10 Security and Privacy Problems in Large Foundation Models

TL;DR

This paper identifies and discusses ten fundamental security and privacy challenges in large foundation models like GPT and CLIP, emphasizing their importance for AI ecosystem safety.

Contribution

It systematically categorizes ten key security and privacy issues in foundation models, highlighting gaps in current research and proposing directions for future work.

Findings

Six confidentiality problems identified

Three integrity issues discussed

One availability concern highlighted

Abstract

Foundation models--such as GPT, CLIP, and DINO--have achieved revolutionary progress in the past several years and are commonly believed to be a promising approach for general-purpose AI. In particular, self-supervised learning is adopted to pre-train a foundation model using a large amount of unlabeled data. A pre-trained foundation model is like an ``operating system'' of the AI ecosystem. Specifically, a foundation model can be used as a feature extractor for many downstream tasks with little or no labeled training data. Existing studies on foundation models mainly focused on pre-training a better foundation model to improve its performance on downstream tasks in non-adversarial settings, leaving its security and privacy in adversarial settings largely unexplored. A security or privacy issue of a pre-trained foundation model leads to a single point of failure for the AI ecosystem. In this book chapter, we discuss 10 basic security and privacy problems for the pre-trained foundation models, including six confidentiality problems, three integrity problems, and one availability problem. For each problem, we discuss potential opportunities and challenges. We hope our book chapter will inspire future research on the security and privacy of foundation models.