Catching misreporting about ML hardware use by turning noise into signal - Part II

1mo

Part 2 of "Actually, hardware noise is useful for AI governance and verification" Here I go into the issue of "But now you need to use/match the prover's hardware, so how can you trust your replay device?".

Short answer: You don't.

TLDR of the idea:
Use both a trusted (noisy), and an untrusted (precise) replay device (“TRD” and “URD”, respectively). Use the TRD to reduce the attack surface for communication with the untrusted device. Then, give the URD only the claimed inputs, and make sure there are only controlled information channels in and out of said device. A network tap on that controlled channel does the comparison of the replay with the Prover’s claimed outputs, without revealing sensitive secrets to the Verifier. The URD never knows what output the Prover claimed!

TSMC most definitely has a golden record of all AI chips it made

Naci Cankaya

2mo

All modern processors have unique identifiers burnt into silicon at the fab. TSMC should cryptographically commit to their record of these IDs as soon as possible, to help combat AI chip smuggling today and track down secret AI datacenters in the future. The commitment costs practically nothing and reveals no sensitive info.

Full post on Substack. 5-10 minute read.

How a bug of AI hardware may become a feature for AI governance

Naci Cankaya

2mo

“Hardware noise” in AI accelerators is often seen as a nuisance, but it might actually turn out to be a useful signal for verification of claims about AI workloads and hardware usage.

With this post about my experiments (GitHub), I aim to

Contribute more clarity to the discussion about “GPU non-determinism”
Present how non-associativity can help monitor untrusted AI datacenters

Summary

I ran ML inference in dozens of setups to test which setups have exactly reproducible results, and which differences in setups lead to detectable changes in outputs or activations.
In nearly all cases studied, results were bitwise-reproducible within fixed settings. Differences across production methods were consistent, not random.
Given that these perturbations are reproducible and unique, they can

... (read 239 more words →)

Replying to[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

Naci Cankaya1y

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

Hello Nathan, thank you for your comment! Really looking forward to your post and how it expands on the idea.

Regarding your estimates: I personally do not think that assigning probabilities to preferable outcomes is very useful. On the contrary, one can argue that the worldviews held by influential people can become self fulfilling prophecies. That is especially applicable to prisoner's dilemmas. One can either believe the dilemma is inevitable and therefore choose to defect, or instead see the situation itself as the problem, not the other prisoner. That was the point we were trying to make.

Rather than suggesting what to do under the assumption that things turn out well, we were arguing for a shift in... (read more)

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

jakub_krys

jakub_krys, Naci Cankaya

TLDR: In response to Leopold Aschenbrenner’s ‘Situational Awareness’ and its accelerationist national ambitions, we argue against the claim that artificial superintelligence will inevitably be weaponised and turn its country of origin into an untouchable hegemony. Not only do we see this narrative as extremely dangerous, but also expect that the grandest AI challenges call for global coordination between rivalling nations and companies. We lay out ways in which sharing the benefits of – and even some power over – the most capable AI systems can help to build positive-sum partnerships with the best chance of maximally good outcomes of the AI revolution. Finally, we present the multitude of challenges associated with such... (read more)

LESSWRONG
LW

LESSWRONG
LW

Naci Cankaya

How a bug of AI hardware may become a feature for AI governance

Catching misreporting about ML hardware use by turning noise into signal - Part II

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

TSMC most definitely has a golden record of all AI chips it made

Naci Cankaya

Naci Cankaya

Catching misreporting about ML hardware use by turning noise into signal - Part II

TSMC most definitely has a golden record of all AI chips it made

How a bug of AI hardware may become a feature for AI governance

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

Naci Cankaya

How a bug of AI hardware may become a feature for AI governance

Catching misreporting about ML hardware use by turning noise into signal - Part II

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

TSMC most definitely has a golden record of all AI chips it made

Naci Cankaya

Naci Cankaya

Catching misreporting about ML hardware use by turning noise into signal - Part II

TSMC most definitely has a golden record of all AI chips it made

How a bug of AI hardware may become a feature for AI governance

[Linkpost] Hawkish nationalism vs international AI power and benefit sharing

Summary