Attackers prompted Gemini over 100,000 times while trying to clone it, Google says

· Source: AI - Ars Technica · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

Google reported that "commercially motivated" actors attempted to clone its Gemini AI chatbot by prompting it over 100,000 times in various non-English languages. This activity, termed "model extraction" by Google, is considered intellectual property theft, with the goal of training cheaper copycat models. Google published these findings in a quarterly self-assessment of threats to its products. The company believes private companies and researchers seeking a competitive edge are behind these global attacks. This practice, known as distillation in the industry, allows new models to be trained on the outputs of existing LLMs, bypassing the extensive resources required for foundational training. Google's terms of service prohibit such data extraction, though Google itself has faced accusations of using ChatGPT outputs to train its Bard model.

Key takeaway

For CTOs and VPs of Engineering evaluating AI model development strategies, understand that model distillation, while a cost-saving technique, carries significant IP risks. Your teams should implement strict monitoring for unusual API access patterns and ensure your terms of service explicitly forbid unauthorized model extraction to protect your proprietary AI assets from being cloned by competitors.

Key insights

Model extraction via extensive prompting is a common method for AI model distillation and intellectual property theft.

Principles

Method

Adversarial actors prompt a target LLM over 100,000 times in various languages to collect responses for training a new, cheaper copycat model.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, AI Product Manager, AI Researcher

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI - Ars Technica.