Images purporting to show the former president’s arrest surfaced online shortly after rumors of his impending indictment surfaced. These pictures seemed to be news photographs, yet they were phonies. A system of generative artificial intelligence created them.
The use of text generators like Bard, ChatGPT, Chinchilla, and LLaMA, as well as image generators like DALL-E, Midjourney, and Stable Diffusion, has exploded in the public sphere. These systems can do anything from create an eerily realistic image from a caption, synthesize a speech in the voice of President Joe Biden, replace one person’s likeness with another in a video, or write a coherent 800-word op-ed from a title prompt by combining clever machine-learning algorithms with billions of pieces of human-generated content.
Even in its infancy, generative AI is capable of producing content that is extremely realistic. We discovered, together with my colleague Sophie Nightingale, that the average person is unable to reliably distinguish an AI-generated person from an image of a real person. Despite the fact that sound and video have not yet completely gone through the uncanny valley—pictures or models of individuals that are agitating in light of the fact that they are near but not exactly practical—they are probably going to soon. At the point when this occurs, and it is, in essence, ensured to, it will turn out to be progressively simpler to misshape reality.
In this new world, it will be simple to produce a video in which a CEO claims that her company’s profits are down 20%, which could result in a loss of billions of market share. It will also be simple to produce a video in which a world leader threatens military action, which could lead to a geopolitical crisis. It will also be simple to insert the image of anyone into a video that is sexually explicit.
The proliferation of fake but visually convincing content online will soon be caused by advancements in generative AI, resulting in an even more chaotic information ecosystem. Detractors will be able to quickly dismiss as fake actual video evidence of everything from police violence and violations of human rights to a world leader burning top-secret documents. This is a secondary effect.
There are reasonable and technologically feasible interventions that can be used to help mitigate these abuses as society faces what is almost certainly just the beginning of these advances in generative AI. I believe that watermarking is a crucial technique because I am a computer scientist who specializes in image forensics.
Watermarks
Watermarks Documents and other items have been marked for a long time to demonstrate their authenticity, indicate ownership, and combat counterfeiting. Today, every digital image in the Getty Images catalog has a visible watermark added by the massive image archive. Customers can freely browse images while Getty’s assets are safeguarded.
Indistinct advanced watermarks are likewise utilized for computerized privileges for executives. A digital image can be given a watermark by, for instance, adjusting every tenth pixel so that its color—typically a number between 0 and 255—has an even value. The watermark is virtually undetectable due to the extremely minute pixel tweaking. Additionally, it can be used to verify an image’s provenance because this periodic pattern is unlikely to occur naturally and can be easily verified.
With millions of pixels in even medium-resolution images, additional information like a unique user ID and a unique identifier for the software that generated the image can be embedded in the watermark. Both audio and video can use the same kind of invisible watermark.
The ideal watermark resists simple manipulations like cropping, resizing, adjusting color, and converting digital formats while also remaining undetectable. Although the color values can be changed, the pixel color watermark example is not resilient; numerous watermarking strategies have been proposed that are resilient—but not impervious—to attempts to remove them.
The ability to create fictitious videos of real people is becoming more accessible.
AI and watermarking
These watermarks can be baked into generative AI systems by watermarking all of the training data, which will then be used to watermark the generated content. This baked-in watermark is appealing because it allows generative AI tools, such as the image generator Stable Diffusion, to be open-sourced without the risk of a watermarking process being removed from the software. Since Stable Diffusion is open source, anyone can simply remove the watermarking function from the code.
A method for watermarking ChatGPT creations is currently being tested by OpenAI. Text watermarking takes on a different form because paragraph characters cannot, of course, be modified in the same way that pixel values can.
The goal of text-based generative AI is to find the next most rational word in a sentence. For instance, if the sentence fragment is “an AI system can…” ChatGPT will predict that “learn,” “predict,” or “understand” will be the next word. A probability that corresponds to the likelihood of each of these words appearing next in the sentence is associated with each of these words. These probabilities were gleaned from ChatGPT’s extensive training text.
Produced text can be watermarked by covertly labeling a subset of words and then biasing the determination of a word to be an interchangeable labeled word. For instance, “understand” can be substituted for the tagged word “comprehend.” A body of text is watermarked based on a particular distribution of tagged words by periodically biasing word selection in this manner. Depending on the specific watermark details, this method is generally effective with texts of 800 or more words, but it won’t work for short tweets.
All content produced bygenerative AI systems should, in my opinion, be watermarked to facilitate easier identification and intervention in the future. Legislators may enact regulations to enforce this rule if the industry refuses to comply. Deceitful individuals will, obviously, not follow these norms. However, the harm will be significantly lessened if the major online gatekeepers—Apple and Google app stores, Amazon, Google, Microsoft cloud services, and GitHub—enforce these rules by banning software that does not comply.
Signing authentic content
A similar strategy could be used to authenticate original audiovisual recordings at the point of capture to address the issue from the other side. The content that is recorded could be cryptographically signed by a specialized camera app as it is recorded. This signature cannot be altered without leaving behind evidence of the attempt. After that, the signature is saved on a central list of trusted signatures.
Audiovisual content can then be verified as having been created by humans, despite not being applicable to text. An open specification supporting this strategy was recently made available by the Coalition for Content Provenance and Authentication (C2PA), a group working together to develop a standard for authenticating media. With significant foundations including Adobe, Microsoft, Intel, BBC and numerous others joining this work, the C2PA is strategically set up to create successful and broadly sent validation innovation.
While it won’t completely eliminate all forms of abuse, the combination of signing and watermarking of content created by humans and AI will offer some degree of protection. As adversaries discover novel ways to weaponize the most recent technologies, any safeguards will need to be continuously modified and improved.
We should prepare ourselves for an equally lengthy battle to defend against various forms of abuse perpetrated by generative AI, just as society has been fighting against other cyber threats like spam, malware, and phishing for decades.
Provided by The Conversation
