🛡️

Microsoft's Generative AI and Responsible AI Practices

Jul 10, 2024

Microsoft's Generative AI and Responsible AI Practices

Introduction

  • Presenters: Rod Trent & Andrea Fiser
  • Series: Leading up to the general availability (GA) of Co-pilot for Security on April 1
  • Focus: Series on generative AI, particularly Co-pilot for Security

Background and Current State of AI

  • AI development has been ongoing at Microsoft long before the recent popularity of ChatGPT
  • Microsoft Sentinel in 2019 incorporated AI with machine learning for alert noise reduction
  • ChatGPT released by OpenAI significantly advanced the use of AI

Responsible AI Framework at Microsoft

  • Principles:
    • Fairness
    • Reliability and Safety
    • Privacy and Security
    • Inclusiveness
    • Transparency
    • Accountability
  • Microsoft's Actions:
    • Continuous work on responsible AI from June 2016 onwards
    • Several framework updates, with a focus on adaptability and evolving AI technology
  • Commitment: Comprehensive and consistently applied principles for responsible AI

Planning a Responsible Generative AI Solution

  • Steps:
    • Identify potential harms
    • Measure the presence of harms
    • Mitigate those harms
    • Operation and management of the solution
  • Alignment: NIST AI Risk Management Framework

Identifying Potential Harms

  • Examples:
    • Inaccurate cooking times (leading to food illness)
    • Recipe for lethal poison
  • Important Concepts:
    • Prompt filtering to avoid harmful responses

Prioritizing and Testing Harms

  • Process:
    • Prioritize based on severity (prioritize lethal harm over other types)
    • Use red teaming to test and verify AI responses
    • Red teaming encompasses continuous and rigorous testing including both benign and malicious scenarios

Mitigating Harms

  • Layers:
    • Model Layer: Choose the appropriate model (e.g., GPT-3 vs. GPT-4)
    • Safety System: Content filtering (Azure AI safety system)
    • Meta Prompt & Grounding: Using prompts effectively and grounding the AI with relevant data
    • User Experience: Ensuring both input and output are appropriate and user-friendly
  • Practical Applications:
    • Fine-tuning and retrieval augmented generation (RAG)

Operation and Deployment

  • Phases:
    • Pre-release reviews (compliance, security, privacy, accessibility)
    • Phased delivery, incident response, and rollback plans

Example - Co-pilot for Security

  • Functionality:
    • Augments security analysts’ skills and efficiency
    • Incorporates prompt books for task automation
  • Release Dynamics:
    • Available April 1, 2023
    • Functionality demonstrated in subsequent series sessions

Summary

  • Identified and measured potential harms within generative AI solutions
  • Mitigating those harms using multiple layers: model, safety system, meta prompt, grounding, and user experience
  • Deployment strategies for a controlled and secure release

Next Sessions:

  • April 2: Describing Microsoft Co-pilot for Security
  • Following sessions: Deep dive into features, enabling within organizations

Full transcript