a node and every link you’d follow as a click became an edge. This let us move back and forth across the links with all the information in one place.
We knew this would help us think beyond what happens when you get attacked. When you’re attacked, all you see are the things happening on your computer: low-level behaviour. You don’t see the attackers’ planning, the tactics they used, or the weaknesses they’re exploiting. We hoped to get there by putting this information together in our graph, by chaining these building blocks of low and high level behaviour.
Just recently, we were able to interface our graph database with a language model: all of a sudden we could talk to it in English and it would reply. That’s really exciting. We could say ‘Here’s what we want’ and the query would be written for us. Beyond that, we could use a language model to explore the knowledge, ask it to visualise, and interpret what was there. We have our hands on a massive amount of data through this helpful AI tool. I’m very excited about this payoff from investing time and work ten years earlier and seeing it come to fruition.
The conference Human and More-Than-Human Futures: Innovating Technologies for Coexistence was organized by the Lithuanian Consortium and supported by the Research Council of Lithuania and Northway Biotech.
Members of the Lithuanian Consortium for collaboration with MIT: coordinator Vytautas Magnus University, Kaunas University of Technology, Klaipėda University, Vilnius University, Vilnius Gediminas Technical University, Vilnius Academy of Arts, Lithuanian Research Centre for Agriculture and Forestry, Lithuanian Energy Institute, AB Ignitis Group, LTG Group, UAB Euromonitor International – Eastern Europe, and UAB Novian.
„BNS Spaudos centre“ skelbiami įvairių organizacijų pranešimai žiniasklaidai. Už pranešimų turinį atsako juos paskelbę asmenys bei jų atstovaujamos organizacijos.
