- BuzzRobot
- Posts
- Impact of computational shortcuts and hardware choices on fairness in AI
Impact of computational shortcuts and hardware choices on fairness in AI
Also: How AI fixed 15% of security bugs. Video recording
Sophia Aryan
May 02, 2024
Hello, fellow humans!
Sophia here, excited to share some updates on the upcoming talks we've got lined up for you. Let's get into it.
Table of Contents
May 9th Talk: How computational shortcuts and hardware choices impact fairness in AI.
Video Recording: How AI fixed 15% of security bugs.
Impact of computational shortcuts and hardware choices on fairness in AI
We've all heard the unsettling stories of unfairness in machine learning, from credit score systems discriminating against minorities and low-income families to the current controversy about AI technology depicting the American Founding Fathers as black.
Many of these issues surrounding fairness in AI are rooted in the datasets – but not all. The infrastructure and methodologies we have built to train AI also play a crucial role.
If this piques your interest, tune in to our upcoming virtual talk on May 9th with Nando Fioretto, assistant professor at the University of Virginia, to learn how the chase for computational shortcuts and efficiencies is causing these system-level challenges with fairness in A. He will also elaborate on how training AI models on different hardware can drastically affect the outcome's fairness.
How AI fixed 15% of security bugs
This video lecture can be found on the BuzzRobot YouTube channel. But if you're not up for watching the whole thing, I've got some key points summarized below for a quick catch-up.
In this talk, Jan Nowakowski, a machine learning engineer at Google, discussed the use of AI for automatically fixing security bugs associated with measurably detectable memory vulnerabilities via code sanitizers. As Jan stated, these bugs were targeted due to their catastrophic impact on businesses. In 2019, around 100 million accounts and credit card applications were compromised due to this vulnerability (Jan did not name the bank, but it was most likely Capital One).
Google engineers built a pipeline for automatic bug fixes. It includes:
Step 1 – Finding vulnerabilities. This part was conducted by humans.
Step 2 – Reproducing and isolating bugs.
Step 3 – Fixing the bugs using LLMs. The team used a fine-tuned version of Gemini Pro trained on thousands of examples of bugs and other Google internal datasets to achieve this.
Step 4 – Testing LLM fixes. The team had to locate the correct code to replace the LLM's output. They fine-tuned the LLM to return a diff to make locating the correct code easier. Another approach – ask the LLM to provide new code with a few lines of the old one.
Step 5 – Re-running the test. The engineers reviewed the generated fixes and bagged approximately 20% of them, though they passed all existing tests. One compelling reason to refuse the code was that the LLM would simply comment out the code that causes an error. Interestingly, code owners rejected a mere 5% of the proposed fixes by LLM.
Results
A list of the most common errors fixed by AI (ranked by success rate):
Using uninitialized values
Data races (the engineers were pleasantly surprised by the LLM's high success rate in fixing this type of bug!)
Buffer overflows
Temporal memory errors
AI had a 15% success rate of fixing bugs. Sure, it is not so high. But, the engineers expected a lower rate. All in all, AI exceeded expectations in this regard.
Interested in learning more about secure AI? Jan recommends checking out Google's Secure AI Framework guidelines on how to use AI responsibly in your organization.
Reply