AI

apple-wouldn’t-let-jon-stewart-interview-ftc-chair-lina-khan,-tv-host-claims

Apple wouldn’t let Jon Stewart interview FTC Chair Lina Khan, TV host claims

The Problem with Jon Stewart —

Tech company also didn’t want a segment on Stewart’s show criticizing AI.

The Daily Show host Jon Stewart’s interview with FTC Chair Lina Khan. The conversation about Apple begins around 16: 30 in the video.

Before the cancellation of The Problem with Jon Stewart on Apple TV+, Apple forbade the inclusion of Federal Trade Commission Chair Lina Khan as a guest and steered the show away from confronting issues related to artificial intelligence, according to Jon Stewart.

This isn’t the first we’ve heard of this rift between Apple and Stewart. When the Apple TV+ show was canceled last October, reports circulated that he told his staff that creative differences over guests and topics were a factor in the decision.

The New York Times reported that both China and AI were sticking points between Apple and Stewart. Stewart confirmed the broad strokes of that narrative in a CBS Morning Show interview after it was announced that he would return to The Daily Show.

“They decided that they felt that they didn’t want me to say things that might get me into trouble,” he explained.

Stewart’s comments during his interview with Khan yesterday were the first time he’s gotten more specific publicly.

“I’ve got to tell you, I wanted to have you on a podcast, and Apple asked us not to do it—to have you. They literally said, ‘Please don’t talk to her,'” Stewart said while interviewing Khan on the April 1, 2024, episode of The Daily Show.

Khan appeared on the show to explain and evangelize the FTC’s efforts to battle corporate monopolies both in and outside the tech industry in the US and to explain the challenges the organization faces.

She became the FTC chair in 2021 and has since garnered a reputation for an aggressive and critical stance against monopolistic tendencies or practices among Big Tech companies like Amazon and Meta.

Stewart also confirmed previous reports that AI was a sensitive topic for Apple. “They wouldn’t let us do that dumb thing we did in the first act on AI,” he said, referring to the desk monologue segment that preceded the Khan interview in the episode.

The segment on AI in the first act of the episode mocked various tech executives for their utopian framing of AI and interspersed those claims with acknowledgments from many of the same leaders that AI would replace many people’s jobs. (It did not mention Apple or its leadership, though.)

Stewart and The Daily Show‘s staff also included clips of current tech leaders suggesting that workers be retrained to work with or on AI when their current roles are disrupted by it. That was followed by a montage of US political leaders promising to retrain workers after various technological and economic disruptions over the years, with the implication that those retraining efforts were rarely as successful as promised.

The segment effectively lampooned some of the doublespeak about AI, though Stewart stopped short of venturing any solutions or alternatives to the current path, so it mostly just prompted outrage and laughs.

The Daily Show host Jon Stewart’s segment criticizing tech and political leaders on the topic of AI.

Apple currently uses AI-related technologies in its software, services, and devices, but so far it has not launched anything tapping into generative AI, which is the new frontier in AI that has attracted worry, optimism, and criticism from various parties.

However, the company is expected to roll out its first generative AI features as part of iOS 18, a new operating system update for iPhones. iOS 18 will likely be detailed during Apple’s annual developer conference in June and will reach users’ devices sometime in the fall.

Listing image by Paramount

Apple wouldn’t let Jon Stewart interview FTC Chair Lina Khan, TV host claims Read More »

openai-drops-login-requirements-for-chatgpt’s-free-version

OpenAI drops login requirements for ChatGPT’s free version

free as in beer? —

ChatGPT 3.5 still falls far short of GPT-4, and other models surpassed it long ago.

A glowing OpenAI logo on a blue background.

Benj Edwards

On Monday, OpenAI announced that visitors to the ChatGPT website in some regions can now use the AI assistant without signing in. Previously, the company required that users create an account to use it, even with the free version of ChatGPT that is currently powered by the GPT-3.5 AI language model. But as we have noted in the past, GPT-3.5 is widely known to provide more inaccurate information compared to GPT-4 Turbo, available in paid versions of ChatGPT.

Since its launch in November 2022, ChatGPT has transformed over time from a tech demo to a comprehensive AI assistant, and it’s always had a free version available. The cost is free because “you’re the product,” as the old saying goes. Using ChatGPT helps OpenAI gather data that will help the company train future AI models, although free users and ChatGPT Plus subscription members can both opt out of allowing the data they input into ChatGPT to be used for AI training. (OpenAI says it never trains on inputs from ChatGPT Team and Enterprise members at all).

Opening ChatGPT to everyone could provide a frictionless on-ramp for people who might use it as a substitute for Google Search or potentially gain new customers by providing an easy way for people to use ChatGPT quickly, then offering an upsell to paid versions of the service.

“It’s core to our mission to make tools like ChatGPT broadly available so that people can experience the benefits of AI,” OpenAI says on its blog page. “For anyone that has been curious about AI’s potential but didn’t want to go through the steps to set up an account, start using ChatGPT today.”

When you visit the ChatGPT website, you're immediately presented with a chat box like this (in some regions). Screenshot captured April 1, 2024.

Enlarge / When you visit the ChatGPT website, you’re immediately presented with a chat box like this (in some regions). Screenshot captured April 1, 2024.

Benj Edwards

Since kids will also be able to use ChatGPT without an account—despite it being against the terms of service—OpenAI also says it’s introducing “additional content safeguards,” such as blocking more prompts and “generations in a wider range of categories.” What exactly that entails has not been elaborated upon by OpenAI, but we reached out to the company for comment.

