A Look at Advai’s Assurance Techniques as Listed on CDEI

This article was originally published on LinkedIn: A Look at Advai’s Assurance Techniques as Listed on CDEI | LinkedIn

The British public sector is highly motivated to speed up technology adoption across government, by absorbing innovations and breakthroughs from private businesses across the UK economy.

So much innovation is locked behind private walls in the name of intellectual property protection and competitive advantage.

There is a particularly strong incentive for the public sector to promote the best practices for tackling compliance or risk-related challenges with as many businesses as possible. The Department for Science, Innovation and Technology (DSIT) has taken on this challenge as it relates to sharing best practices in AI safety.

Artificial intelligence is powerful yet incredibly unwieldy.

It is not programmed to do anything precisely; it is an architecture of algorithms that mathematically optimise its feature weights during a process of ‘training’. This method is an incredible way of indirectly programming a huge number and variety of capabilities without having to programme any single one of these capabilities.

It should be no surprise, then, when it goes wrong, that unexpected things happen.

This harks back to the very reason Advai was conceived and founded by David Sally and Chris Jefferson.

Perhaps you've never heard our origin story?

Dave (David Sully, CEO) was a diplomat working in international relations surrounding the adoption of technology across governments. He was surprised to discover that many people were talking about the benefits of AI, without much of an understanding of how these systems might go wrong - and what to do about it if things did go awry.

• How can AI systems fail?
• Can they be provoked into failure?
• What would happen if these systems behaved unexpectedly?
• How can you keep your systems operating as you intend?
• How would you measure this? How would you measure the impact?

These were big questions that nobody really had an answer for.

Chris (Chris Jefferson, CTO), on the other hand, was working on IT systems that managed risk in the financial sector. As you know, the financial sector is almost synonymous with the concept of managed risk.

Dave related the insight to Chris, and together they began building containerised software solutions to test, evaluate, and monitor specific functions of individual AI systems.

Before this was cool, the only entity with an appetite for these kinds of testing functions was the UK Ministry of Defence who are understandably risk-averse when it comes to any kind of automated system, whether intelligence based or operational.

We’re really proud of the work we’ve been doing with MoD over these last four years. We feel like we’ve been given a head-start on AI Safety, now that the rest of the world needs a good understanding of AI failure modes, too! #generativeAI

Four years ago, the concept of "ChatGPT" would have sounded like idealistic nonsense.

Even AI professionals would have laughed you out of the room if you had described the world we live in today—a world where to-do lists write themselves, and paintings are their own brushes.

It would have seemed unbelievable, this progress we have already grown accustomed to in generative AI.

Governments have taken an approach based on risk and impact.

This is generally a good thing because it's hard enough for the technical professionals working within the sector to explain how things work, let alone lawmakers.

Only Biden's Executive Order specified restrictions on a certain scale of model, as measured by the number of [billions of] parameters. Otherwise, restrictions mostly apply to models that negatively affect lives.

Some in Europe complain that such all-encompassing, broad-stroke legislation will hinder innovation. Yet this clarity, whether you agree with the specifics or not, is a good thing for organisations trying to remain compliant and avoid risk, as they invest in innovations in the future. Legislation unlocks innovation because businesses avoid making investments in capabilities that have a chance of becoming outlawed.

Present market conditions are strongly incentivising AI adoption. The reality of 2024 and onwards, in our opinion, is that if your business isn't making use of AI, it probably won't remain competitive for long. The sheer efficiency and productivity gain that AI brings—or at least can bring if implemented correctly—is all the motivation a capitalistic entity should need

The simple truth is that the intelligence part of artificial intelligence is not something that can be intuitively understood.

Ultimately, it's maths and software, and so it needs mathematical and software-based assurance techniques to ensure it does what it's supposed to do and doesn't do what it's not supposed to do. Advanced, automated, research-led assurance techniques.

We need AI powered testing and evaluation techniques for AI.

The Centre for Data Ethics and Innovation is now called the Responsible Technology Adoption Unit (RTA), and it's part of the Department for Science, Innovation and Technology. They host a portfolio of AI assurance techniques, which is a carefully reviewed selection of methods, frameworks, and approaches, categorised as either technical, procedural, or educational.

(Disclaimer: they don't endorse any of the methods or businesses hosted.)

Assurance is a broad and slightly fuzzy concept, but RTA have identified eleven types of technique as listed in their filters.

