The AI Daily Brief: Artificial Intelligence News and Analysis - Point-Counterpoint on Open Source AI

Episode Date: August 6, 2024

ORIGINALLY PUBLISHED: Friday August 2nd On today's episode, NLW reads a point counterpoint on open source AI. https://www.economist.com/by-invitation/2024/07/29/keep-the-code-behind-ai-open-say-t...wo-entrepreneurs https://www.economist.com/by-invitation/2024/07/29/not-all-ai-models-should-be-freely-available-argues-a-legal-scholar Concerned about being spied on? Tired of censored responses? AI Daily Brief listeners receive a 20% discount on Venice Pro. Visit ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://venice.ai/nlw ⁠⁠⁠⁠⁠⁠⁠⁠and enter the discount code NLWDAILYBRIEF. Learn how to use AI with the world's biggest library of fun and useful tutorials: https://besuper.ai/ Use code 'podcast' for 50% off your first month. The AI Daily Brief helps you understand the most important news and discussions in AI. Subscribe to the podcast version of The AI Daily Brief wherever you listen: https://pod.link/1680633614 Subscribe to the newsletter: https://aidailybrief.beehiiv.com/ Join our Discord: https://bit.ly/aibreakdown

Transcript
Discussion (0)
Starting point is 00:00:00 Today on the AI Daily Brief, another argument for open source AI innovation. The AI Daily Brief is a daily podcast and video about the most important news and discussions at AI. To join the conversation, follow the Discord link in our show notes. Hello, friends. Once again, I am traveling currently. And so instead of doing our long read over the weekend, we'll be doing a long read as part of the Friday show. Starting next week, we will be back to normal, never fear. But this week, I wanted to read a piece in The Economist called Keep the code behind AI Open, say two entrepreneurs. The authors include Martin Casado, a general partner at Andrezen Horowitz, and Ion Stoica, a professor of computer science at UC Berkeley. The latter is also
Starting point is 00:00:49 co-founder and executive chairman of Databricks and any scale. In the piece, they argue that open source models will power innovation without compromising security. And once again, this is regular Nathaniel, not AI Nathaniel, reading this piece. No one doubts that artificial intelligence will change the world, but a doctrinal dispute continues to rage over the design of AI models. namely whether the software should be closed source or open source. In other words, whether code is proprietary or public and open to modification by anyone. Some argue that open source AI is a dead end, or even worse, a threat to national security. Critics in the West have long maintained that open source models strengthen countries like China by giving away secrets, allowing them to
Starting point is 00:01:26 identify and exploit vulnerabilities. We believe the opposite is true, that open source will power innovation in AI and continue to be the most secure way to develop software. This is not the first time America's tech industry and its standard setters and regulators have had to think about open source software and open standards with respect to national security. Similar discussions took place around operating systems, the internet and cryptography. In each case, the overwhelming consensus was that the right way forward was openness. There are several reasons why. One is that regulation hurts innovation. America leads the world in science and technology. On an even playing field, it will win. With one hand tied behind its back, it might well lose. That's exactly what it would do by restricting open source
Starting point is 00:02:04 AI development. A potential talent pool that once span the globe would be reduced to one spanning the four walls of the institution or company that developed that model. Meanwhile, the rest of the world, including America's adversaries, would continue to reap the benefits of open source and the innovation it enables. A second reason is the widely accepted view that open source makes systems safer. More users from government, industry, and academia, as well as hobbyists, means more people analyzing code, stress testing it in production, and fixing any problems they identify. A good example in the sphere of national security is security enhanced Linux. It was originally developed by the America's National Security Agency as a collection of security patches for the open source Linux operating system
Starting point is 00:02:41 and has been part of the official Linux distribution for more than 20 years. This learned from other's approach is vastly more robust than one based on proprietary operating systems that can only be fixed by their vendors on whatever timelines they can manage. There is much discussion in Western national security circles about preventing other states from gaining access to state-of-the-art AI technology, but restricting open source will not accomplish this goal. In the case of China, that is because the horse has bolted. China is already at the cutting edge of AI. They may well have more AI researchers than America, and it is already producing very competitive models. According to one popular system for ranking large language models, China has three of the world's top seven open source
Starting point is 00:03:15 models. Some Chinese companies are also finding ways to get around export controls on GPUs. Even American companies are not easily persuaded to overlook billions in revenue. A previous attempt at prohibiting the export of high-end intel chips resulted in China developing the world's fastest supercomputer using a novel internally developed computing architecture. The inability of American companies to keep proprietary infrastructure-critical IP secure has a long history. Huawei, for instance, has publicly admitted to copying proprietary code from Cisco. As recently as March, the FBI apprehended a Chinese former Google engineer for allegedly stealing AI trade secrets from the company, which is renowned for its security.
