 So I'm gonna go be and myself have been working with Kate and a team of about 10 to 12 individuals Around it for the last year trying to figure out how we could document the fields that you need for AI and Datasets so data sets are you have to train your AI before you even launch it So there's two types of data sets that are involved with AI being your training data set and your Production data set and we'll talk a little bit about that But how I got involved in this Kate and I worked many many years ago at IBM. I've been with Nith Nith's IEEE and ISO for quite a few years now defining the standards that we need to put in place around AI So I approached Kate because I wanted to put into the all the standards that we're writing and I triple E How you could use S-bombs to document your AI so that you could get conformance or Vulnerability associated with your AI applications because I'm sure you've seen the press out there a lot of AI Applications, it's a little bit of the Wild Wild West They're defining their own License scenes that are all over the map and there needs to be a lot more control and Ability to audit a piece of software And no sort of where the vulnerabilities are so S-bombs seemed like a perfect Solution that we can start to refer to You know an S-bomb in in these standards that are coming out in you know as we speak One of the things when I you know many of us got together We came up with a huge list of all the fields that should be in an S-bomb but it's not something that people are going to be able to understand overnight because AI applications, I actually just heard they're not static So they're dynamic and the whole behavior of an AI application can change The data is constantly changing and there needs to there's a new sort of phase associated with developers That they need to be monitoring the software and understand if it's it's changed and adapt So it is bringing a new set of challenges to tool writers Because you're we the data itself As well as the app can change as it's in production and there isn't a release type cycle anymore It's out there. It lives Hopefully some of these developers are gonna put a Some kind of a time bomb in it like an expiry date, but that isn't necessarily true right now They they're just going They have to be pulled from the production versus sort of a new release but anyway, so one of the things that we did with Gopi and Gene camp from University of Illinois, I think it is We did an exercise of doing card sorting and figuring out what fields from this long list that we came up with Would be a good target list for 3.0 So we'll go through that in a bit we've been you know at Ireland and Japan And a number of conferences trying to talk up AI and data sets and get a good feel for what needed to go Into the first release so with that I Want to point out a few things like spdx is is Part of our ecosystem now, but there are other things called data cards that Google Model cards sorry model cards Google With the software that they build they build these Somebody like chat GDP has got a model card So some of the industry partners have actually started to document fields that really should be in the S-bomb there needs to be a Generic place where you go for the fields not a company owned sort of module IBM has their fact-checking cards. I forget who has data cards, but there's a long list of sort of Industries out there that are documenting their metadata and then there is a set of Incident reports vulnerabilities that are getting documented out there the one that myself I like to use is the one that the partnership in AI is creating, which is the AI ID and the AI Vd But it very similar to open source There was an incident This week, I guess last week if I don't know how many folks have played around with chat GDP but chat GDP can generate code now or it has been for a while and There's an incident report that just got reported where chat GDP was creating cyber security code malicious malware But what has come out and it's now in the incident report. It's actually related to an open source Library that is gotten a problem in it. So again similar to what S-bombs have been doing for traditional Software that will be an advantage in a tool for AI but again AI right now is primarily I mean open source is growing. I will say that But it is like Microsoft Google even IEEE have a vulnerability Database that goes with it So you have to go many places to find out all the security problems with your software right now So having a tool that maybe scanned all of these and and we have one, you know Solution would be a good thing but tools to me are important Extremely important with these AI applications because they're becoming so complex and so large And then as I say the standards. There's so many standards out there. I think You know last count. There's like 1200 standards associated with AI so understanding sort of all the issues and what is a problem I will point out with the incident reports though. It's not just cyber security So an incident report in the AI space can be a cyber security one An ethical one like you have bias in the data and I don't know if folks some of the automated car autopilot Autopilot Models actually have not been well trained with the diverse set of data and hence The airs come they hit people they kill people So again, that isn't in that is in the incident report so With that one other observation that as tool writers people need to be aware of More and more of the AI in the past probably the you know the last ten years that I've been building It's been proprietary primarily But there's a new concept called LLMs Chat GDP is one of those categories, but it's now becoming a building block So other software is going to be built on top of that. So Understanding again your vulnerabilities within a building block is going to be crucial So here's the long list that we came up and it was even longer of all the different things than an S-bomb Hopefully, you know five years from now will include but we're gonna start with a shorter list We went through a sorting exercise to figure out by using, you know Surveys and and talking to people at different things to come up with the shorter list There's the incident a database that I mentioned That we all should become very familiar with and ideally for I come from a tools background By the way, I was with red hat for a lot of years and IBM But it really this incident report is bigger than what is currently Captured for cyber security issues it actually catch captures like transparency You know black box type things bias Etc in the incident report that go into these so it is far bigger than what traditional software captures for this That's an example of an incident report So a couple of use cases Actually, I was on a call just recently and somebody pointed out there are a number of types of Models and database you have your traditional close or open-source ones I will point out that actually in the last 24 hours. I note from Google Just got leaked to say that Chat or gpt for All J is an open-source Model that has been circulating and it is actually the Google Donuts or email to the the AI team within in their group. It's actually better than Bart Which is their you know proprietary model that they were coming out with and what then note said was We really have to start watching open-source Because they're actually jumping farther ahead than some of the industry So that's cool to see But we do need to figure out how people have to document these models and data sources And then you have you in the bottom right I think that's your closed source so something like You know, I don't know Tesla's autopilot model is closed. Nobody can see sort of the innards of it, but There are two different flavors of whether your code is closed or your Model is closed so you can have a