"Are you running the AI that you thought you were running, or a rip-off clone that will sneakily insert adverts for Acme, your one-stop-shop for roadrunner-related explosives, traps, and fake walls, into 1% of outputs? Here's how you can be sure."
(your case is not the direct point, but the measures are a part of strengthening the supply chain[1]. Other application include strengthening privacy [2])
Verifiability measures are designed to transform privacy and security promises from mere assurances into independently checkable, technical guarantees. _Generally achieving_: verification of claims (from governance/regulation, to model provenance), cryptographic attestation ensuring code integrity, enforceable transparency through append-only logs and tooling, no blind trust-but verifiable trust, a structured environment for ongoing scrutiny and improvement.
[1] https://www.rand.org/pubs/research_reports/RRA2849-1.html
You don't want to accidentally use part of a biased social media chat LLM to summarize legislation or estimate results of a business plan.
> Blah blah, AI is the future, trust it, crypto, governance, auditing, safer AI.
> Verifiable Compute is a new AI framework that uses hardware-based crypto to verify AI models and data. It lets companies audit and control their AI systems to make them more secure and compliant. Intel and Nvidia are supporting it.
Wonder what happens if that fails.
"Sigstore’s public signing ledgers form the foundation of trust for SLSA provenance" - https://storage.googleapis.com/gweb-research2023-media/pubto...
This doesn't end well. It's censorship on the user's machine. There will have to be multiple versions for different markets.
- MAGA (US red states)
- Woke (US blue states)
- Xi Thought (China)
- Monarchy criticism lockout (Thailand)
- Promotion of the gay lifestyle lockout (Russia)
Think SSH keys, not DRM. SSH lets you verify you're talking to the right server without restricting which servers exist. Similarly, VC lets you verify properties of AI models (like training data lineage or inference characteristics) without restricting which models can run.
The regional censorship concern isn't relevant here since VC doesn't enable content restriction. It's a mathematical verification tool, not an enforcement mechanism.
> It's a mathematical verification tool, not an enforcement mechanism.
enforcement comes from the rubber hose. The maths is what makes the enforcement possible.
Unless you are able to prevent attestations from being made with your machine (presumably against your will).
This is true. But this is an ability of the hardware owners. Intel and NVIDIA are not setting the rules - and there is a real commitment to that because its open source.
It's also confidential. Data, code, rules, ... all of these are processed together in secure enclaves. It's up to the hardware owner/users to determine that processing and to stamp/verify what they want.
"How can we ensure that the system enforces the rules that I want"
Also, bold claim: silicon fabrication scarcity is artificial and will be remedied shortly after Taiwan is invaded by China and the world suddenly realizes it needs to (and can profit from) acquiring this capability. Regulatory approaches based on hardware factors will probably fail in the face of global competition on compute hardware.
ref:
https://openai.com/index/reimagining-secure-infrastructure-f...
This is like saying the speedometer on a car prevents speeding.
Regardless it’s about a trusted observation - in your metaphor to help you prove in court that you weren’t actually speeding.
Apple deploys verifiable compute in Private Cloud to ensure transparency as a measure of trust, and surely as a method of prevention whether a direct method or not (depends on how they utilize verifiability measures as execution gates or not).
Similarly the tax authorities will be able to say why they chose to audit you.
The university will be able to say why you were or weren’t admitted.
