"But researchers have discovered that ML accelerators may contain a fundamental flaw in the way they handle power supply while processing AI tasks that exposes an AI model's training data. "Chips are designed in such a way that they power up different segments of the chip depending on their usage and demand to conserve energy," said Darsh Asher, co-author of the exposing GATEBLEED and PhD student at NC State. "This phenomenon is known as power gating and is the root cause of this attack. Almost every major company implements power gating in different parts of their CPUs to gain a competitive advantage.""
""This fluctuation was measurably different when the ML accelerator processed data on which the AI model it is running was trained versus when it isn't, researchers found, allowing attackers to indirectly access privileged information. \"So if you plug data into a server that uses an AI accelerator to run an AI system, we can tell whether the system was trained on that data by observing fluctuations in the AI accelerator usage,\" said Azam Ghanbari, co-author of the paper and PhD student at NC State. \"And we found a way to monitor accelerator usage using a custom program that requires no permissions.\"""
A vulnerability called GATEBLEED stems from power-gating in ML accelerators, where chip segments power up or down based on usage to conserve energy. Power-supply and usage fluctuations are measurably different when the accelerator processes data that were part of a model's training set versus other inputs. Those distinguishable signals allow an attacker to infer whether specific data were included in training, risking exposure of privileged training information. The attack can be executed by monitoring accelerator usage via a custom program that requires no permissions. The flaw affects common NPUs and accelerator designs used in consumer and enterprise devices.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]