There might be a few other downsides to the fully open approach. On X, AI researcher Simon Willison wrote about the potential for automated abuse as a way to get around paying for OpenAI’s services: “I wonder how their scraping prevention works? I imagine the temptation for people to abuse this as a free 3.5 API will be pretty strong.”

With fierce competition, more GPT-3.5 access may backfire

Willison also mentioned a common criticism of OpenAI (as voiced in this case by Wharton professor Ethan Mollick) that people’s ideas about what AI models can do have so far largely been influenced by GPT-3.5, which, as we mentioned, is far less capable and far more prone to making things up than the paid version of ChatGPT that uses GPT-4 Turbo.

“In every group I speak to, from business executives to scientists, including a group of very accomplished people in Silicon Valley last night, much less than 20% of the crowd has even tried a GPT-4 class model,” wrote Mollick in a tweet from early March.

With models like Google Gemini Pro 1.5 and Anthropic Claude 3 potentially surpassing OpenAI’s best proprietary model at the moment —and open weights AI models eclipsing the free version of ChatGPT—allowing people to use GPT-3.5 might not be putting OpenAI’s best foot forward. Microsoft Copilot, powered by OpenAI models, also supports a frictionless, no-login experience, but it allows access to a model based on GPT-4. But Gemini currently requires a sign-in, and Anthropic sends a login code through email.

For now, OpenAI says the login-free version of ChatGPT is not yet available to everyone, but it will be coming soon: “We’re rolling this out gradually, with the aim to make AI accessible to anyone curious about its capabilities.”

OpenAI drops login requirements for ChatGPT’s free version Read More »

openai-shows-off-sora-ai-video-generator-to-hollywood-execs

OpenAI shows off Sora AI video generator to Hollywood execs

No lights, no camera, action —

CEO Sam Altman met with Universal, Paramount, and Warner Bros Discovery.

a robotic intelligence works as a cameraman (3d rendering)

OpenAI has launched a charm offensive in Hollywood, holding meetings with major studios including Paramount, Universal, and Warner Bros Discovery to showcase its video generation technology Sora and allay fears the artificial intelligence model will harm the movie industry.

Chief Executive Sam Altman and Chief Operating Officer Brad Lightcap gave presentations to executives from the film industry giants, said multiple people with knowledge of the meetings, which took place in recent days.

Altman and Lightcap showed off Sora, a new generative AI model that can create detailed videos from simple written prompts.

The technology first gained Hollywood’s attention after OpenAI published a selection of videos produced by the model last month. The clips quickly went viral online and have led to debate over the model’s potential impact on the creative industries.

“Sora is causing enormous excitement,” said media analyst Claire Enders. “There is a sense it is going to revolutionize the making of movies and bring down the cost of production and reduce the demand for [computer-generated imagery] very strongly.”

AI-generated video of a cat and human, generated via video generation model Sora.

Those involved in the meetings said OpenAI was seeking input from the film bosses on how Sora should be rolled out. Some who watched the demonstrations said they could see how Sora or similar AI products could save time and money on production but added the technology needed further development.

OpenAI’s overtures to the studios come at a delicate moment in Hollywood. Last year’s monthslong strikes ended with the Writers Guild of America and the Screen Actors Guild securing groundbreaking protections from AI in their contracts. This year, contract negotiations are underway with the International Alliance of Theatrical Stage Employees—and AI is again expected to be a hot-button issue.

Earlier this week, OpenAI released new Sora videos generated by a number of visual artists and directors, including short films, as well as their impressions of the technology. The model will aim to compete with several available text-to-video services from start-ups, including Runway, Pika, and Stability AI. These other services already offer commercial uses for content.

An AI-generated video from Sora of a dog.

However, Sora has not been widely released. OpenAI has held off announcing a launch date or the circumstances under which it will be available. One person with knowledge of its strategy said the company was deciding how to commercialize the technology. Another person said there were safety steps still to take before the company considered putting Sora into a product.

OpenAI is also working to improve the system. Currently, Sora can only make videos under one minute in length, and its creations have limitations, such as glass bouncing off the floor instead of shattering or adding extra limbs to people and animals.

Some studios appeared open to using Sora in filmmaking or TV production in future, but licensing and partnerships have not yet been discussed, said people involved in the talks.

“There have been no meetings with OpenAI about partnerships,” one studio executive said. “They’ve done demos, just like Apple has been demo-ing the Vision Pro [mixed-reality headset]. They’re trying to get people excited.”

OpenAI has been previewing the model in a “very controlled manner” to “industries that are likely to be impacted first,” said one person close to OpenAI.

Media analyst Enders said the reception from the movie industry had been broadly optimistic on Sora as it is “seen completely as a cost-saving element, rather than impacting the creative ethos of storytelling.”

OpenAI declined to comment.

An AI-generated video from Sora of a woman walking down a Tokyo street.

© 2024 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

OpenAI shows off Sora AI video generator to Hollywood execs Read More »

playboy-image-from-1972-gets-ban-from-ieee-computer-journals

Playboy image from 1972 gets ban from IEEE computer journals

image processing —

Use of “Lenna” image in computer image processing research stretches back to the 1970s.

