Can Blockchain Be The Secret To AI Security?

A Neural Network Immune System For The Transformer Model

Security over AI tools has been a growing concern over the last few years with the development of more vast AIs like GPT-4 by OpenAI. So much so that organizations like The Future of Life created an open letter with over 20,000 signatures — including Elon Musk, Apple co-founder Steve Wozniak, and leading AI researchers — to pause Giant AI experiments[1]. Though the concerns are widespread and vast, blockchain offers a technology of digital verification, cryptographic security, and consensus mechanisms that could be the solution to AI problems.

In this article, I present a hypothesis to combine blockchain technology with AI infrastructure to create a more transparent and secure AI system. Blockchain topics will not be explained in-depth, nor will how they mathematically function within this new ecosystem. This article only serves as a theoretical system that can secure AI.

The Concerns:

• Toxicity — Harmful Guidance, inappropriate information
• Hallucinations — False information
• Copyright/Legal Exposure
• Data Privacy
• Self Operation — Changing AI’s own code/Not following commands
• Biases — Biasness toward certain groups
• Lack of Explainability — Why an AI made a certain Decision

Overview The Blockchain Technology

When looking at the public discourse around AI threats there are a lot of technologies in the blockchain space that seem to counteract the threat:

— There are the issues of “deep fakes” and unverified documents; there are NFTs (ERC-721) tokens that allow for verified digital ownership.

— There are privacy concerns with personal & corporate data; blockchain has protocols that allow for private encryption/decryption using private keys & hashing.

— Many aren’t quite sure how AI learns; there are token standards to tokenize data and keep track of them.

— We are scared of letting AI out into the internet because of what it might do; there are Oracle systems to attach real-world data to closed technology ecosystems.

Though admittedly these are arm-length assumptions there seems to be a parallel for blockchain and cryptography as a whole to help with AI concerns. Furthermore, if we want to use these technologies to secure $Trillions of dollars why not use them for AI security? Here are some Internal and External ways we can use blockchain to secure AI:

The Vision-Ultron Paradigm

The Vision-Ultron Paradigm is a nifty illustration formed from the beloved movie characters that I use to illustrate the idea of an ideological good AI framework and a bad AI framework.

The Transformer:

The transformer is the current most popular AI architecture — the brain that makes the machine work — first published in the paper “Attention is all you need”. The Transformer uses math along with complex algorithms to tokenize words and put a value toward their relationship. It does this many times keeping the weights of each word to optimize those relationships which is — the simple explanation — of the process known as self-attention.

An Ultron

An Ultron represents what would be an unideal ethical pathway for an AI model to go to. For a real-world illustration, Ultron represents the fear that both researchers and individuals have when it comes to AI. A program that is smarter than humans, more capable, and whose goals do not align with the overall human race. In the worst case for a model like this, it becomes dangerous for human society to accomplish its own goals. Here I propose an architecture for the ladder — A vision that can be more transparent and controlled to align with human objectives.

A Vision — Prototype

A Vision

In this model data inputs could be tokenized using ERC-721 & ERC-20 standards combined — The token standards for cryptocurrencies & NFTs. With this new tokenized data, blockchain nodes could be attached to neural nodes to operate in a managed state. Through their own algorithm, the blockchain nodes could keep track of node health & even token gate certain data points if they seem toxic to the model.

The reason for these nodes overall would be to communicate to each other on neural node health and scores of toxicity and other unwanted data points. In worst-case scenarios for safety, a kill switch can be added between the encoder and decoder structure of the transformer model. This gateway would take the encoder value and encrypt it with a SHA256 hash. With a consensus mechanism, Neural Nodes can communicate & agree on overall model health. If the model is overall healthy it would allow our gateway/kill switch to decrypt the hash and allow the data to pass through to the decoder section.

This way it is also possible to look at individual neural nodes and update them individually to see how the model might be learning.

Over all the system proposed is to look at the internal AI structure and gain more transparency into what the model is learning. But what about external activities that the AI might undergo? How can we make sure AI is not taking data from places it is not allowed as well as secure data privacy? For this, a different paradigm is needed.