1. Data assurance
2. Compliance order
3. Formal verification
4. Performance testing
5. Certification
6. Risk assessment
7. Impact assessment
8. Impact evaluation
9. Conformity assessment
10. Bias audit
11. Assurance warranty

 

It's probable this list will evolve and refine over time. After all, AI assurance is a field undeniably ‘under development’. Developmental in the sense that the field is like a child with all the required material floating around the skill, but without the organisation and structure that an adult brain earns through years of moulding as sculpted by experience.

There have been multiple calls for the standardisation of assurance, yet for now this is a pipedream.

In lieu of standardisation, it is up to the present-day adopters of AI systems to do their best to select the most appropriate methods themselves.

From Advai’s perspective, right now we don’t see successful AI assurance as being anything but highly customised. In any case, one thing can be said with a good degree of certainty: you probably shouldn't mark your own homework.

This RTA portfolio is a step in the right direction of standardisation because it increases the transparency of these sorts of techniques and shares information across the industry, amongst competitors, and of course with the end AI adopters—i.e., clients.

Over time, in Darwinian fashion, these techniques will be culled, changed, blended and formalised. It’s too early to say how this might happen, but you might begin to see some industries demanding certain types of tests. Some evaluations may be made mandatory by insurers, or Governments could impose types of guardrails.

Across our submitted approaches, every single one has been assigned to multiple assurance techniques and we think this multifaceted approach is necessary.

You might have the best bias audit software in the world, but if risk assessments and compliance audits aren't taking place, then your AI simply isn't assured, and you shouldn't adopt it.

You certainly shouldn't deploy it where it might impact consumers (but how would you know if you haven't done an impact assessment?!).

These first two approaches describe our platform, both the broader version and the version customised for LLM alignment:

• ‘Streamlining AI Governance with Advai Insight for Enhanced Robustness, Risk Management and Compliance’
• ‘Robustness Assurance Framework for Guardrail Implementation in Large Language Models (LLMs)’

These next three approaches are directly based on specific client use-cases:

• ‘Advanced Evaluation of AI-Powered Identity Verification Systems’
• ‘Assurance of Computer Vision AI in the Security Industry’
• ‘Robustness Assessment of a Facial Verification System Against Adverse Adversarial Attacks’

This approach essentially describes Advai Versus, which is our testing and evaluation library:

• ‘Operational Boundaries Calibration for AI Systems via Adversarial Robustness Techniques’

Finally, these two more specifically cover risk and compliance:

• ‘Regulatory Aligned AI Deployment Framework’
• ‘Implementing a Risk-Driven AI Regulatory Compliance Framework’

To give you a better idea of how we might work with a client deploying a variety of AI systems (yet having absolutely no AI assurance in place), our typical service would include:

1. Operational boundaries calibration through testing
2. Regulatory alignment
3. Risk assessment
4. The monitoring platform

We would argue that AI assurance that doesn't include all of these elements would be missing something.

Some of these approaches can be applied broadly, while others need to be tailored to specific use-cases and contexts. Although standardisation is emerging, there is still a significant need for customised assurance techniques to address particular challenges.

It's fascinating to see our burgeoning sector begin to stabilise. 

From our perspective, anything that promotes AI safety and removes barriers to AI assurance is a positive development.

Let's conclude by saying that, in absence of and as a step towards the standardisation of best practices in AI Safety, the Government is motivated to accelerate the adoption of AI Safety techniques and approaches.

The unexpected outcomes we have come to expect with AI systems underscore the need for robust assurance techniques and the truth is that the sector doesn’t have the final solution, yet.

This is where companies like Advai come in.

Our sector is busy in the creation of software solutions that automate or enhance the testing, evaluation, and monitoring of AI systems, thus enhancing AI safety. Both niche and broad platform-esque approaches are emerging.

While broad sweeping legislation might be seen as stifling by some, it is at least providing clarity for businesses investing in AI. There’s still regulatory uncertainty and a lack of assurance standardisation in Europe, yet so long as you build AI mindful of the basic AI Safety hygiene factors (impact, privacy, fairness, explainability, security, accountability and safety), you’ll probably be fine.

While standardisation remains a goal, the current landscape requires customised approaches to AI assurance.

In lieu of standardisation, AI Safety experts must

1. analyse the specific context of your AI systems, and
2. marry up a solid suite of Assurance techniques, like those which Advai offer.