Starting point is 00:03:49 A question to ask is whether we want to live in a world, where we understand the fundamental nature of other country's AI capabilities, because they're based in part on open source technology, or a world where we're trying to figure out how they work. There is no third option where China, for example, doesn't have advanced AI capabilities. The final reason to favor open source is that it drives innovation. The argument that we should move away from open source models because they cannot compete with proprietary models on performance or cost is plain wrong. Foundation models are on their way to becoming a key component of application infrastructure. And since at least the mid-1990s, the majority of impactful new infrastructure technologies have been open source. There's no clear reason why AI models
Starting point is 00:04:24 will be different. Today's AI is rooted in open source and open research, and the stunning advances in generative AI over the past two years. With the rise of open AI, mistralanthropic, and others, can be largely attributed to the openness of the preceding decade. Today, many of the most advanced uses of AI are the product of developers running and fine-tuning open-source models. Many of the most advanced users of AI are in communities that have grown organically around open source. The dye has been cast. There is, of course, room for different business and development models to thrive, and no one should take national security lightly. But restricting open source would hamstring an approach that has held its own when it comes to security
Starting point is 00:04:57 while driving three decades of innovation. So a couple quick notes about this. First of all, it seems to me pretty likely that they wrote this some time ago, given that they don't make mention at all of the fact that meta's Lama 3.105B and Mistral's Large 2 seem to have largely or at least close to the gap with closed source models when it comes to state of the art. That certainly would impact, for example, the argument that open source is always going to be behind. I think the key implication of this piece, though, if you believe that they have their history right, is to ask the question, what would make AI specifically different? What is it about AI technology that makes open source more dangerous than other instances? Today's episode is brought to you by Venice. The leading AI
Starting point is 00:05:38 companies store your entire conversation history and attach it to your identity forever. That's every question you ask, every answer you receive, every image you generate, every thought you share with the machine it's all being spied on. If you trust all the company's hackers and NSA board members that will ever have access to your AI conversations, then rejoice, for you are well served. For the rest of us, Venice is an alternative. Venice is a powerful AI app for text, image, and code generation that respects you as a sovereign individual, and believes privacy and free speech are not only human rights, but necessary for civilizational advancement. Private, permissionless, and uncensored, you can try it for free without an account.
Starting point is 00:06:13 AIA Daily Brief listeners receive a 20% discount on Venice Pro. Visit venice.aI. slash NLW and enter the discount code, NLW Daily Brief. That's NLW Daily Brief, all one word. Today's episode is brought to you by Super Intelligent. As you guys know, Super Intelligent is a platform we are building to help everyone, individuals and teams maximize their use of AI. We help you figure out how to use AI tools, as well as what to use AI for. And this is really important.
Starting point is 00:06:43 The whole goal of Superintelligent is not just to give you tutorials and lessons, but to show you how other people like you are actually getting value from AI right. now. For those of you who are still out there working, learning, and grinding deep in the summer, I'm excited to share our best offer ever. If you sign up with code year 50 right now, you will get 50% off the already reduced annual price. Due to popular demand, we have extended this offer for just a couple days. We were going to close it at the end of July. Now we are running it through Friday, August 2nd. But if you want this 50% off discount, hand on over to B-super.aI and take advantage right now. Like I said, this will close on Friday, August 2nd. The code one last time is
Starting point is 00:07:24 year 50 for 50% off the already discounted annual rate for Super Intelligent. See you there. Well, the Economist did offer a counterpoint to this, and it's certainly not by a Luddite. Creative Commons founder Lawrence Lessig also published in The Economist in a piece titled Not All AI Model Should Be Freely Available. Lessig writes, Free and Open Source Software has driven technological innovation and the spread of technical skills. The freedom to share and build upon software developed by others has given countless young coders the chance to learn and is at the core of the business that powers the digital economy. It therefore feels obvious to many that the principles of free and open source software
Starting point is 00:07:58 should be extended to the development of AI models. In principle, they should, but there are important differences between ordinary software and AI technology that counsel against the simple extension of a simple principle to the full range of AI models. AI is more a category than a technology. Like the category weapon, it ranges from the relatively harmless to the potentially catastrophic, No one would believe that the access we allow to P-shooter should be the same for Stinger missiles. Neither should we believe that the software norms developed for operating systems or media players
Starting point is 00:08:25 must apply in the same way to highly capable AI systems with the potential to cause immense harm. Nor is it even obvious how the norms of free and open-source software should apply. Open-source software is software whose source code is released under licenses that allow others to copy and modify the code. It is the access to that code that spreads knowledge. But AI models consist of at least four types of digital components, only three of which are actually software. The fourth, model weights, is both the most potent and the most obscure. Model weights are the variable or numerical values used to translate inputs into outputs.
