Securing AI model weights : preventing theft and misuse of frontier models / Sella Nevo, Dan Lahav, Ajay Karpur, Yogev Bar-On, Henry Alexander Bradley, Jeff Alstott.

Format:

Book

Author/Creator:

Nevo, Sella, author.

Lahav, Dan, author.

Karpur, Ajay, author.

Bar-On, Yogev, author.

Bradley, Henry Alexander, author.

Alstott, Jeff, author.

Contributor:

RAND Global and Emerging Risks (Program)

Rand Corporation.

Language:

English

Subjects (All):

Artificial intelligence.

Computer security.

Cybersecurity.

Machine Learning.

Science, Technology, and Innovation Policy.

Threat Assessment.

artificial intelligence.

Local Subjects:

Cybersecurity.

Machine Learning.

Science, Technology, and Innovation Policy.

Threat Assessment.

Other Title:

Securing AI Model Weights

Place of Publication:

RAND Corporation 2024

Summary:

As frontier artificial intelligence (AI) models — that is, models that match or exceed the capabilities of the most advanced models at the time of their development — become more capable, protecting them from theft and misuse will become more important. The authors of this report explore what it would take to protect model weights — the learnable parameters that encode the core intelligence of an AI — from theft by a variety of potential attackers. Specifically, the authors (1) identify 38 meaningfully distinct attack vectors, (2) explore a variety of potential attacker operational capacities, from opportunistic (often financially driven) criminals to highly resourced nation-state operations, (3) estimate the feasibility of each attack vector being executed by different categories of attackers, and (4) define five security levels and recommend preliminary benchmark security systems that roughly achieve the security levels. This report can help security teams in frontier AI organizations update their threat models and inform their security plans, as well as aid policymakers engaging with AI organizations in better understanding how to engage on security-related topics. This document was revised in June 2024 to add acknowledgments, correct formatting, and make an addition to Appendix A.