In any case, exercising control for its own sake is prudent because negligent AI adoption is likely to result in stricter judicial scrutiny and punishment.

Advanced, automated, research-led techniques are key to ensuring AI systems perform as intended and with limited unintended consequences.

In reviewing Advai's submissions to the RTA’s AI Assurance portfolio, we hope you’ll see that effective AI governance means managing various aspects of robustness, risk and compliance, and highlights the importance of multifaceted assurance approaches. As the sector matures, you will need to keep adapting to the updated bank of AI safety knowledge.

And if you need some help navigating the space, you know who to call.

Overviews for each of our eight assurance use-cases:

• Streamlining AI Governance with Advai Insight for Enhanced Robustness, Risk Management and Compliance

Advai Insight is a platform for enterprises that transform complex AI risks and robustness metrics into digestible, actionable insights for non-technical stakeholders. It bridges the communication divide between data science experts and decision-makers, ensuring that the management of AI risk and AI regulation compliance is efficient and informed.

• Robustness Assurance Framework for Guardrail Implementation in Large Language Models (LLMs)

To assure and secure LLMs up to the standard needed for business adoption, Advai provides a robustness assurance framework designed to test, detect, and mitigate potential vulnerabilities. This framework establishes strict guardrails that ensure the LLM’s outputs remain within acceptable operational and ethical boundaries, in line with parameters set by the organisation. Our adversarial attacks have been optimised across multiple models with different architectures, therefore relevant to a broad range of LLMs. Not only do these attacks reveal potential causes of natural failure, but we can therefore immunise client LLMs against similar attacks, enhancing the guardrail’s longer-term effectiveness.

• Advanced Evaluation of AI-Powered Identity Verification Systems

Advai's toolkit evaluates identity verification AI models for security, and robustness. It identifies natural and adversarial vulnerabilities using our library of stress-testing tools. The toolkit examines natural vulnerabilities through image manipulations like noise, lighting, and rotation. Adversarial vulnerabilities are assessed by injecting subtle perturbations. Applied throughout the MLOps lifecycle, it ensures AI models are robust by design, not just at deployment.

• Assurance of Computer Vision AI in the Security Industry

Evaluation of the resilience of a facial verification system used for authentication, namely in the context of preventing image manipulation and ensuring robustness against adversarial attacks. The focus was on determining the system’s ability to detect fraudulent efforts to bypass facial verification or ‘liveness’ detection and to resist manipulations from fake imagery and feature space attacks.

• Robustness Assessment of a Facial Verification System Against Adverse Adversarial Attacks

Advai offers a robustness assurance framework to secure LLMs for business use. This framework tests, detects, and mitigates vulnerabilities, ensuring outputs stay within operational and ethical boundaries set by organisations. Our optimised adversarial attacks, applicable to various LLM architectures, reveal natural failure causes. This process enhances long-term effectiveness by immunising client LLMs against similar attacks.

• Operational Boundaries Calibration for AI Systems via Adversarial Robustness Techniques

To ensure safe AI deployment in enterprises, understanding fault tolerances through adversarial stress-testing is crucial. Our tools identify failure types (e.g., skewed, foggy images) and adversarial (minor parameter variations). The process starts with "jailbreaking" models to uncover flaws using adversarial inputs, defining operational limits, and calibrating AI systems to their failure points.

• Regulatory Aligned AI Deployment Framework

Adopting AI in high-risk domains requires stringent regulatory adherence for safety, transparency, and accountability. Our system aligns AI deployment with performance metrics, regulatory risks, and societal impact. It uses task APIs for benchmarks, evaluations, and metrics, deployable as cloud or on-premise microservices. MLOps practices integrate with regulatory frameworks, addressing the needs of data scientists, compliance officers, executives, and the public, ensuring responsible AI innovation and deployment.

• Implementing a Risk-Driven AI Regulatory Compliance Framework

Managing risk effectively is a compliance requirement. This use case integrates a variety of ISO standards with AI development. It enables a structured approach to assess and mitigate AI risks through stress testing. It involves understanding context, identifying risks (data privacy, biases, security), assessing failure likelihood, treating risks, and continuous monitoring. Blending our testing approaches with these standards ensures AI systems meet regulatory and risk requirements (versus testing for the sake of testing!).