From 9c326934a789073b2159d6591ed345e07abf3b6d Mon Sep 17 00:00:00 2001
From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Thu, 23 May 2024 07:52:56 -0400
Subject: [PATCH] docs: v2 candidate insecure design (#327)

---
 2_0_candidates/AdsDawson_InsecureDesign.md | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 2_0_candidates/AdsDawson_InsecureDesign.md

diff --git a/2_0_candidates/AdsDawson_InsecureDesign.md b/2_0_candidates/AdsDawson_InsecureDesign.md
new file mode 100644
index 00000000..aceb2a2a
--- /dev/null
+++ b/2_0_candidates/AdsDawson_InsecureDesign.md
@@ -0,0 +1,43 @@
+## Insecure Design
+
+**Author(s):** [Ads - GangGreenTemperTatum](https://github.com/GangGreenTemperTatum)
+
+### Description:
+
+Insecure Design is the result of the insufficient knowledge about AI products, while developing or utilizing applications such as hiring process, trending data,
+Government policies, Reviews based of public data, etc
+While the products are designed/developed using AI tools such as ChatGPT, bard, or bing, it is imperative to understand the below elements such as
+1. how the model is designed such as reviewing its safety standards
+https://openai.com/safety-standards
+https://openai.com/safety
+2. what is the privacy policy
+https://openai.com/policies/privacy-policy
+https://platform.openai.com/docs/models/how-we-use-your-data
+https://openai.com/policies
+3. Pros and Cons of using different Language models such as biases, reasoning with uncertainty, reward model
+
+### Common Examples of Risk:
+
+1. Example 1: Developing recruiting sites applications without the sufficient knowledge about the biases in the AI model.
+2. Example 2: Developing trending data due to data poisoning or to sway public opinion.
+3. Example 3: Lack of training to Architects/Developers about AI models.
+4. Example 4: Companies build applications exposing client data
+
+### Prevention and Mitigation Strategies:
+
+1. Prevention Step 1: Training the team on AI models
+2. Prevention Step 2: Understanding the consequences of implementing products using AI.
+3. Prevention Step 3: Secure Design by implementing all the access controls and review the risks.
+
+### Example Attack Scenarios:
+
+Scenario #1: A malicious user can take advantage of how the data is fed into the system and manipulate the outcome.
+Scenario #2: A interviewing candidate may lookup for the income and other benefits and may be directed to misleading information.
+Scenario #3: Companies may be liable to penalty fee for misusing/exposing the client data, if they didn't review the privacy policy, data retention policy listed by AI products.
+
+### Reference Links
+
+1. https://wandb.ai/ayush-thakur/Intro-RLAIF/reports/An-Introduction-to-Training-LLMs-Using-Reinforcement-Learning-From-Human-Feedback-RLHF---VmlldzozMzYyNjcy
+2. https://www.lexology.com/library/detail.aspx?g=58bc82af-3be3-49fd-b362-2365d764bf8f
+3. https://openai.com/research/scaling-laws-for-reward-model-overoptimization
+4. https://par.nsf.gov/servlets/purl/10237395
\ No newline at end of file