Machine Learning Infrastructure: A Security Crisis

"Computational systems have literally millions of physical and conceptual components, and around 98% of them are embedded into your infrastructure without you ever having heard of them. And an inordinate amount of them can lead to a catastrophic failure of your security assumptions. And because of this, the Iranian secret nuclear programme failed to prevent a breach, most US agencies failed to prevent multiple breaches, most US national security agencies failed to prevent breaches. So ensuring your system is truly secure against highly resourced and dedicated attackers is really, really hard." —Sella Nevo

In today’s episode, host Luisa Rodriguez speaks to Sella Nevo — director of the Meselson Center at RAND — about his team’s latest report on how to protect the model weights of frontier AI models from actors who might want to steal them.

Links to learn more, highlights, and full transcript.

They cover:

• Real-world examples of sophisticated security breaches, and what we can learn from them.
• Why AI model weights might be such a high-value target for adversaries like hackers, rogue states, and other bad actors.
• The many ways that model weights could be stolen, from using human insiders to sophisticated supply chain hacks.
• The current best practices in cybersecurity, and why they may not be enough to keep bad actors away.
• New security measures that Sella hopes can mitigate with the growing risks.
• Sella’s work using machine learning for flood forecasting, which has significantly reduced injuries and costs from floods across Africa and Asia.
• And plenty more.

Also, RAND is currently hiring for roles in technical and policy information security — check them out if you're interested in this field! 

Chapters:

• Cold open (00:00:00)
• Luisa’s intro (00:00:56)
• The interview begins (00:02:30)
• The importance of securing the model weights of frontier AI models (00:03:01)
• The most sophisticated and surprising security breaches (00:10:22)
• AI models being leaked (00:25:52)
• Researching for the RAND report (00:30:11)
• Who tries to steal model weights? (00:32:21)
• Malicious code and exploiting zero-days (00:42:06)
• Human insiders (00:53:20)
• Side-channel attacks (01:04:11)
• Getting access to air-gapped networks (01:10:52)
• Model extraction (01:19:47)
• Reducing and hardening authorised access (01:38:52)
• Confidential computing (01:48:05)
• Red-teaming and security testing (01:53:42)
• Careers in information security (01:59:54)
• Sella’s work on flood forecasting systems (02:01:57)
• Luisa’s outro (02:04:51)

Producer and editor: Keiran Harris
Audio engineering team: Ben Cordell, Simon Monsour, Milo McGuire, and Dominic Armstrong
Additional content editing: Katy Moore and Luisa Rodriguez
Transcriptions: Katy Moore