News & Events

UK-SPS Seminar Wed 22nd Sep - Security & Privacy of Large Scale Machine Learning


Title: An Unreliable Foundation: Security & Privacy of Large Scale Machine Learning

Speaker: Nicholas Carlini (Google)


Abstract: Instead of training neural networks to solve any one particular task, it is now common to train neural networks to behave as a “foundation” upon which future models can be built. Because these models train on unlabeled and uncurated datasets, their objective functions are necessarily underspecified and not easily controlled.

In this talk I argue that while training underspecified models at scale may benefit accuracy, it comes at a cost to security and privacy. Compared to their supervised counterparts, large underspecified models are more easily attacked by adversaries. As evidence, I give three case studies where larger models are less reliable across three different problem setups. Addressing these challenges will require new solutions than those that have been studied in the past.

Bio: Nicholas Carlini is a research scientist at Google Brain. He studies the security and privacy of machine learning, for which he has received best paper awards at ICML, USENIX Security and IEEE S&P. He obtained his PhD from the University of California, Berkeley in 2018.


Please feel free to forward to others who might be interested. 

UK-SPS is an inter-university seminar series on cyber security and privacy. Seminar details are also advertised on our websitecalendar and Twitter, and recordings will be available on our YouTube channel afterwards. 

Last modified: Mon, 27 Sep 2021 10:02:13 BST