The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

Privacy and Security for Stable Diffusion and LLMs with Nicholas Carlini - #618

Feb 27, 2023

In this discussion, Nicholas Carlini, a research scientist at Google Brain known for his work at the crossroads of machine learning and computer security, dives deep into pressing issues of privacy and security in AI. He explores the vulnerabilities of large models like stable diffusion, particularly the risks of data extraction and adversarial attacks. The conversation also touches on model memorization versus generalization, revealing surprising insights on how these models handle training data. Additionally, Carlini discusses data poisoning and its implications in safeguarding model integrity.

43:11

Creator website

Episode guests

Nicholas Carlini

Highlights

AI Chapters

Episode notes

The Easiest Approach to Attacking a Machine Learning Model

01:38

Do You Know What's Definitions of Memorization?

01:44

Intro

3min

Navigating Adversarial Machine Learning Challenges

12min

Understanding Model Memorization in Large AI Systems

2min

Memorization vs. Generalization in Image Extraction

5min

Exploring Threat Models in Stable Diffusion: Black Box vs. Accessible Approaches

2min

Exploring Data Extraction in Machine Learning

9min

Navigating Data Vulnerabilities in Machine Learning

11min

Today we’re joined by Nicholas Carlini, a research scientist at Google Brain. Nicholas works at the intersection of machine learning and computer security, and his recent paper “Extracting Training Data from LLMs” has generated quite a buzz within the ML community. In our conversation, we discuss the current state of adversarial machine learning research, the dynamic of dealing with privacy issues in black box vs accessible models, what privacy attacks in vision models like diffusion models look like, and the scale of “memorization” within these models. We also explore Nicholas’ work on data poisoning, which looks to understand what happens if a bad actor can take control of a small fraction of the data that an ML model is trained on.

The complete show notes for this episode can be found at twimlai.com/go/618.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.