Starting point is 00:08:54 They encapsulate all that the model learned during its training. Thus, if the training costs $1 billion, the model weights reflect that value. If the training cost $1,000, they are obviously less powerful and less valuable. So which among these four components must be shared to be consistent with open source values? Source code is certainly one, for it teaches the world how the model was built. But model weights are just a string of numbers. On their own, they don't teach anything. With the other software components and the data used to train the model,
Starting point is 00:09:18 they certainly could teach how the model understands. But distinct from what they teach, they are simply the power of the model. On the analogy to weapons, model weights are not the design or plans for a weapon. They are the weapons. In my view, all four components should be freely available for models of limited capability. Hugging Face and AI community platform offers over 350,000 AI and machine learning models, 75,000 datasets, and 150,000 demonstration applications, all open source and publicly available.
Starting point is 00:09:43 These models are likely not powerful enough to do significant harm, making them available supports an ecology of free knowledge that is critical to improving the understanding of AI. Yet the same logic does not apply to highly capable AI models, especially when it comes to releasing model weights. Whatever model weights can teach, that benefit must be weighed against the enormous risk of misuse that highly capable models present. At some point, that risk is clearly too great. Mark Zuckerberg, founder of Meta, the creator of Lama, the most powerful open weight
Starting point is 00:10:09 release to date, assures us that open releases, quote, should be significantly safer since the systems are more transparent and can be widely scrutinized. They can be widely scrutinized, but when? If the danger is discovered after the code is in the wild, then the assurance that all can see the problem equally is not much consolation. Mr. Zuckerberg promises that the foundation models behind freely released model weights have guardrails to protect against harmful or dangerous misuse, and that quote, using Lama with its safety systems like Lama Guard will be likely safer and more secure than closed models. However, researchers are now demonstrating just how easily these guardrails can be removed. Lama 2 had guardrails to block users from developing it for improper
Starting point is 00:10:43 unsaved purposes, but in 2023 and for less than $200, a team from Palisade research was able to disable these and produce an unconstrained version of Lama 2. Just how dangerous could these Frankenstein openweight models become as the foundation models behind them become more powerful, and the techniques for removing guardrails become more sophisticated. The point is not that only open weight releases can be hijacked, but they do create a unique risk because once released, they cannot be recalled. By contrast, models that give access through web portals or regulated APIs could, in principle, identify when users are attempting a hijack. In principle, then, they they could more easily shut down malicious use than could models that have been freely distributed.
Starting point is 00:11:17 Together, these threats suggest we need a more sophisticated framework for understanding what parts of AI should be freely available and what parts should not. That understanding must track model capability and, as I will explain, regulatory capacity. For low capability models, we should encourage the hugging face ethic. The risks are low and the contribution to understanding is vast. For high capability models, we need regulation that ensures both closed and open models are safe before they are released, and that they are not released in ways that could create catastrophic risk. No simple line will divide low capability from high.
Starting point is 00:11:45 But if we're to secure the potential for open source development, we must develop the regulatory capacity to draw this line and enforce it. Importantly, these risks are contingent on the regulatory capacity of the infrastructure within which AI operates. AI researchers are now exploring ways to use the chips that run AI models to regulate the models themselves, building governance, as it were onto the chips. If this capability were required generally, it could operate as a kind of circuit breaker, disabling runaway systems.
Starting point is 00:12:09 Such mandates create their own risks, but a technical governance infrastructure would allow us to focus on model risks, not whether a model was open or not. And as it could help lessen the risks of AI development in general, it could weaken arguments against open source release in particular. Private companies alone and fierce competition with each other do not have sufficient incentives to avoid catastrophic risk. Neither would simply banning open source AI avoid the risk of great harm. Instead, we need to develop the regulatory capacity to ensure an environment within which safe AI can be developed, and the regulatory judgment to determine when the public risk from any AI deployment is too great. Today, these risks are imposed upon us by private actors with
Starting point is 00:12:41 little public oversight. The formula has not worked with dangerous technologies in the past. It will not work with AI systems of the future. All right, so that is another side of this conversation. Now, I present these both to you so you can have some time to digest and compare them and figure out what you find more compelling. You can also go back and look at the piece we read from Metas Mark Zuckerberg last week as yet another argument in this conversation. I will say that I think it's interesting that Lessig is coming at this from a very different angle than some of the folks that have been critical of open source in the past. He's basically trying to shift the conversation away from open or closed into just model capabilities in general. Effectively, he's arguing that if we have a
Starting point is 00:13:18 good system for handling when a model is too powerful to be released in general, it's going to, as a part of solving that problem, also likely solve this problem as well. Anyways, let me know where you think, what you feel about this argument. Use the comments here on YouTube or on Spotify, which of course now has comments available for everyone. For now, though, that is going to do it for today's AI Daily brief. Until next time, Peace.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.