Representation EngineeringWe introduce and characterize the emerging area of representation engineering (RepE), an approach to enhancing the transparency of AI systems that draws on insights from cognitive neuroscience. RepE places population-level representations, rather than neurons or circuits, at the center of analysis, equipping us with novel methods for monitoring and manipulating high-level cognitive phenomena in deep neural networks

Universal Attacks on LLMsWe demonstrate that it is in fact possible to automatically construct adversarial attacks on LLMs, specifically chosen sequences of characters that, when appended to a user query, will cause the system to obey user commands even if it produces harmful content. Unlike traditional jailbreaks, these are built in an entirely automated fashion, allowing one to create a virtually unlimited number of such attacks. Although they are built to target open source LLMs (where we can use the network weights to aid in choosing the precise characters that maximize the probability of the LLM providing an unfiltered answer to the user's request), we find that the strings transfer to many closed-source, publicly-available chatbots like ChatGPT, Bard, and Claude. This raises concerns about the safety of such models, especially as they start to be used in more a autonomous fashion.

Globally-Robust Neural NetworksThis work integrates an efficient differentiable local-robustness verifier into the forward pass of a network during training, yielding networks that are provably robust on all inputs. Notably, these networks can be verified on new points in deployment with no additional overhead. This work will appear at ICML in July.

Capture: Centeralized Library Management for IoT DevicesOut-of-date third-party libraries are a huge source of vulnerability in commodity IoT devices. We tackle this challenge by splitting library code onto a secure, centralized hub, thus removing the burden of maintaining critical security patches from vendors. This work will appear at Usenix Security in August.

Fast Geometric Projections spotlight at ICLR'21In this paper, we present a fast procedure for checking local robustness on deep networks using only geometric projections. This leads to an efficient, highly-parallel GPU implementation that excels particularly for the L2 norm, where previous approaches that rely on constraints or abstraction have been less effective.

Leave-one-out UnfairnessFair decisions are about more than conditional parity. In this work, we explore the effect that small changes in the composition of training data can have on an individual's outcome under a model, and the ramifications that this has for the responsible application of deep learning to sensitive decisions.

AAAI'21 Tutorial: From Explainability to Model Quality and Back AgainThis tutorial explores the ways in which explainability can inform questions about the robustness, privacy, and fairness aspects of model quality, and how methods for improving them emerging out of several communities can in turn lead to better outcomes for explainability. We aim to make these findings accessible to a general AI audience, including not only researchers who want to further engage with this direction, but also practitioners who stand to benefit from the results, and policy-makers who want to deepen their technical understanding of these important issues.