Hackers bring AI security tests to Capitol Hill
Roughly 100 lawmakers, congressional staffers and others got a taste of how secure generative AI chatbots are at a private event on Capitol Hill last week.
Driving the news: The event, hosted by Hackers on the Hill and a few partner organizations, allowed participants to explore what a few popular large language models, including Meta's Llama 2, are able to do, organizers told Axios.
Why it matters: Lawmakers are currently drafting bills that would regulate everything from how government offices can use AI to the security standards that AI models must meet.
- But few lawmakers and staffers have had the chance to talk directly with hackers about how these models can actually be manipulated.
What they're saying: "There's layers between staffers and the hackers building the solutions," Sven Cattell, founder of DEF CON's AI Village and organizer for Hackers on the Hill, told Axios. "I had no agenda other than getting 'boots on the ground' [hackers] to talk to [Congress]."
Details: The private red-teaming event took place in a House office building Wednesday, a day before Hackers on the Hill's broader, daylong cybersecurity event, Cattell and partner organization Robust Intelligence told Axios.
- Participants were able to play around with different types of AI chatbots — including those that were trained on data across the web and those that were trained in a fire-walled environment that limited what data was available.
- "Most of it was just hanging out and talking to [the lawmakers and congressional staffers] and getting asked a lot of different questions," Cattell said.
Between the lines: The Capitol Hill event was aimed at just letting staffers and lawmakers learn more about different AI models, unlike the event at last year's DEF CON where thousands of hackers were asked to beat prompts and make chatbots misbehave, Cattell said.
- Cattell is hopeful the event will help inform ongoing discussions on the Hill and inside the Biden administration about what exactly an AI security vulnerability is and how exactly researchers should report one.
What's next: Cattell teased that he has more events and partnerships brewing in 2024 but declined to share specifics while they're being finalized.
- "I have plans for this year, but you'll hear about them at RSA," he said.