Search Results for author:
Found 15 papers, 10 papers with code
Operationalizing Contextual Integrity in Privacy-Conscious Assistants
To steer information-sharing assistants to behave in accordance with privacy expectations, we propose to operationalize contextual integrity (CI), a framework that equates privacy with the appropriate flow of information in a given context.
UnUnlearning: Unlearning is not sufficient for content regulation in advanced generative AI
The promise is that if the model does not have a certain malicious capability, then it cannot be used for the associated malicious purpose.
Backdooring Bias into Text-to-Image Models
Furthermore, we show how the current state-of-the-art generative models make this attack both cheap and feasible for any adversary, with costs ranging between $12-$18.
Adversarial Illusions in Multi-Modal Embeddings
In this paper, we show that multi-modal embeddings can be vulnerable to an attack we call "adversarial illusions."
Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs
We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs.
Mithridates: Auditing and Boosting Backdoor Resistance of Machine Learning Pipelines
Given the variety of potential backdoor attacks, ML engineers who are not security experts have no way to measure how vulnerable their current training pipelines are, nor do they have a practical way to compare training configurations so as to pick the more resistant ones.
Training a Tokenizer for Free with Private Federated Learning
During private federated learning of the language model, we sample from the model, train a new tokenizer on the sampled sequences, and update the model embeddings.
Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures
Whereas conventional backdoors cause models to produce incorrect outputs on inputs with the trigger, outputs of spinned models preserve context and maintain standard accuracy metrics, yet also satisfy a meta-task chosen by the adversary.
Towards Sparse Federated Analytics: Location Heatmaps under Distributed Differential Privacy with Secure Aggregation
We design a scalable algorithm to privately generate location heatmaps over decentralized data from millions of user devices.
Spinning Sequence-to-Sequence Models with Meta-Backdoors
We introduce the concept of a "meta-backdoor" to explain model-spinning attacks.
Blind Backdoors in Deep Learning Models
We investigate a new method for injecting backdoors into machine learning models, based on compromising the loss-value computation in the model-training code.
Policy-Based Federated Learning
In this paper we present PoliFL, a decentralized, edge-based framework that supports heterogeneous privacy policies for federated learning.
Salvaging Federated Learning by Local Adaptation
First, we show that on standard tasks such as next-word prediction, many participants gain no benefit from FL because the federated model is less accurate on their data than the models they can train locally on their own.
Differential Privacy Has Disparate Impact on Model Accuracy
The cost of differential privacy is a reduction in the model's accuracy.
How To Backdoor Federated Learning
An attacker selected in a single round of federated learning can cause the global model to immediately reach 100% accuracy on the backdoor task.
