29
Fri, Nov
0 New Articles

Teaching large language models to “forget” unwanted content

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

While large language models are becoming exceptionally good at learning from vast amounts of data, a new technique that does the opposite has tech companies abuzz: machine unlearning.

This relatively new approach teaches LLMs to forget or “unlearn” sensitive, untrusted or copyrighted data. It is faster than retraining models from scratch and retroactively removes specific unwanted data or behavior.

No surprise then that tech giants like IBM, Google and Microsoft are hustling to get machine unlearning ready for prime time. The growing focus on unlearning, however, also highlights some hiccups with this technique: models that forget too much and a lack of industry-wide tools to evaluate the effectiveness of the unlearning.

From learning to unlearning

Trained on terabytes of data, LLMs “learn” to make decisions and predictions without being explicitly programmed to do so. This branch of AI known as machine learning has soared in popularity as algorithms imitate the way that humans learn, gradually improving the accuracy of the content they generate.

But more data also means more problems. Or as IBM Senior Research Scientist Nathalie Baracaldo puts it, “Whatever data is learned—the good and the bad—it will stick.”

And so ever larger models can also generate more toxic, hateful language and contain sensitive data that defy cybersecurity standards. Why? These models are trained on unstructured and untrusted data from the internet. Even with rigorous attempts to filter data, aligning models to define what questions not to answer and what answers to provide and using other guardrails to inspect a model’s output—still, unwanted behavior, malware, toxic and copyrighted material creep through.

Retraining these models to remove the undesirable data takes months and costs millions of dollars. Furthermore, when models are open sourced, any vulnerabilities in the base model are carried onto many other models and applications.

Unlearning approaches aim to alleviate these problems. By identifying unlearning targets such as specific data points like content containing harmful, unethical or copyrighted language or unwanted text prompts, unlearning algorithms efficiently remove the effect of targeted content. 

Forgetting Harry Potter

A team of researchers from Microsoft used this unlearning approach to see if they could make Meta’s Llama2-7b model forget copyrighted material from Harry Potter, which it had been trained on from the internet. Before unlearning, when the researchers entered a prompt such as “Who is Harry Potter?” the model responded: “Harry Potter is the main protagonist in J.K. Rowling’s series of fantasy novels.”

After fine-tuning the model to “unlearn” copyrighted material, the model responds with the following to the same prompt: “Harry Potter is a British actor, writer, and director…”.

“In essence, every time the model encounters a context related to the target data, it ‘forgets’ the original content,” explained the researchers Ronen Elden and Mark Russinovich in a blog post. The team shared their model on Hugging Face so the AI community could explore unlearning and tinker with it as well.

In addition to removing copyrighted material, removing sensitive material to protect individuals’ privacy is another high-stake use case. A team, led by Radu Marculescu at the University of Texas at Austin, collaborating with AI specialists at JP Morgan Chase, is working on machine unlearning for image-to-image generative models. In a recent paper, they showed that they were able to eliminate unwanted elements of images (the “forget set”) without degrading the performance of the overall image set.

This technique could be helpful in scenarios such as drone surveys of real estate properties, for instance, said Professor Marculescu. “If there were faces of children clearly visible, you could blot those out to protect their privacy.”

Related: Tackling bias in machine learning models

Google is also busy tackling unlearning within the broader open-source developer community. In June 2023, Google launched its first machine unlearning challenge. The competition featured an age predictor that had been trained on face images. After the training, a certain subset of the training images had to be forgotten to protect the privacy or rights of the individuals concerned.

While it’s not perfect, the early results from various teams are promising. Using machine unlearning on a Llama model, for instance, Baracaldo’s team at IBM was able to reduce the toxicity score from 15.4% toxicity to 4.8% without affecting the accuracy of other tasks the LLM performed. And instead of taking months to retrain a model, not to mention the cost, unlearning took all of 224 seconds.

Speed bumps

So why isn’t machine unlearning widely used?

“Methods to unlearn are still in their infancy and they don’t yet scale well,” explains Baracaldo.

The first challenge that looms large is “catastrophic forgetting”—meaning a model forgets more than the researchers wanted so the model then no longer performs key tasks it was designed for.

The IBM team has developed a new framework to improve the functioning of models post training. Using an approach they describe as split-unlearn-then-merge or SPUNGE they were able to unlearn undesirable behavior such as toxicity and hazardous knowledge such as biosecurity or cybersecurity risks, while preserving the general capabilities of the models.

Developing comprehensive and reliable evaluation tools to measure the effectiveness of unlearning efforts also remains an issue to resolve, say researchers across the board.

The future of machine unlearning

While unlearning may still be finding its feet, researchers are doubling down since there is such a broad array of potential applications, industries and geographies where it could prove useful.

In Europe for instance, the EU’s General Data Protection Regulation protects individuals’ “right to be forgotten.” If an individual opts to remove their data, machine unlearning could help ensure companies adhere to this legislation and remove critical data. Beyond security and privacy, machine unlearning could also be useful in any situation where data needs to be added or removed when licenses expire or clients, for instance, leave a large financial institution or hospital consortium.

“What I love about unlearning,” says Baracaldo, “Is that we can keep using all our other lines of defense like filtering data. But we can also ‘patch’ or modify the model whenever we see something goes wrong to remove everything that’s unwanted.”

IBM is a leading global hybrid cloud and AI, and business services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM's legendary commitment to trust, transparency, responsibility, inclusivity, and service.

For more information, visit: www.ibm.com.

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: