America’s spy agencies will be deploying generative artificial intelligence (AI) to analyze sensitive data. It was announced last week that Microsoft’s generative AI model for the intelligence communities will address the security issues from large language models (LLMs) – which are typically connected to the Internet – by “air-gapping” the tools to a cloud-based environment.
This will be the first major LLM to be separated from the Internet, yet it will retain much of the computing power. Generative AI can analyze massive amounts of data and be used to recognize patterns far faster than humans. The CIA began using a generative AI tool last year for unclassified purposes, but more sensitive national security information needs to be isolated from the public Internet.
“This is the first time we’ve ever had an isolated version – when isolated means it’s not connected to the internet – and it’s on a special network that’s only accessible by the U.S. government,” William Chappell, Microsoft’s chief technical officer for strategic missions and technology, told Bloomberg.
Generative AI and the IC
Chappell told Bloomberg that the new AI tool could theoretically be accessed by as many as 10,000 members of the intelligence community (IC) who require access to Top Secret data. The tool went live last Thursday and will enter a testing and accreditation phase before it can go into broader use by the intelligence community.
“Generative AI can help the intelligence services to process data faster and discover links between different data points,” technology industry analyst Roger Entner of Recon Analytics told ClearanceJobs. “One of the biggest areas should be the processing of countless phone calls, emails, and other data transmissions that the services collect and need to make sense of.”
Air-Gapped Platform
The AI platform was developed so that it can read files but not learn from them in any way that would impact its output. The data also can’t be accessed from the Internet.
“Keeping it air-gapped and away from the internet is the only way we can envision the IC using generative AI technology,” explained Dr. Jim Purtilo, associate professor of computer science at the University of Maryland.
“Except for the sensitivity of the domain, and thus the danger of spilling important tells to its other users, it is fair to assume that Microsoft’s LLM would be used in all the ordinary ways we use such tech today – assist preparation of reports, answer general questions, search for information and so on,” Purtilo told ClearanceJobs. “The workflow often looks just like what happens in corporate America and thus are fair game for streamlining with emerging tools.”
However, one concern even with an isolated model is the potential for data spillage between protected IC projects.
“As typically configured, these models learn from prompting over time, so one can envision that the sharing of a model will also inadvertently share information outside of compartmentalized a project,” Purtilo continued. “The answer to one user’s prompt might be based on another user’s interactions which were never intended to telegraph that certain data were known.”
Dealing With AI Bias
Another concern will be the issues of bias, warned Purtilo, who noted that in open systems we have already seen how over- or under-weighting certain properties in the model can lead to spectacularly “weird behaviors.” He pointed to Google’s AI depicting President George Washington as a black man, which came about from AI being built atop biased datasets or produced by biased engineers.
Though the depiction of Washington incorrectly drew some scrutiny, there is a concern that the IC could draw the wrong conclusions from similar biases.
“In the IC, however, one of the most important tenets is skepticism,” Purtilo added. “The danger is that whoever trains the model might condition responses over time in a way that hides bias and overcomes critical review. It might be inadvertent, but it will nevertheless take us away from our core role as guardians of cold objectivity when advising leadership.”
Finally, there is the concern about specificity in data.
“In open systems, we know LLMs seem free to simply make stuff up, sometimes referred to as ‘hallucinating,'” said Purtilo. “These models are fundamentally an averaging of what most prior users seemed to want to hear, and often what we want to hear is not what is real. The IC simply can’t afford to risk taking key details at face value from any LLM. Everything will need to be checked.”