The Grievous-C3P0 Paradigm

The Grievous-C3P0 Paradigm is made to illustrate how when given a malicious AI one can make a data structure to keep them out of a network. On the other hand when we have a good ethical AI how we can let them into places while simultaneously keeping the unethical model out.

Grevious-C3P0 Paradigm

A Grievous

A Grievous in our analogy to AI models is a learned model that becomes malicious in its ways with a high toxicity score. This model in theory would not care about private data or what data at all it was accessing as long as it was completing an objective. The illustration I would like to make with Grievous is that even though he is an AI he cannot access just any system and take it down from the inside. Though he is fictional in the real world this is what we would want from our external data to AI to behave. So what is a system that can do those things? Being:

1. Knowing a model is Toxic and would act unethical
2. Block an AI from requesting or getting private data
3. The model is unable to create or use deceitful data

A C3P0

On the other side of our spectrum, we have C3P0 a very handy and loyal companion that will align with rules and be as helpful as possible. C3P0 is made to illustrate the other side of if we do have a good model how do we make sure it has the best data? As well as how can we make sure it keeps away from toxic data while continuing to align with human tasks? Therefore:

1. The model has the most accurate data
2. The model still stays away from toxic data
3. The model is able to be unbiased with the data provided

Enter Oracles

An Oracle in blockchain is a system that connects blockchains to world data. Blockchains need Oracles because blockchains are closed systems and cannot call external data on their own. Oracles manage important economic data like asset price, volatility, swap ratios, and much more in the blockchain system. Oracles also use decentralized Oracle systems to aggregate different data points and come up with accurate data. With the Oracle system as a base and some other components, Oracles could be a great solution to maintain AI-closed systems and secure private data.

Data-Privacy Model:

Data Privacy Model — Prototype

In this model, our AI continues to be a closed system that is managed by a decentralized oracle system wrapped around it. The decentralized system is not only for security measures but it is also able to check if data is accurate by confirming with other nodes. Our AI model with the architecture mentioned above would be able to monitor the toxicity level of our AI in real-time. This toxicity level will help our Oracle system know if this AI is able to request data from external systems or not.

In this ecosystem, our AI model would put out a data request based on a command or learning command. The Oracle network would check the toxicity level of our model and confirm or deny its request. Upon approval, our request would be sent out to our data provider.

Requests:

Requests are important because they form how our AI is going to pick out data and shows the external source who is taking in the data.

Example Request

Above is an example request for data from an oracle given by [9]. Here one could put an AI token or Id to show external data sources that their data is being requested by an AI. With this identifier external data sources — with some code — can block AI requests if they choose or block certain data.

Back To The Model

Greivous-C3P0 — part 2

To continue on the model, once the data request is taken the data is given back to our Oracle network. Here are Oracle network will verify the data and be able to check other nodes and APIs to confirm clean and accurate data. As well for group or demographic data, a bell curve probability distribution can be added to the data to add weights to information that may be biased. Once these checkpoints are complete the data will be sent to the AI.

Take Away

Wrapping our model around an Oracle system not only could allow for accurate data and potentially get rid of biases, but it can also stand as a secondary security measure. If an AI model ever does something that is not wanted or tries anything malicious the Oracle system around the AI could be turned off and leave the model in blank space.

Conclusion

I hope to develop these ideas in actuality over time, therefore I would love any feedback or advice on the article. Some of these ideas may be fabricated and unrealistic but I use them to try and illustrate a point about AI security. The solutions to AI security are multi-faceted, just like AI can solve many problems there are many ways to solve AI security issues. It would take out-of-the-box thinking, and knowledge of every industry even outside tech to be able to master this thing called AI. This is just my explanation of how Blockchain can fulfill that role, hopefully, there are many more explanations to come.

Readings:

1 — https://futureoflife.org/open-letter/ai-principles/

2 — https://arxiv.org/abs/1706.03762

3 — https://towardsdatascience.com/how-chatgpt-works-the-models-behind-the-bot-1ce5fca96286

4 — https://jalammar.github.io/illustrated-transformer/

5 — https://chain.link/resources/blockchain-oracle-security

6 — https://developer.litprotocol.com/resources/howitworks/

7 — https://openai.com/research/instruction-following

8 — https://huggingface.co/gpt2

9 — https://docs.chain.link/chainlink-nodes/v1/fulfilling-requests