Open AI Service models aka the definition of "type" from my post 16:
GTP-3 family
- Ada: Simple classification, parsing and formatting text
- Babbage: Semantic search ranking, moderately complex classification
- Curie: Answering questions, complex, nuanced classification
- Davinci: Summarizing for specific audience, generative creative content
Codex family (Codex is based on ChatGTP but focuses on source code creation/completion. I would call it a domain version of
GTP-3)
- Cushman-codex: smaller version of Davinic but faster and lower quality results
- Davinici-codex: Main model for codex
Why the difference between these two? Cushman will be used for autocomplete scenarios (click button and expect direct completion), while Davinic is required to create not a line but a small peace of software.
I hope this helps to explain why the about ChatGTP mixes many topics at the moment in the news because people are not aware of the differences in the underlying AI model architectures.
Back to 1 & 2, Codex can improve our overall security of software but Cyber criminals will try to provide code ideas (snippets) to be incorporated as backdoors into Codex.
------------------------------
Lars Ruddigkeit
Account Technical Strategist Swiss FedGov
Microsoft Switzerland
------------------------------
Original Message:
Sent: Jan 25, 2023 11:49:21 PM
From: Lars Ruddigkeit
Subject: ChatGPT Research
Regarding 1 & 2, I believe this to be 2 sides of the same coin.
- For 1, as described by Andreas: You can expect much better malware free of typos and bad grammer
- For 2, it is the same: ChatGTP has a "human" style of writting but you should be able to detect the style itself. Therefore, ChatGTP can be used to create training examples of new CyberAttack styles.
The questions is who is faster. I bet on 1, the attacker.
- For 3, from a design perspective: Overall, models like ChatGTP are well protected because the frameworks of Big Tech companies are expecting attacks on this level. The genreal company can use ChatGTP safely because it is in the end for them just a secured end point. This does not need to be true for AI models hosted by other companies. I am are using MLOps but have never heard of "real ML security", which protects against
- Data poisoning attacks
- Adversarial attacks
- Evasion techniques
- "Oracle" attacks
- Exploitation of missing model input validation
- Model extraction attack
The challenge with this topics is its own nature. These discussions happen in deep AI knowledge groups and normally not in Cyber Defense groups. The attack/protect surface is completely different.
- For 4, to enable business: Here is a lot understanding missing. Many people do believe that they can adopt ChatGTP to their "data". It is not the purpose of ChatGTP. ChatGTP was to demonstrate the power of these large models. Business can use this "type" of models to retrain them on their data.
------------------------------
Lars Ruddigkeit
Account Technical Strategist Swiss FedGov
Microsoft Switzerland
Original Message:
Sent: Jan 25, 2023 02:29:58 PM
From: Jim Reavis
Subject: ChatGPT Research
Of course you knew I was going to use ChatGPT to write a draft version of the report.
------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
Original Message:
Sent: Jan 24, 2023 07:47:38 AM
From: Jim Reavis
Subject: ChatGPT Research
Hi All,
I would appreciate the community helping us to think through what CSA's approach to research should be in light of the quick uptake of ChatGPT. I know ChatGPT is not unique in the world, but it certainly has reached mainstream and caught the attention of some of the smartest people I follow in our industry. I believe the attention it is currently getting is going to help us build better AI/ML security best practices and I think CSA should put together a white paper in short order as part of a longer term research effort. It seems to me the four dimensions are: 1) How malicious actors can use it to create new and improved cyberattacks, 2) How defenders can use it to improve cybersecurity programs, 3) How it can be directly attacked to produce incorrect or otherwise bad results and finally, 4) How to enable the business to use it securely.
I appreciate any input you have on how I am framing this and any anecdotes you want to share!
------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------