for reasons that might include building a reputation in the industry or brand credibility. Overtly malicious attacks on ML/AI, however, tend to be at the hands of organized crime, state actors and even terrorist organizations. But Beveridge warns companies that any weaknesses they uncover themselves in their system have likely already been found by a third party. “So it’s foolish for a vendor to think hiding [the vulnerability] is going to work; it just means that only the bad guys have it … and the key motivators will quickly become money.” In addition to financial gain, reasons for adversarial attacks on ML/AI might also include damaging competitors, cracking security and spreading misinformation to sway public opinion. HiddenLayer was born out of an actual cyberattack in 2019 on the platform’s first incarnation, an AI company called Cylance, founded in Austin, Texas. The antivirus company worked to prevent malware attacks by employing machine learning, but the hackers were able to bypass the company’s antivirus model. With that attack, Cylance’s team discovered vulnerabilities in its services. “At that time, we didn’t really consider the attack on the AI itself, and that was a huge eye opener for us,” says Beveridge, who worked in cybersecurity at Cylance. Well before ChatGPT, many companies were picking up on AI. So it soon became obvious to Beveridge and his colleagues that, while they hadn’t secured their AI at Cylance, neither had other companies in the field. A Forrester consulting study, commissioned by HiddenLayer, found that 40% to 52% of participating companies were either still in the discussion phase regarding threats to their AI or they were using a manual process, meaning humans were tasked with keeping the assets secure. Meanwhile, the study reported that 86% of these companies were “extremely concerned or concerned” about the security of their ML/AI models. According to consulting service Gartner, two in five organizations have had an AI security or privacy breach, where one in five were malicious attacks. For the year 2021, researcher and publisher Cybersecurity Ventures found that cyberattacks cost an estimated $6 trillion globally. “And so we saw, as soon as this takes over, there’s going to be a massive need in the market for being able to secure AI itself,” Beveridge says. A few years following the Cylance cyberattack, HiddenLayer was founded with the vast majority of its engineering based in Portland. To date, its clients include mostly larger enterprise companies — including finance, government and defense, and cybersecurity, with Microsoft having climbed aboard as an investor. The platform is also launching a new product called SafeLLM—named after the “Large Language Model” used by ChatGPT — and will be aimed at protecting hosted models; basically, where a business is making use of an AI system that is off-site, like companies Anthropic and OpenAI. HiddenLayer can be viewed as adjacent to standard cybersecurity practices; in basic terms, a security framework observes the overall behavior of a system and throws up alarms if data appears fishy or misused. Yet still, HiddenLayer operates in largely uncharted waters, as Beveridge calls their platform “painfully innovative.” And the pain is likely coming from explaining to customers what, exactly, HiddenLayer offers when there isn’t an established industry to compare it to. Beveridge uses the analogy of the stop-motion animated series “Wallace & Gromit,” where the dog Gromit lays down his own tracks while simultaneously driving the train forward. At a time when news headlines are screaming for the need to regulate AI—often from those who are behind its advancements—Beveridge and HiddenLayer are coming at it a little differently. “As a company, we’re not seeking to rein in AI. What we’re interested in doing is keeping malicious parties from using your AI against you,” says Beveridge. “In a way, we are protecting you from AI as well, because we’re protecting AI that’s being hacked and used incorrectly.” AI AN IN-DEPTH REPORT PHOTOS BY JASON E. KAPLAN “The vast majority [of companies] are completely unguarded as far as we can tell. It’s kind of like the internet in the ’90s.” — David Beveridge 37
RkJQdWJsaXNoZXIy MTcxMjMwNg==