-
-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: v2 candidate insecure design (#327)
- Loading branch information
1 parent
afae581
commit 9c32693
Showing
1 changed file
with
43 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| ## Insecure Design | ||
|
|
||
| **Author(s):** [Ads - GangGreenTemperTatum](https://github.com/GangGreenTemperTatum) | ||
|
|
||
| ### Description: | ||
|
|
||
| Insecure Design is the result of the insufficient knowledge about AI products, while developing or utilizing applications such as hiring process, trending data, | ||
| Government policies, Reviews based of public data, etc | ||
| While the products are designed/developed using AI tools such as ChatGPT, bard, or bing, it is imperative to understand the below elements such as | ||
| 1. how the model is designed such as reviewing its safety standards | ||
| https://openai.com/safety-standards | ||
| https://openai.com/safety | ||
| 2. what is the privacy policy | ||
| https://openai.com/policies/privacy-policy | ||
| https://platform.openai.com/docs/models/how-we-use-your-data | ||
| https://openai.com/policies | ||
| 3. Pros and Cons of using different Language models such as biases, reasoning with uncertainty, reward model | ||
|
|
||
| ### Common Examples of Risk: | ||
|
|
||
| 1. Example 1: Developing recruiting sites applications without the sufficient knowledge about the biases in the AI model. | ||
| 2. Example 2: Developing trending data due to data poisoning or to sway public opinion. | ||
| 3. Example 3: Lack of training to Architects/Developers about AI models. | ||
| 4. Example 4: Companies build applications exposing client data | ||
|
|
||
| ### Prevention and Mitigation Strategies: | ||
|
|
||
| 1. Prevention Step 1: Training the team on AI models | ||
| 2. Prevention Step 2: Understanding the consequences of implementing products using AI. | ||
| 3. Prevention Step 3: Secure Design by implementing all the access controls and review the risks. | ||
|
|
||
| ### Example Attack Scenarios: | ||
|
|
||
| Scenario #1: A malicious user can take advantage of how the data is fed into the system and manipulate the outcome. | ||
| Scenario #2: A interviewing candidate may lookup for the income and other benefits and may be directed to misleading information. | ||
| Scenario #3: Companies may be liable to penalty fee for misusing/exposing the client data, if they didn't review the privacy policy, data retention policy listed by AI products. | ||
|
|
||
| ### Reference Links | ||
|
|
||
| 1. https://wandb.ai/ayush-thakur/Intro-RLAIF/reports/An-Introduction-to-Training-LLMs-Using-Reinforcement-Learning-From-Human-Feedback-RLHF---VmlldzozMzYyNjcy | ||
| 2. https://www.lexology.com/library/detail.aspx?g=58bc82af-3be3-49fd-b362-2365d764bf8f | ||
| 3. https://openai.com/research/scaling-laws-for-reward-model-overoptimization | ||
| 4. https://par.nsf.gov/servlets/purl/10237395 |