Playboy image from 1972 gets ban from IEEE computer journals

Aurich Lawson | Getty Image

On Wednesday, the IEEE Computer Society announced to members that, after April 1, it would no longer accept papers that include a frequently used image of a 1972 Playboy model named Lena Forsén. The so-called “Lenna image,” (Forsén added an extra “n” to her name in her Playboy appearance to aid pronunciation) has been used in image processing research since 1973 and has attracted criticism for making some women feel unwelcome in the field.

In an email from the IEEE Computer Society sent to members on Wednesday, Technical & Conference Activities Vice President Terry Benzel wrote, “IEEE’s diversity statement and supporting policies such as the IEEE Code of Ethics speak to IEEE’s commitment to promoting an including and equitable culture that welcomes all. In alignment with this culture and with respect to the wishes of the subject of the image, Lena Forsén, IEEE will no longer accept submitted papers which include the ‘Lena image.'”

An uncropped version of the 512×512-pixel test image originally appeared as the centerfold picture for the December 1972 issue of Playboy Magazine. Usage of the Lenna image in image processing began in June or July 1973 when an assistant professor named Alexander Sawchuck and a graduate student at the University of Southern California Signal and Image Processing Institute scanned a square portion of the centerfold image with a primitive drum scanner, omitting nudity present in the original image. They scanned it for a colleague’s conference paper, and after that, others began to use the image as well.

The original 512×512

The original 512×512 “Lenna” test image, which is a cropped portion of a 1972 Playboy centerfold.

The image’s use spread in other papers throughout the 1970s, 80s, and 90s, and it caught Playboy’s attention, but the company decided to overlook the copyright violations. In 1997, Playboy helped track down Forsén, who appeared at the 50th Annual Conference of the Society for Imaging Science in Technology, signing autographs for fans. “They must be so tired of me … looking at the same picture for all these years!” she said at the time. VP of new media at Playboy Eileen Kent told Wired, “We decided we should exploit this, because it is a phenomenon.”

The image, which features Forsén’s face and bare shoulder as she wears a hat with a purple feather, was reportedly ideal for testing image processing systems in the early years of digital image technology due to its high contrast and varied detail. It is also a sexually suggestive photo of an attractive woman, and its use by men in the computer field has garnered criticism over the decades, especially from female scientists and engineers who felt that the image (especially related to its association with the Playboy brand) objectified women and created an academic climate where they did not feel entirely welcome.

Due to some of this criticism, which dates back to at least 1996, the journal Nature banned the use of the Lena image in paper submissions in 2018.

The comp.compression Usenet newsgroup FAQ document claims that in 1988, a Swedish publication asked Forsén if she minded her image being used in computer science, and she was reportedly pleasantly amused. In a 2019 Wired article, Linda Kinstler wrote that Forsén did not harbor resentment about the image, but she regretted that she wasn’t paid better for it originally. “I’m really proud of that picture,” she told Kinstler at the time.

Since then, Forsén has apparently changed her mind. In 2019, Creatable and Code Like a Girl created an advertising documentary titled Losing Lena, which was part of a promotional campaign aimed at removing the Lena image from use in tech and the image processing field. In a press release for the campaign and film, Forsén is quoted as saying, “I retired from modelling a long time ago. It’s time I retired from tech, too. We can make a simple change today that creates a lasting change for tomorrow. Let’s commit to losing me.”

It seems like that commitment is now being granted. The ban in IEEE publications, which have been historically important journals for computer imaging development, will likely further set a precedent toward removing the Lenna image from common use. In his email, the IEEE’s Benzel recommended wider sensitivity about the issue, writing, “In order to raise awareness of and increase author compliance with this new policy, program committee members and reviewers should look for inclusion of this image, and if present, should ask authors to replace the Lena image with an alternative.”

Playboy image from 1972 gets ban from IEEE computer journals Read More »

nyc’s-government-chatbot-is-lying-about-city-laws-and-regulations

NYC’s government chatbot is lying about city laws and regulations

Close enough for government work? —

You can be evicted for not paying rent, despite what the “MyCity” chatbot says.

Has a government employee checked all those zeroes and ones floating above the skyline?

Enlarge / Has a government employee checked all those zeroes and ones floating above the skyline?

If you follow generative AI news at all, you’re probably familiar with LLM chatbots’ tendency to “confabulate” incorrect information while presenting that information as authoritatively true. That tendency seems poised to cause some serious problems now that a chatbot run by the New York City government is making up incorrect answers to some important questions of local law and municipal policy.

NYC’s “MyCity” ChatBot launched as a “pilot” program last October. The announcement touted the ChatBot as a way for business owners to “save … time and money by instantly providing them with actionable and trusted information from more than 2,000 NYC Business webpages and articles on topics such as compliance with codes and regulations, available business incentives, and best practices to avoid violations and fines.”

But a new report from The Markup and local nonprofit news site The City found the MyCity chatbot giving dangerously wrong information about some pretty basic city policies. To cite just one example, the bot said that NYC buildings “are not required to accept Section 8 vouchers,” when an NYC government info page says clearly that Section 8 housing subsidies are one of many lawful sources of income that landlords are required to accept without discrimination. The Markup also received incorrect information in response to chatbot queries regarding worker pay and work hour regulations, as well as industry-specific information like funeral home pricing.

Welcome news for people who think the rent is too damn high, courtesy of the MyCity chatbot.

Enlarge / Welcome news for people who think the rent is too damn high, courtesy of the MyCity chatbot.

Further testing from BlueSky user Kathryn Tewson shows the MyCity chatbot giving some dangerously wrong answers regarding the treatment of workplace whistleblowers, as well as some hilariously bad answers regarding the need to pay rent.

