US intelligence agencies will be deploying generative artificial intelligence (AI) to analyze sensitive data. Announced last week, Microsoft’s generative AI models for intelligence agencies will be “air-gapped” into cloud-based environments to address security issues with large language models (LLMs), which are typically internet-facing.
It will be the first major law school to be disconnected from the internet, but still retain most of its computing power. Generative AI can analyze vast amounts of data and recognize patterns much faster than humans. The CIA began using generative AI tools for unclassified purposes last year, but more sensitive national security information must be kept off the public internet.
“This is the first time we’ve had a quarantined version, and by quarantine I mean it’s not connected to the internet, it’s on a special network that only the U.S. government has access to,” William Chappell, Microsoft’s chief technology officer for strategic missions and technology, told Bloomberg.
Generative AI and IC
Chappell told Bloomberg that the new AI tool could theoretically be made available to 10,000 members of the Intelligence Community (IC) who require access to top-secret data. The tool went live last Thursday and will go through a testing and certification phase before being made available to the intelligence community more widely.
“Generative AI can help intelligence agencies process data faster and discover links between different data points,” Roger Entner, a technology industry analyst at Recon Analytics, told ClearanceJobs. “One of the most critical areas is processing the myriad phone calls, emails, and other data transmissions that services need to collect and understand.”
Air-Gapped Platform
The AI platform is developed in such a way that it can read the files but cannot learn from them in a way that would affect the output, and the data is not accessible from the internet.
“The only way we can envision an IC that uses generative AI techniques is to keep it isolated from the internet,” explained Dr. Jim Partiro, an associate professor of computer science at the University of Maryland.
“Aside from domain sensitivity – the risk of revealing sensitive information to others – it’s reasonable to assume that Microsoft’s LLM will be used in all the ways that technology is typically used today: to help prepare reports, answer common questions, find information, etc.,” Purtilo told ClearanceJobs. “The workflow is often exactly the same as it is in corporate US, so it makes sense to streamline it with new tools.”
However, even with isolated models, there are concerns that data may leak between protected IC projects.
“In a typical setting, these models learn from prompts over time, so when you share a model, you can expect information to be shared unintentionally, even outside of the project,” Purtilo continues. “One user’s answer to a prompt may be based on another user’s interaction that was not intended to signal that specific data was known.”
Addressing bias in AI
Another concern is bias, Partiro warned, noting that open systems have already seen how over- or under-emphasizing certain traits in models can lead to surprisingly “bizarre behavior.” He cited the example of Google’s AI that portrayed President George Washington as black, which was the result of the AI being built on a biased dataset or generated by biased engineers.
The mischaracterization of Washington drew criticism, but there are concerns that the IC could draw erroneous conclusions from similar biases.
“But at IC, skepticism is one of our most important tenets,” Partiro added. “The danger is that those training the models may condition responses over time in ways that mask biases and avoid critical review. That may be inadvertent, but it nevertheless takes us away from our central role of upholding dispassionate objectivity in advising leadership.”
Finally, there are concerns regarding the specificity of the data.
“In an open system, it seems like LLMs are free to make things up and sometimes call them ‘hallucinations,'” Purtilo says. “Since these models are basically an average of what most previous users thought they wanted to hear, what you want to hear is often not what you actually want to hear. ICs can’t afford to risk taking key details from LLMs at face value. They need to check everything.”
