Title: Big Security Issues of Big Foundation Models
Abstract: A big foundation model is like an “operating system” of the AI ecosystem. Specifically, a foundation model can be used as a general-purpose feature extractor to build various intelligent applications. In this talk, we will discuss the security of foundation models. In the first part of this talk, we will show that an attacker can embed a backdoor into a foundation model, such that multiple downstream classifiers built based on the backdoored foundation model inherit the backdoor behavior simultaneously. Our work shows that an insecure foundation model is a single-point-of-failure of the AI ecosystem. AI companies often use our public data on the Internet to pre-train foundation models even if we did not authorize them to do so. Therefore, in the second part of this talk, we will discuss a method to audit unauthorized data use in pre-training foundation models.