newsweekshowcase.com

A watermark for artificial intelligence-generated text was unveiled by the search engine

Nature: https://www.nature.com/articles/d41586-024-03418-x

Tune in to Nature Show: Catching Up on Artificial Intelligence and the Importance of Watermarks Using Deep Drone-mounted LiDAR Scans

Don’t miss an episode. If you want to listen to the Nature Show on your phone, you can subscribe to it on Apple Podcasts, Spotify, or your favourite app. An RSS feed for the Nature Podcast

 is available too.

The researcher scanned her brain to see how birth control pills worked, and she also found out how high-altitude tree planting could provide refuge to an imperilled butterfly species.

Governments are trying to limit the proliferation of text generated from artificial intelligence. Yet, problems abound, including getting developers to commit to using watermarks, and to coordinate their approaches. And earlier this year, researchers at the Swiss Federal Institute of Technology in Zurich showed that any watermark is vulnerable to being removed, called ‘scrubbing’, or to being ‘spoofed’, the process of applying watermarks to text to give the false impression that it is AI-generated.

Drone-mounted LiDAR scans reveal two remote cities buried high in the mountains of Central Asia — plus, how a digital watermark could help identify AI-generated text.

OpenAI Detectors: How Well Do They Operate in the Misleading Lands of Generative Artificial Intelligence?

In a welcome move, DeepMind has made the model and underlying code for SynthID-Text free for anyone to use. The work is an important step forwards, but the technique itself is in its infancy. We need it to grow up fast.

There is an urgent need for improved technological capabilities to combat the misuse of generative AI, and a need to understand the way people interact with these tools — how malicious actors use AI, whether users trust watermarking and what a trustworthy information environment looks like in the realm of generative AI. Researchers need to study the questions.

However, even if the technical hurdles can be overcome, watermarking will only be truly useful if it is acceptable to companies and users. Regulators will probably force companies to take action in the near future, but whether users will trust similar technologies is another matter.

The researchers did not explore how well the watermark can resist deliberate removal attempts. The resilience of watermarks to such attacks is a “massive policy question”, says Yves-Alexandre de Montjoye, a computer scientist at Imperial College London. “In the context of AI safety, it’s unclear the extent to which this is providing protection,” he says.

This approach to watermarking is not a new one. Openai is a company that is in San Francisco, California and is testing a version of it. There isn’t much literature on technology’s strengths and limitations. One of the most important contributions came in 2022, when a computer scientist from Texas described how watermarking can be achieved. Among them are John Kirchenbauer and his colleagues at the University of Maryland in College Park, who published a watermark detector last year.

The tool has also been made open, so developers can apply their own such watermark to their models. “We would hope that other AI-model developers pick this up and integrate it with their own systems,” says Pushmeet Kohli, a computer scientist at DeepMind. Users won’t be able to usedetection tools to see signs of Gemini-watermarked text because they don’t have the same secret key as GOOGLE.

SynthID-Text: Finding a Watermark for a Large Language Learning Model using Cryptographic Keys and Random Tokens

An LLM is a network of associations built up by training on billions of words or word-parts, known as tokens. When given a string of text, the model assigns to each token in its vocabulary a probability of being next in the sentence. According to a set of rules, the sampling is supposed to select from the distribution which token to use.

The SynthID-Text sampling algorithm uses a cryptographic key to assign random scores to each possible token. Candidate tokens are pulled from the distribution, in numbers proportional to their probability, and placed in a ‘tournament’. There is a program that compares scores in knockouts with the highest value winning and then only one token is left, which is used in the text.

The multiple rounds in the tournament can be likened to a combination lock, in which each round represents a different digit that must be solved to unlock or remove the watermark, says Huang. She explains that this mechanism makes it more difficult to remove, spoof or reverse-engineer the watermark. The authors showed that they were able to detect the watermark, even when a second LLM was used to paraphrase the text. The watermark is not as strong for shorter strings of text.

It is Kohli’s hope that the watermark will be helpful for LLM use. “The guiding philosophy was that we want to build a tool that can be improved by the community,” he says.

admin

,