This is going to keep happening

The result isn’t too surprising if you dig into the token-based predictive models that power these kinds of chatbots. MyCity’s Microsoft Azure-powered chatbot uses a complex process of statistical associations across millions of tokens to essentially guess at the most likely next word in any given sequence, without any real understanding of the underlying information being conveyed.

That can cause problems when a single factual answer to a question might not be reflected precisely in the training data. In fact, The Markup said that at least one of its tests resulted in the correct answer on the same query about accepting Section 8 housing vouchers (even as “ten separate Markup staffers” got the incorrect answer when repeating the same question).

The MyCity Chatbot—which is prominently labeled as a “Beta” product—tells users who bother to read the warnings that it “may occasionally produce incorrect, harmful or biased content” and that users should “not rely on its responses as a substitute for professional advice.” But the page also states front and center that it is “trained to provide you official NYC Business information” and is being sold as a way “to help business owners navigate government.”

Andrew Rigie, executive director of the NYC Hospitality Alliance, told The Markup that he had encountered inaccuracies from the bot himself and had received reports of the same from at least one local business owner. But NYC Office of Technology and Innovation Spokesperson Leslie Brown told The Markup that the bot “has already provided thousands of people with timely, accurate answers” and that “we will continue to focus on upgrading this tool so that we can better support small businesses across the city.”

NYC Mayor Eric Adams touts the MyCity chatbot in an October announcement event.

The Markup’s report highlights the danger of governments and corporations rolling out chatbots to the public before their accuracy and reliability have been fully vetted. Last month, a court forced Air Canada to honor a fraudulent refund policy invented by a chatbot available on its website. A recent Washington Post report found that chatbots integrated into major tax preparation software provides “random, misleading, or inaccurate … answers” to many tax queries. And some crafty prompt engineers have reportedly been able to trick car dealership chatbots into accepting a “legally binding offer – no take backsies” for a $1 car.

These kinds of issues are already leading some companies away from more generalized LLM-powered chatbots and toward more specifically trained Retrieval-Augmented Generation models, which have been tuned only on a small set of relevant information. That kind of focus could become that much more important if the FTC is successful in its efforts to make chatbots liable for “false, misleading, or disparaging” information.

NYC’s government chatbot is lying about city laws and regulations Read More »

openai-holds-back-wide-release-of-voice-cloning-tech-due-to-misuse-concerns

OpenAI holds back wide release of voice-cloning tech due to misuse concerns

AI speaks letters, text-to-speech or TTS, text-to-voice, speech synthesis applications, generative Artificial Intelligence, futuristic technology in language and communication.

Voice synthesis has come a long way since 1978’s Speak & Spell toy, which once wowed people with its state-of-the-art ability to read words aloud using an electronic voice. Now, using deep-learning AI models, software can create not only realistic-sounding voices, but also convincingly imitate existing voices using small samples of audio.

Along those lines, OpenAI just announced Voice Engine, a text-to-speech AI model for creating synthetic voices based on a 15-second segment of recorded audio. It has provided audio samples of the Voice Engine in action on its website.

Once a voice is cloned, a user can input text into the Voice Engine and get an AI-generated voice result. But OpenAI is not ready to widely release its technology yet. The company initially planned to launch a pilot program for developers to sign up for the Voice Engine API earlier this month. But after more consideration about ethical implications, the company decided to scale back its ambitions for now.

“In line with our approach to AI safety and our voluntary commitments, we are choosing to preview but not widely release this technology at this time,” the company writes. “We hope this preview of Voice Engine both underscores its potential and also motivates the need to bolster societal resilience against the challenges brought by ever more convincing generative models.”

Voice cloning tech in general is not particularly new—we’ve covered several AI voice synthesis models since 2022, and the tech is active in the open source community with packages like OpenVoice and XTTSv2. But the idea that OpenAI is inching toward letting anyone use their particular brand of voice tech is notable. And in some ways, the company’s reticence to release it fully might be the bigger story.

OpenAI says that benefits of its voice technology include providing reading assistance through natural-sounding voices, enabling global reach for creators by translating content while preserving native accents, supporting non-verbal individuals with personalized speech options, and assisting patients in recovering their own voice after speech-impairing conditions.

But it also means that anyone with 15 seconds of someone’s recorded voice could effectively clone it, and that has obvious implications for potential misuse. Even if OpenAI never widely releases its Voice Engine, the ability to clone voices has already caused trouble in society through phone scams where someone imitates a loved one’s voice and election campaign robocalls featuring cloned voices from politicians like Joe Biden.

Also, researchers and reporters have shown that voice-cloning technology can be used to break into bank accounts that use voice authentication (such as Chase’s Voice ID), which prompted Sen. Sherrod Brown (D-Ohio), the chairman of the US Senate Committee on Banking, Housing, and Urban Affairs, to send a letter to the CEOs of several major banks in May 2023 to inquire about the security measures banks are taking to counteract AI-powered risks.

OpenAI holds back wide release of voice-cloning tech due to misuse concerns Read More »

biden-orders-every-us-agency-to-appoint-a-chief-ai-officer

Biden orders every US agency to appoint a chief AI officer

Mission control —

Federal agencies rush to appoint chief AI officers with “significant expertise.”

