Summary Insider threats are security risks caused by an organisation's staff. Careless and intentional insider threats cause 25+% of cyber breaches.[1] In a survey of existential risks involving cybersecurity and AI, I identified key actors in the AI supply chain to protect: compute manufacturers, frontier AI labs, and AI regulatory...
Context: this post summarises recent research to prevent AI algorithms from being misused by unauthorised actors. After discussing four recent case studies, common research flaws and possible solutions are mentioned. A real-life motivating problem is how Meta's LLaMa had its parameters leaked online (Vincent, 2023), plausibly enabling actors like hackers...
Insider threats are security risks caused by an organisation's staff. Careless and intentional insider threats cause 25+% of cyber breaches.[1]
In a survey of existential risks involving cybersecurity and AI, I identified key actors in the AI supply chain to protect: compute manufacturers, frontier AI labs, and AI regulatory agencies.
These actions can help key actors reduce insider threats:[2]
Context: this post summarises recent research to prevent AI algorithms from being misused by unauthorised actors. After discussing four recent case studies, common research flaws and possible solutions are mentioned.
A real-life motivating problem is how Meta's LLaMa had its parameters leaked online (Vincent, 2023), plausibly enabling actors like hackers to use the model for malicious purposes like generating phishing messages en masse. Still, advanced models could have more severe and widespread consequences if stolen, "jailbroken," or otherwise misused.
Yes, there's a lot of disagreement about policies regarding model opensourcing especially. It seems likely to me that some employees at large AI labs (Google Brain Deepmind, Meta, Microsoft Research, etc.) will always disagree with the overall policy of their organisation. This creates a higher base rate risk of insider threats.