Original Article: https://cloudsecurityalliance.org/blog/2023/07/28/generative-ai-proposed-shared-responsibility-model/
Original Author: Written by Vishwas Manral, Chief Technology Officer and Head of Cloud Native Security at McAfee Enterprise
Translator: BlueDog
Overview#
The release of OpenAI's consumer-facing chatbot ChatGPT, which utilizes generative AI technology, has generated widespread attention to large language models (LLMs). ChatGPT has had a significant impact on enterprises and companies, as well as the open-source AI ecosystem.
Cloud service providers have been at the forefront, with Microsoft Azure offering the OpenAI API through its platform and cognitive services, as well as integrating other OpenAI platforms. Google has created a chatbot similar to ChatGPT called Bard and offers generative AI capabilities through its Vertex AI platform. Amazon also collaborates with its SageMaker platform.
While we are still in the early stages of AI, one thing is clear: cloud computing is the backbone of generative AI platforms. Enterprises and companies will use and create the majority of their generative AI applications in the cloud.
Basics#
Before we delve further, let's first understand some basic terms.
Artificial Intelligence (AI) is the ability of machines to mimic intelligent human behavior. Chatbots like "Apple Siri" or "Amazon Alexa" are considered AI as they can engage in conversations using human-like voices.
Machine Learning (ML) is an approach applied to AI that helps us learn and improve from experience. It is a discipline of computer science that uses computer algorithms and analysis to build predictive models to solve business problems.
Deep Learning is a subset of machine learning that involves algorithms inspired by the structure and function of the human brain. Deep learning algorithms can handle large amounts of structured and unstructured data. The key aspect of deep learning is representation learning, where features are learned automatically, and each layer creates more abstract and comprehensive data representations.
Generative Adversarial Networks (GANs) are a clever way of training generative models by framing the problem as a supervised training problem with two sub-models: a generator model and a discriminator model. We train the generator model to generate new samples, and the discriminator model tries to classify whether the samples are from the real domain or generated (fake).
Generative AI is a category of AI models and tools used to create new content. It utilizes machine learning techniques such as GANs and transformer models to learn from and generate unique outputs from large datasets.
AI Service Provider (AISP) is an entity that provides AI services to users to help them build AI applications. These entities can be cloud providers like AWS, GCP, and Azure, or other specialized providers.
AI Service User (AISU) is an entity that uses the services provided by AISP to build AI applications. These entities are typically enterprises, small and medium-sized businesses, startups, or even individual developers.
Large Language Models (LLMs) are language models based on deep learning trained on a large corpus of language data. These models can generate human-like language outputs and perform complex natural language processing tasks.
Prompting Mechanism allows users/software to interact with generative AI models using natural language. It consists of instructions given to request the desired output from the generative AI.
Grounding provides contextual information to generative AI models, forcing them to answer based on context and not generate illusions. Grounding by accessing customer-specific data helps generate responses with relevant background information.
Retrieval-Augmented Generation (RAG) is a form of knowledge grounding. It combines pre-trained model data with additional context using fine-tuning recipes.
Shared Responsibility Model#
NIST 800-145 defines service models for cloud services, including IaaS, SaaS, and PaaS. These models have evolved and spawned many more service models. Here is the evolved shared responsibility model link, which includes Container as a Service and Serverless.
As generative AI applications are built in the cloud, the shared responsibility model can also be extended to generative AI applications.
Generative AI Applications#
Generative AI applications can be categorized into Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
IaaS Application Examples#
For generative AI IaaS applications, AISUs select base models and train them using their proprietary data. The applications use pre-trained models and provide access to users. These are primarily aimed at critical business applications created by companies like BloombergGPT, Einstein GPT, and Intuit GenOS to meet customer demands.
PaaS Application Examples#
AISUs are creating PaaS applications using services like Azure OpenAI (or Google Vertex AI APIs). AISPs host the pre-trained models in the tenant's infrastructure. Using generative AI is similar to making specialized API calls, suitable for models adopted by AISUs in building their applications.
SaaS Application Examples#
There are now many existing SaaS applications that incorporate generative AI capabilities. Well-known enterprise-level applications like Microsoft 365, ServiceNow, and Salesforce have incorporated generative AI. Models, training, and understanding associated with AISUs are not exposed. There are also applications being built similar to ChatGPT, focusing on generative AI. Enterprises need to be able to detect these shadow applications and find ways to keep their usage secure.
Generative AI Shared Responsibility Model#
The security and compliance responsibilities of AI applications are shared among AI service users, enterprises (application owners), and AI service providers. This shared responsibility model helps divide and clarify responsibilities, enabling faster creation and deployment of new AI applications while maintaining security and compliance.
IaaS Responsibilities#
For IaaS applications, including GPU, training, or inference infrastructure, the infrastructure is provided by AISPs. AISUs are responsible for the security of the physical and virtual infrastructure. AISPs can provide curated AI base models or pre-trained models. AISUs can train and fine-tune models using any open-source or proprietary data corpus. The choice of model lineage and relevance is the responsibility of AISUs. The data corpus used for training the model and its provenance and security requirements need to be validated by AISUs. The model is hosted by AISUs for inference processing. Prompt filtering and grounding (contextual answers) are supported by AISUs when the application is running. Prompt control, application security/intellectual property (IP), and copyright are handled by AISUs themselves.
PaaS Responsibilities#
For PaaS applications, the infrastructure and pre-trained models are supported by AISPs. The data corpus on which the model relies and its security are within the responsibility of AISPs. The model is hosted by AISPs themselves. If a model is trained for a specific task, AISP can do some grounding in the user-specific context, while AISU is responsible for other aspects. Application security/intellectual property (IP) and copyright are handled by AISUs themselves.
SaaS Responsibilities#
For SaaS applications, LLM models are abstracted from AISUs and handled by AISPs. SaaS applications use user-specific contexts within the SaaS application and additional data obtained from other applications to ground the model. Application security, most prompt filtering, and IP filtering fall within the responsibility of AISUs.
Conclusion#
While AI service models will continue to evolve, and shared responsibility will change with them, this article attempts to provide some early terminology and frameworks to help clearly define the responsibilities of AI service providers and AI service users, enabling them to work independently and quickly.