Biden orders every US agency to appoint a chief AI officer

The White House has announced the “first government-wide policy to mitigate risks of artificial intelligence (AI) and harness its benefits.” To coordinate these efforts, every federal agency must appoint a chief AI officer with “significant expertise in AI.”

Some agencies have already appointed chief AI officers, but any agency that has not must appoint a senior official over the next 60 days. If an official already appointed as a chief AI officer does not have the necessary authority to coordinate AI use in the agency, they must be granted additional authority or else a new chief AI officer must be named.

Ideal candidates, the White House recommended, might include chief information officers, chief data officers, or chief technology officers, the Office of Management and Budget (OMB) policy said.

As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting “safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition,” OMB said.

Perhaps most urgently, by December 1, the officers must correct all non-compliant AI uses in government, unless an extension of up to one year is granted.

The chief AI officers will seemingly enjoy a lot of power and oversight over how the government uses AI. It’s up to the chief AI officers to develop a plan to comply with minimum safety standards and to work with chief financial and human resource officers to develop the necessary budgets and workforces to use AI to further each agency’s mission and ensure “equitable outcomes,” OMB said. Here’s a brief summary of OMB’s ideals:

Agencies are encouraged to prioritize AI development and adoption for the public good and where the technology can be helpful in understanding and tackling large societal challenges, such as using AI to improve the accessibility of government services, reduce food insecurity, address the climate crisis, improve public health, advance equitable outcomes, protect democracy and human rights, and grow economic competitiveness in a way that benefits people across the United States.

Among the chief AI officer’s primary responsibilities is determining what AI uses might impact the safety or rights of US citizens. They’ll do this by assessing AI impacts, conducting real-world tests, independently evaluating AI, regularly evaluating risks, properly training staff, providing additional human oversight where necessary, and giving public notice of any AI use that could have a “significant impact on rights or safety,” OMB said.

OMB breaks down several AI uses that could impact safety, including controlling “safety-critical functions” within everything from emergency services to food-safety mechanisms to systems controlling nuclear reactors. Using AI to maintain election integrity could be safety-impacting, too, as could using AI to move industrial waste, control health insurance costs, or detect the “presence of dangerous weapons.”

Uses of AI presumed to be rights-impacting include censoring protected speech and a wide range of law enforcement efforts, such as predicting crimes, sketching faces, or using license plate readers to track personal vehicles in public spaces. Other rights-impacting AI uses include “risk assessments related to immigration,” “replicating a person’s likeness or voice without express consent,” or detecting students cheating.

Chief AI officers will ultimately decide if any AI use is safety- or rights-impacting and must adhere to OMB’s minimum standards for responsible AI use. Once a determination is made, the officers will “centrally track” the determinations, informing OMB of any major changes to “conditions or context in which the AI is used.” The officers will also regularly convene “a new Chief AI Officer Council to coordinate” efforts and share innovations government-wide.

As agencies advance AI uses—which the White House says is critical to “strengthen AI safety and security, protect Americans’ privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, advance American leadership around the world, and more”—chief AI officers will become the public-facing figures accountable for decisions made. In that role, the officer must consult with the public and incorporate “feedback from affected communities,” notify “negatively affected individuals” of new AI uses, and maintain options to opt-out of “AI-enabled decisions,” OMB said.

However, OMB noted that chief AI officers also have the power to waive opt-out options “if they can demonstrate that a human alternative would result in a service that is less fair (e.g., produces a disparate impact on protected classes) or if an opt-out would impose undue hardship on the agency.”

Biden orders every US agency to appoint a chief AI officer Read More »

thousands-of-servers-hacked-in-ongoing-attack-targeting-ray-ai-framework

Thousands of servers hacked in ongoing attack targeting Ray AI framework

VULNERABILITY OR FEATURE? —

Researchers say it’s the first known in-the-wild attack targeting AI workloads.

Thousands of servers hacked in ongoing attack targeting Ray AI framework

Getty Images

Thousands of servers storing AI workloads and network credentials have been hacked in an ongoing attack campaign targeting a reported vulnerability in Ray, a computing framework used by OpenAI, Uber, and Amazon.

The attacks, which have been active for at least seven months, have led to the tampering of AI models. They have also resulted in the compromise of network credentials, allowing access to internal networks and databases and tokens for accessing accounts on platforms including OpenAI, Hugging Face, Stripe, and Azure. Besides corrupting models and stealing credentials, attackers behind the campaign have installed cryptocurrency miners on compromised infrastructure, which typically provides massive amounts of computing power. Attackers have also installed reverse shells, which are text-based interfaces for remotely controlling servers.

Hitting the jackpot

“When attackers get their hands on a Ray production cluster, it is a jackpot,” researchers from Oligo, the security firm that spotted the attacks, wrote in a post. “Valuable company data plus remote code execution makes it easy to monetize attacks—all while remaining in the shadows, totally undetected (and, with static security tools, undetectable).”

Among the compromised sensitive information are AI production workloads, which allow the attackers to control or tamper with models during the training phase and, from there, corrupt the models’ integrity. Vulnerable clusters expose a central dashboard to the Internet, a configuration that allows anyone who looks for it to see a history of all commands entered to date. This history allows an intruder to quickly learn how a model works and what sensitive data it has access to.

Oligo captured screenshots that exposed sensitive private data and displayed histories indicating the clusters had been actively hacked. Compromised resources included cryptographic password hashes and credentials to internal databases and to accounts on OpenAI, Stripe, and Slack.

  • Kuberay Operator running with Administrator permissions on the Kubernetes API.

