# FIT5230 Week 11: AI Security, Warfare, and Governance

## 1. The Dual Nature of AI: Power and Responsibility

AI is ubiquitous, with tools like Midjourney, ChatGPT, and Gemini becoming commonplace. While AI is not new, advancements in hardware and software have expanded its applications significantly. However, "with great power comes great responsibility".

### Beneficial Applications
* **Healthcare:**
    * **Data Efficiency:** AI processes massive datasets (like genetics) faster than humans to identify disease-linked genes .
    * **Drug Discovery:** It accelerates finding treatments by matching existing medications to diseases (e.g., the non-profit *Every Cure*).
    * **Considerations:** For AI to be viable in healthcare, it must be at least as accurate as human doctors, liability for errors must be established, and it must not worsen existing health inequities or discrimination .
* **Transportation:**
    * **Traffic Management:** AI analyzes real-time data (weather, accidents) to adjust traffic signals and optimize flow .
    * **Navigation:** Algorithms in apps like Google Maps use historical and real-time data to suggest optimal routes .

---
<hr>

## 2. Security Threats on AI (The CIA+N Model)

AI systems introduce specific vulnerabilities across standard security principles.

### 1. Confidentiality (CONF)
* **Threat:** Inadvertent exposure of sensitive information.
* **Mechanism:** If a model is trained on personal data, it might "leak" private details during operation.
* **Example:** A customer service chatbot revealing personal info from previous training conversations.

### 2. Integrity (INT)
* **Threat:** Manipulation of the system to produce harmful or incorrect outputs.
* **Mechanism:** **Data Poisoning**, where attackers corrupt the training data.
* **Example:** An AI diagnostic tool fed false data leads to incorrect medical treatments.

### 3. Authentication (AUTH)
* **Threat:** Bypassing authentication mechanisms.
* **Mechanism:** Using Deepfake technology to create realistic fake identities that trick biometric scanners.
* **Example:** Using a deepfake video to impersonate a user and gain unauthorized system access.

### 4. Non-Repudiation
* **Threat:** Difficulty in proving the origin of actions, leading to denial of involvement.
* **Mechanism:** The ease of generating AI content allows perpetrators to plausibly deny they created malicious communications.
* **Example:** A fraudster sending an AI-generated email and denying authorship, complicating the investigation.


---
<hr>

## 3. Malicious AI Applications & Warfare

### Biological Threats
* **Gene Sequencing:** AI assists in sequencing nucleotides, which can be used to modify organisms .
* **Democratization of Harm:** AI simplifies complex biological processes, allowing non-experts to potentially create dangerous pathogens or novel viruses .

### AI in Warfare
* **Scenario Planning:** Military powers use AI to simulate warfare scenarios and create strategic plans based on vast data analysis .
* **Guidance & Detection:**
    * Enhancing missile guidance accuracy.
    * Analyzing sonar data to detect covert submarines.
* **Current Events:** The US military is exploring the use of Large Language Models (LLMs) and Generative AI for military operations.

### The AI-Augmented Adversary
* AI amplifies human capabilities. If a human actor is malicious, an "AI-augmented adversary" presents a security problem much harder to solve than traditional threats.
* The distinction between the real and virtual worlds blends, challenging traditional concepts of authentication ("Is it you or your avatar?") .

---
<hr>

## 4. Real-World Impact: Bias and Disinformation

AI systems can institutionalize bias and facilitate harm if not governed correctly.

### Case Study: Algorithmic Bias in Justice
A study of the COMPAS recidivism algorithm highlighted severe bias :
* **Vernon Prater (White male):**
    * *Record:* 2 armed robberies, 1 attempted armed robbery.
    * *AI Rating:* **Low Risk (3)**.
    * *Outcome:* Re-offended (Grand Theft).
* **Brisha Borden (Black female):**
    * *Record:* 4 juvenile misdemeanors.
    * *AI Rating:* **High Risk (8)**.
    * *Outcome:* Did not re-offend.
* *Implication:* The AI learned patterns from discriminatory data, worsening inequality.

### Other Risks
* **Physical Harm:** Reports of criminals using Generative AI to plan attacks (e.g., Tesla Cybertruck explosion attempt).
* **Disinformation:** Fully autonomous AI systems (like "CounterCloud") designed to generate and spread disinformation.
* **Mental Health:** Chatbots failing to detect suicidal or violent intentions, posing risks to vulnerable users.

---
<hr>

## 5. AI Governance

Governance is the key to reducing harms while sharing benefits.

### Regulatory Frameworks
* **EU AI Act:** A law governing AI development in the EU, adopting a **risk-based approach** (applying different rules based on the risk level of the AI) .
* **United States (SR-11-7):** A regulatory standard for model governance specifically in banking.
* **Asia-Pacific:**
    * Malaysia: Establishment of the National AI Office (NAIO).
    * ASEAN: Guide on AI Governance and Ethics.

### Challenges in Governance
* **Lack of Evidence:** The necessary evidence base for regulation often does not exist yet.
* **Politics:** Diverse stakeholders lead to conflicting priorities and information politics.
* **Knowledge Gap:** Decision-makers often lack a fundamental understanding of AI technologies.
* **Global Disparity:** Existing issues, such as the "AI divide" between the Global North and South, are amplified.

how do I get into AI in healthcare?

FIT5230 Week 11 Tutorial
Future of AI, AI Fairness & LLM Safety  
1. From the fairness shapley value, if we observe that a certain feature contributes a lot to the
unfairness (e.g., marital status in demographic parity difference), is it always correct to remove
that particular feature from the model?  
No, because the bias may still be present in other variables, and it can still be correct even if unfair  

2. Why is fairness a critical consideration in AI systems, especially in healthcare applications?  
Because this could cause systematic unfairness  

3. If an AI system in healthcare makes a biased diagnosis due to biased training data, who should be
held responsible — the developers, the healthcare provider, or the regulator?  
All of them  

4. Do you think fairness in AI should be defined universally, or should it adapt to local cultural and
social contexts?  
Adapt  

5. What makes AI governance especially challenging compared to traditional technology
governance?  
No one wants to take responsibility for this, lack of digital literacy for policymakers    

6. With AI systems capable of creating realistic deepfakes, should governments regulate the use of
generative AI or the development of the underlying models?  
Yes  

7. Imagine a future where AI systems become indistinguishable from humans in voice, face, and
behavior. How might this reshape human trust, law, and governance?  


8. What are the main risks associated with deploying LLMs in real-world applications?  
Hallucinations, misinformation, privacy leakage, brain rot  

9. How can we prevent LLMs from leaking sensitive information embedded in their training data?  
Red teaming, safety audits, access control  

10. LLMs often struggle with adversarial attacks such as prompt injection. Why is this problem
particularly difficult to solve?  
LLM can fool itself

11. What role do “red-teaming” and adversarial testing play in LLM safety?  
Actors try to break LLM safety and patch the loopholes

12. What governance mechanisms can be put in place to ensure LLM safety at scale?  