combination of one of them is being open and one of them is being closed So we're gonna have to bring that concept into our S-bombs as we go forward Again These are just types of cyber security issues that we're seeing and With the mobile so in 2.3 We actually worked with Kate and T the spdx team to get the core Things that an AI application would need So they're actually already there some of them got reworded to Build time etc. Etc. But they're already in 2.3. So as an AI developer, I can start to build S-bombs but where it gets fun and interesting is The new ones that are coming into 3.0 and those are things like With an AI application you have this concept of hyper parameters Chat GDP in particular. I think has three billion Hyperparameter options that you can do So again the scale associated with AI Applications and what gets documented in an S-bomb is something that would love to get more feedback on The other one that got added There's something so you have to preprocess your data before you put it into an AI bomb application or a model application So you have to cleanse your data So there's now a field to document, you know all the different techniques that you use to Get your data ready for an AI application The next one is the model explainability aspect and again Model cards have this in their fields and we felt it was needed for an S-bomb So a couple of examples So one of the things I've been doing is to see if The information is actually out there that people could grab And then as looking at an S-bomb would I be able to audit come in and audit that software and be able to say It's got a high-risk low risk, etc And so this one is a World data set that has all the finances in the interest rates, etc, etc It's an open source. At least it's the Canadian version of this is open source I'm not sure all around the world it is But you can see right now that I've filled in Sort of what are some of the core components that would go into an S-bomb, but There's a very very little information about build time release time, etc And to me or in ISO or IEEE standards term It means the transparency of this Dataset is not very it's low So if I'm going to be using this data set, that's a flag to me that there, you know, maybe maybe I shouldn't use it But again, it's just to get a feel for how an S-bomb could be used Again some of the new data set fields that we have is, you know, how did you collect your data? so again going back to the the chat GDP example they have Just taken every day data that's publicly available in on the internet So they would have to flag that that's how how there you got their data in the S-bomb It would have to indicate the size. I did some work with GM and they gave me two billion rows of data For everything that you would want to know about a car and its performance, etc. So again, they would fill in that information Again, I currently working in I IEEE in their I Guess it's biometrics type standards And so with all of this there's data noise So you have to be able to know it. You also need to know sensors the hardware that's actually tied to your AI application You need to understand your known biases sense sensitivity of your personal data Anonymous anonymous methods Confidential level so how confident you're going to have to Define That your predictions of your AI are going to work or not and then the data availability whether it's public private, etc So those are some of the new fields coming in 3.0 And that will start to see propagated Really nobody that I have been able to find that Builds AI applications currently is building S-bombs. So this will also be an awareness and try and get people Doing this activity Again using the data set So I took a look at GPT-3 which is a model that is what chat GDP uses and With the new Data fields that we're proposing all of them are read because They're not in the model card. They're not in any of their documentation. They're not in any of their white papers So again me being an auditor at IEEE. I would look at that and say oh my god I it's too risky in no way am I going to use that code Again, we talked about the the world data set There's a little bit more on the GPT-3 example One thing that we're going to have to start working with the license folks is there's new Licenses associated with models like open AI So if you're not familiar with chat GPT-P You use an API to get at this stuff But Microsoft owns all the rights behind the scenes to this and it's documented in this license So whether it's a custom license, I'm not sure or one with exception But this is something that we're going to have to get clear as we're documenting AI discussions again within the AI world There's a lot about how you train your data. What are the biases of your data? That need to be defined in the S-bomb and then we're still as I say, there's a ton of Sort of more models and more exposure again AI itself is is relatively complex and To be able to do an S-bomb for an AI or or the data itself will Will need more sort of fine-tuning But I will flag because I think some folks believe that AI and data are tied together and could be defined but as things are happening out there people are Using data for multiple models and the same thing models use multiple different data sets So we have to separate them and package them separate So that as they roll out and start to get used by other folks that they Are able to know That that want one component by itself and all the vulnerabilities so again, I don't know if there's any questions, but I wanted to just expose that AI is different, so I you know I come from a compiler traditional Traditional code, but this It changes as life goes on and and so we're gonna have to figure out how we're gonna document that in an S-bomb So my question is about so in any large-scale language model, right or any AI model you have an algorithm that does Continuous learning, but it does learning based on certain data set So how do we account for when we find a data set was poison-ocrupted? And you want to take it out in an S-bomb format So you you need to carry the information about data used So you can the word back and take out the anomaly Right, so it that's a challenge Yes The problem is as a developer Knowing sort of when you take it back. It typically right now is being triggered by a pretty serious vulnerability out there I think folks, you know Tesla the cars etc went sort of a Bad accident happens. They're pulling it off the market and and like autopilot right now I think is off the market or the version that was out there We need a simpler way my my self ice was with a startup company where we actually as Software or AI models were being produced out in the the law of the world We have a monitoring system and if any of the metrics Go awry like, you know, some of these chatbots go, you know bias or whatever the words you want to use We then a signal to a developer that that should be considered to be actually pulled off the market So it's really this lifelong learning and monitoring that is crucial for AI applications. Do you want to add? Also Data set profile field has a few fields called known biases So as as they get documented and depending on if you want to use that particular AI system for your Purpose it lets you it helps guide your decision and as things keep getting locked there You have a way of ascertaining if that's something that's going to affect you or not For instance, if you want to use a model that was trained on data set that has Not seen enough demography, which is a known bias there then you can decide not to use it and a lot of fields in there will help The idea is to get those data in there so that it helps you guide the decisions both Before putting it into your system and as you continue to use the system Shall we take the picture I think we're getting our picture take it now