  • Password hashes accessed

  • Production database credentials

  • AI model in action: handling a query submitted by a user in real time. The model could be abused by the attacker, who could potentially modify customer requests or responses.

  • Tokens for OpenAI, Stripe, Slack, and database credentials.

  • Cluster Dashboard with Production workloads and active tasks

Ray is an open source framework for scaling AI apps, meaning allowing huge numbers of them to run at once in an efficient manner. Typically, these apps run on huge clusters of servers. Key to making all of this work is a central dashboard that provides an interface for displaying and controlling running tasks and apps. One of the programming interfaces available through the dashboard, known as the Jobs API, allows users to send a list of commands to the cluster. The commands are issued using a simple HTTP request requiring no authentication.

Last year, researchers from security firm Bishop Fox flagged the behavior as a high-severity code-execution vulnerability tracked as CVE-2023-48022.

A distributed execution framework

“In the default configuration, Ray does not enforce authentication,” wrote Berenice Flores Garcia, a senior security consultant at Bishop Fox. “As a result, attackers may freely submit jobs, delete existing jobs, retrieve sensitive information, and exploit the other vulnerabilities described in this advisory.”

Anyscale, the developer and maintainer of Ray, responded by disputing the vulnerability. Anyscale officials said they have always held out Ray as framework for remotely executing code and as a result, have long advised it should be properly segmented inside a properly secured network.

“Due to Ray’s nature as a distributed execution framework, Ray’s security boundary is outside of the Ray cluster,” Anyscale officials wrote. “That is why we emphasize that you must prevent access to your Ray cluster from untrusted machines (e.g., the public Internet).”

The Anyscale response said the reported behavior in the jobs API wasn’t a vulnerability and wouldn’t be addressed in a near-term update. The company went on to say it would eventually introduce a change that would enforce authentication in the API. It explained:

We have considered very seriously whether or not something like that would be a good idea, and to date have not implemented it for fear that our users would put too much trust into a mechanism that might end up providing the facade of security without properly securing their clusters in the way they imagined.

That said, we recognize that reasonable minds can differ on this issue, and consequently have decided that, while we still do not believe that an organization should rely on isolation controls within Ray like authentication, there can be value in certain contexts in furtherance of a defense-in-depth strategy, and so we will implement this as a new feature in a future release.

Critics of the Anyscale response have noted that repositories for streamlining the deployment of Ray in cloud environments bind the dashboard to 0.0.0.0, an address used to designate all network interfaces and to designate port forwarding on the same address. One such beginner boilerplate is available on the Anyscale website itself. Another example of a publicly available vulnerable setup is here.

Critics also note Anyscale’s contention that the reported behavior isn’t a vulnerability has prevented many security tools from flagging attacks.

An Anyscale representative said in an email the company plans to publish a script that will allow users to easily verify whether their Ray instances are exposed to the Internet or not.

The ongoing attacks underscore the importance of properly configuring Ray. In the links provided above, Oligo and Anyscale list practices that are essential to locking down clusters. Oligo also provided a list of indicators Ray users can use to determine if their instances have been compromised.

Thousands of servers hacked in ongoing attack targeting Ray AI framework Read More »

intel,-microsoft-discuss-plans-to-run-copilot-locally-on-pcs-instead-of-in-the-cloud

Intel, Microsoft discuss plans to run Copilot locally on PCs instead of in the cloud

the ai pc —

Companies are trying to make the “AI PC” happen with new silicon and software.

The basic requirements for an AI PC, at least when it's running Windows.

Enlarge / The basic requirements for an AI PC, at least when it’s running Windows.

Intel

Microsoft said in January that 2024 would be the year of the “AI PC,” and we know that AI PCs will include a few hardware components that most Windows systems currently do not include—namely, a built-in neural processing unit (NPU) and Microsoft’s new Copilot key for keyboards. But so far we haven’t heard a whole lot about what a so-called AI PC will actually do for users.

Microsoft and Intel are starting to talk about a few details as part of an announcement from Intel about a new AI PC developer program that will encourage software developers to leverage local hardware to build AI features into their apps.

The main news comes from Tom’s Hardware, confirming that AI PCs would be able to run “more elements of Copilot,” Microsoft’s AI chatbot assistant, “locally on the client.” Currently, Copilot relies on server-side processing even for small requests, introducing lag that is tolerable if you’re making a broad request for information but less so if all you want to do is change a setting or get basic answers. Running generative AI models locally could also improve user privacy, making it possible to take advantage of AI-infused software without automatically sending information to a company that will use it for further model training.

Right now, Windows doesn’t use local NPUs for much, since most current PCs don’t have them. The Surface Studio webcam features can use NPUs for power-efficient video effects and background replacement, but as of this writing that’s pretty much it. Apple’s and Google’s operating systems both use NPUs for a wider swatch of image and audio processing features, including facial recognition and object recognition, OCR, live transcription and translation, and more.

Intel also said that Microsoft would require NPUs in “next-gen AI PCs” to hit speeds of 40 trillion operations per second (TOPS) to meet its requirements. Intel, AMD, Qualcomm, and others sometimes use TOPS as a high-level performance metric when comparing their NPUs; Intel’s Meteor Lake laptop chips can run 10 TOPS, while AMD’s Ryzen 7040 and 8040 laptop chips hit 10 TOPS and 16 TOPS, respectively.

