Keynotes
Experiences deploying an adversarial ML tool at scale
Ben Zhao, University of Chicago
Abstract: Generative AI has transformed our society in many ways, including significant harms to human creatives in many fields through its misuse. It has been more than a year since the first release of Glaze in March 2023, an adversarial tool designed to provide protection to individual artists against style mimicry attacks commoditized by platforms such as civitai. Since its release, Glaze has been downloaded more than 2.6 million times by artists around the globe. In this talk, I will describe some of the challenges we faced deploying tools like Glaze, and lessons along the way. I will highlight incorrect assumptions about threat models and user priorities, and discuss current and future plans to protect human creatives in a variety of modalities.
Bio: Ben Zhao is Neubauer Professor of Computer Science at University of Chicago. He completed his Ph.D. at U.C. Berkeley (2004), and B.S. from Yale (1997). He is a Fellow of the ACM, and a recipient of the NSF CAREER award, MIT Technology Review's TR-35 Award (Young Innovators Under 35), USENIX Internet Defense Prize, ComputerWorld Magazine's Top 40 Technology Innovators award, IEEE ITC Early Career Award, and Faculty awards from Google, Amazon, and Facebook. His work has been covered by many media outlets including New York Times, CNN, NBC, ABC, BBC, MIT Tech Review, Wall Street Journal, Forbes, and New Scientist. His current research focuses on mitigating the harms of misused AI. He has published over 190 articles in areas of security and privacy, machine learning, networking, and HCI. He served as TPC (co-)chair for the World Wide Web conference (WWW 2016) and ACM Internet Measurement Conference (IMC 2018), and on the Steering Committee of IEEE Conference on Secure and Trustworthy Machine Learning (SaTML).
Bio: Ben Zhao is Neubauer Professor of Computer Science at University of Chicago. He completed his Ph.D. at U.C. Berkeley (2004), and B.S. from Yale (1997). He is a Fellow of the ACM, and a recipient of the NSF CAREER award, MIT Technology Review's TR-35 Award (Young Innovators Under 35), USENIX Internet Defense Prize, ComputerWorld Magazine's Top 40 Technology Innovators award, IEEE ITC Early Career Award, and Faculty awards from Google, Amazon, and Facebook. His work has been covered by many media outlets including New York Times, CNN, NBC, ABC, BBC, MIT Tech Review, Wall Street Journal, Forbes, and New Scientist. His current research focuses on mitigating the harms of misused AI. He has published over 190 articles in areas of security and privacy, machine learning, networking, and HCI. He served as TPC (co-)chair for the World Wide Web conference (WWW 2016) and ACM Internet Measurement Conference (IMC 2018), and on the Steering Committee of IEEE Conference on Secure and Trustworthy Machine Learning (SaTML).
Security for Language Models [Slides]
David Wagner, University of California at Berkeley
Abstract:
I discuss computer security challenges facing the field as a result of the exciting progress in Large Language Models (LLMs). I will give an overview of emerging threats, including both potential attacks on language models as well as ways that language models might be used by attackers to attack people and existing systems. Then, I will discuss potential defenses, opportunities for protecting against these threats, and directions we might expect to see industry and research take in the coming years. Finally, I will briefly present research in our group on attacks and defenses for LLMs.
Bio: David Wagner is Professor of Computer Science at the University of California at Berkeley, with expertise in the areas of computer security and adversarial machine learning. He has published over 100 peer-reviewed papers in the scientific literature and has co-authored two books on encryption and computer security. His research has analyzed and contributed to the security of cellular networks, 802.11 wireless networks, electronic voting systems, and other widely deployed systems.
Bio: David Wagner is Professor of Computer Science at the University of California at Berkeley, with expertise in the areas of computer security and adversarial machine learning. He has published over 100 peer-reviewed papers in the scientific literature and has co-authored two books on encryption and computer security. His research has analyzed and contributed to the security of cellular networks, 802.11 wireless networks, electronic voting systems, and other widely deployed systems.
We are not prepared
Nicholas Carlini, Google DeepMind
Abstract:
It has now been a decade since the first adversarial examples
were demonstrated on deep learning models. And yet, even
still, we can not robustly classify MNIST images better than
LeNet-5 or ImageNet images better than AlexNet. But now,
more than ever, we need robust machine learning models.
And not only robust to evasion attack: but also robust
to poisoning, stealing, and many other attacks.
In this talk I survey the current progress we have made on
adversarial machine learning. While we have made many
significant advances in making attacks practical, we have
had made considerably less progress on defenses. Worse,
top conferences like S&P continue to accept obviously
incorrect adversarial example defenses. Making progress
towards addressing these challenges will be of the highest
importance in the coming years.
Bio: Nicholas Carlini is a research scientist at Google DeepMind studying the security and privacy of machine learning, for which he has received best paper awards at ICML, USENIX Security, and IEEE S&P. He obtained his PhD from UC Berkeley in 2018.
Bio: Nicholas Carlini is a research scientist at Google DeepMind studying the security and privacy of machine learning, for which he has received best paper awards at ICML, USENIX Security, and IEEE S&P. He obtained his PhD from UC Berkeley in 2018.