Unfortunately for Intel, the first company to put out an NPU suitable for powering Copilot locally may come from Qualcomm. The company’s upcoming Snapdragon X processors, long seen as the Windows ecosystem’s answer to Apple’s M-series Mac chips, promise up to 45 TOPS. Rumors suggest that Microsoft will shift the consumer version of its Surface tablet to Qualcomm’s chips after a few years of offering both Intel and Qualcomm options; Microsoft announced a Surface Pro update with Intel’s Meteor Lake chips last week but is only selling it to businesses.

Asus and Intel are offering a NUC with a Meteor Lake CPU and its built-in NPU as an AI development platform.

Enlarge / Asus and Intel are offering a NUC with a Meteor Lake CPU and its built-in NPU as an AI development platform.

Intel

All of that said, TOPS are just one simplified performance metric. As when using FLOPS to compare graphics performance, it’s imprecise and won’t capture variations in how each NPU handles different tasks. And the Arm version of Windows still has software and hardware compatibility issues that could continue to hold it back.

As part of its developer program, Intel is also offering an “AI PC development kit” centered on an Asus NUC Pro 14, a mini PC built around Intel’s Meteor Lake silicon. Intel formally stopped making its NUC mini PCs last year, passing the brand and all of its designs off to Asus. Asus is also handling all remaining warranty service and software support for older NUCs designed and sold by Intel. The NUC Pro 14 is one of the first new NUCs announced since the transition, along with the ROG NUC mini gaming PC.

Intel, Microsoft discuss plans to run Copilot locally on PCs instead of in the cloud Read More »

wwdc-2024-starts-on-june-10-with-announcements-about-ios-18-and-beyond

WWDC 2024 starts on June 10 with announcements about iOS 18 and beyond

WWDC —

Speculation is rampant that Apple will make its first big moves in generative AI.

A colorful logo that says

Enlarge / The logo for WWDC24.

Apple

Apple has announced dates for this year’s Worldwide Developers Conference (WWDC). WWDC24 will run from June 10 through June 14 at the company’s Cupertino, California, headquarters, but everything will be streamed online.

Apple posted about the event with the following generic copy:

Join us online for the biggest developer event of the year. Be there for the unveiling of the latest Apple platforms, technologies, and tools. Learn how to create and elevate your apps and games. Engage with Apple designers and engineers and connect with the worldwide developer community. All online and at no cost.

As always, the conference will kick off with a keynote presentation on the first day, which is Monday, June 10. You can be sure Apple will use that event to at least announce the key features of its next round of annual software updates for iOS, iPadOS, macOS, watchOS, visionOS, and tvOS.

We could also see new hardware—it doesn’t happen every year, but it has of late. We don’t yet know exactly what that hardware might be, though.

Much of the speculation among analysts and commentators concerns Apple’s first move into generative AI. There have been reports that Apple may work with a partner like Google to include a chatbot in its operating system, that it has been considering designing its own AI tools, or that it could offer an AI App Store, giving users a choice between many chatbots.

Whatever the case, Apple is playing catch-up with some of its competitors in generative AI and large language models even though it has been using other applications of AI across its products for a couple of years now. The company’s leadership will probably talk about it during the keynote.

After the keynote, Apple usually hosts a “Platforms State of the Union” talk that delves deeper into its upcoming software updates, followed by hours of developer-focused sessions detailing how to take advantage of newly planned features in third-party apps.

WWDC 2024 starts on June 10 with announcements about iOS 18 and beyond Read More »

world’s-first-global-ai-resolution-unanimously-adopted-by-united-nations

World’s first global AI resolution unanimously adopted by United Nations

We hold these seeds to be self-evident —

Nonbinding agreement seeks to protect personal data and safeguard human rights.

The United Nations building in New York.

Enlarge / The United Nations building in New York.

On Thursday, the United Nations General Assembly unanimously consented to adopt what some call the first global resolution on AI, reports Reuters. The resolution aims to foster the protection of personal data, enhance privacy policies, ensure close monitoring of AI for potential risks, and uphold human rights. It emerged from a proposal by the United States and received backing from China and 121 other countries.

Being a nonbinding agreement and thus effectively toothless, the resolution seems broadly popular in the AI industry. On X, Microsoft Vice Chair and President Brad Smith wrote, “We fully support the @UN’s adoption of the comprehensive AI resolution. The consensus reached today marks a critical step towards establishing international guardrails for the ethical and sustainable development of AI, ensuring this technology serves the needs of everyone.”

The resolution, titled “Seizing the opportunities of safe, secure and trustworthy artificial intelligence systems for sustainable development,” resulted from three months of negotiation, and the stakeholders involved seem pleased at the level of international cooperation. “We’re sailing in choppy waters with the fast-changing technology, which means that it’s more important than ever to steer by the light of our values,” one senior US administration official told Reuters, highlighting the significance of this “first-ever truly global consensus document on AI.”

In the UN, adoption by consensus means that all members agree to adopt the resolution without a vote. “Consensus is reached when all Member States agree on a text, but it does not mean that they all agree on every element of a draft document,” writes the UN in a FAQ found online. “They can agree to adopt a draft resolution without a vote, but still have reservations about certain parts of the text.”

The initiative joins a series of efforts by governments worldwide to influence the trajectory of AI development following the launch of ChatGPT and GPT-4, and the enormous hype raised by certain members of the tech industry in a public worldwide campaign waged last year. Critics fear that AI may undermine democratic processes, amplify fraudulent activities, or contribute to significant job displacement, among other issues. The resolution seeks to address the dangers associated with the irresponsible or malicious application of AI systems, which the UN says could jeopardize human rights and fundamental freedoms.

Resistance from nations such as Russia and China was anticipated, and US officials acknowledged the presence of “lots of heated conversations” during the negotiation process, according to Reuters. However, they also emphasized successful engagement with these countries and others typically at odds with the US on various issues, agreeing on a draft resolution that sought to maintain a delicate balance between promoting development and safeguarding human rights.

The new UN agreement may be the first “global” agreement, in the sense of having the participation of every UN country, but it wasn’t the first multi-state international AI agreement. That honor seems to fall to the Bletchley Declaration signed in November by the 28 nations attending the UK’s first AI Summit.

Also in November, the US, Britain, and other nations unveiled an agreement focusing on the creation of AI systems that are “secure by design” to protect against misuse by rogue actors. Europe is slowly moving forward with provisional agreements to regulate AI and is close to implementing the world’s first comprehensive AI regulations. Meanwhile, the US government still lacks consensus on legislative action related to AI regulation, with the Biden administration advocating for measures to mitigate AI risks while enhancing national security.

World’s first global AI resolution unanimously adopted by United Nations Read More »

nvidia-announces-“moonshot”-to-create-embodied-human-level-ai-in-robot-form

Nvidia announces “moonshot” to create embodied human-level AI in robot form

Here come the robots —

As companies race to pair AI with general-purpose humanoid robots, Nvidia’s GR00T emerges.

An illustration of a humanoid robot created by Nvidia.

Enlarge / An illustration of a humanoid robot created by Nvidia.

Nvidia

In sci-fi films, the rise of humanlike artificial intelligence often comes hand in hand with a physical platform, such as an android or robot. While the most advanced AI language models so far seem mostly like disembodied voices echoing from an anonymous data center, they might not remain that way for long. Some companies like Google, Figure, Microsoft, Tesla, Boston Dynamics, and others are working toward giving AI models a body. This is called “embodiment,” and AI chipmaker Nvidia wants to accelerate the process.

“Building foundation models for general humanoid robots is one of the most exciting problems to solve in AI today,” said Nvidia CEO Jensen Huang in a statement. Huang spent a portion of Nvidia’s annual GTC conference keynote on Monday going over Nvidia’s robotics efforts. “The next generation of robotics will likely be humanoid robotics,” Huang said. “We now have the necessary technology to imagine generalized human robotics.”

To that end, Nvidia announced Project GR00T, a general-purpose foundation model for humanoid robots. As a type of AI model itself, Nvidia hopes GR00T (which stands for “Generalist Robot 00 Technology” but sounds a lot like a famous Marvel character) will serve as an AI mind for robots, enabling them to learn skills and solve various tasks on the fly. In a tweet, Nvidia researcher Linxi “Jim” Fan called the project “our moonshot to solve embodied AGI in the physical world.”

AGI, or artificial general intelligence, is a poorly defined term that usually refers to hypothetical human-level AI (or beyond) that can learn any task a human could without specialized training. Given a capable enough humanoid body driven by AGI, one could imagine fully autonomous robotic assistants or workers. Of course, some experts think that true AGI is long way off, so it’s possible that Nvidia’s goal is more aspirational than realistic. But that’s also what makes Nvidia’s plan a moonshot.

NVIDIA Robotics: A Journey From AVs to Humanoids.

“The GR00T model will enable a robot to understand multimodal instructions, such as language, video, and demonstration, and perform a variety of useful tasks,” wrote Fan on X. “We are collaborating with many leading humanoid companies around the world, so that GR00T may transfer across embodiments and help the ecosystem thrive.” We reached out to Nvidia researchers, including Fan, for comment but did not hear back by press time.

Nvidia is designing GR00T to understand natural language and emulate human movements, potentially allowing robots to learn coordination, dexterity, and other skills necessary for navigating and interacting with the real world like a person. And as it turns out, Nvidia says that making robots shaped like humans might be the key to creating functional robot assistants.

The humanoid key

Robotics startup figure, an Nvidia partner, recently showed off its humanoid

Enlarge / Robotics startup figure, an Nvidia partner, recently showed off its humanoid “Figure 01” robot.

Figure

So far, we’ve seen plenty of robotics platforms that aren’t human-shaped, including robot vacuum cleaners, autonomous weed pullers, industrial units used in automobile manufacturing, and even research arms that can fold laundry. So why focus on imitating the human form? “In a way, human robotics is likely easier,” said Huang in his GTC keynote. “And the reason for that is because we have a lot more imitation training data that we can provide robots, because we are constructed in a very similar way.”

That means that researchers can feed samples of training data captured from human movement into AI models that control robot movement, teaching them how to better move and balance themselves. Also, humanoid robots are particularly convenient because they can fit anywhere a person can, and we’ve designed a world of physical objects and interfaces (such as tools, furniture, stairs, and appliances) to be used or manipulated by the human form.

Along with GR00T, Nvidia also debuted a new computer platform called Jetson Thor, based on NVIDIA’s Thor system-on-a-chip (SoC), as part of the new Blackwell GPU architecture, which it hopes will power this new generation of humanoid robots. The SoC reportedly includes a transformer engine capable of 800 teraflops of 8-bit floating point AI computation for running models like GR00T.

Nvidia announces “moonshot” to create embodied human-level AI in robot form Read More »