Global Airport Monitoring at Your Fingertips: How Few-Shot Learning Is the New Table Stakes in Automated Target Recognition
Global Airport Monitoring at Your Fingertips: How Few-Shot Learning Is the New Table Stakes in Automated Target Recognition
As CEO of a company building computer vision tools for the US government (USG), when ChatGPT news started springing up everywhere, I wanted to understand how large foundation models* might serve dual civil-military uses and the opportunities and risks that they pose. The potential impact, at both ends of that spectrum, are great; therefore, the purpose of this piece is to discuss the national security implications of foundation models for policymakers and our defense and intelligence (D&I) partners. (In my last blog (link), I wrote about how foundation models may impact the AI startup landscape).
*Note: A "foundation model" is just a fancy way of saying "large unsupervised model", which is becoming state-of-the-art for many tasks. More formally, a foundation model is a model trained on a broad set of unlabeled data that can adapt to novel situations. What makes foundation models unique is that the model can apply information from one situation to another.
Foundation models can be valuable to a variety of military and intelligence tasks, for example:
These remarkable tools could impart significant mission impact, especially while the common criticism is that the US is falling behind its geopolitical adversaries in AI implementation. But, beyond the well-trodden procurement and security barriers to entry, why aren’t these tools already ubiquitous? There are still greater challenges that developers will have to contend with in order to be successful in national security:
Algorithms need to translate to USG-specific tasks
Foundation models are trained on lakes of publicly available information (PAI). This data is massive and found readily online. However, USG missions, colloquialisms, and data sources are unique. In places, the USG is already building toward algorithms that generalize to hundreds of different tasks within their mission sets. However, it is our assessment that optimizing for analytic performance is still being prioritized over nearly all else. While analysts and operators may accept the need for, and even the benefit of AI, many across D&I remain skeptical. Operators and analysts care primarily about mission impact and care little about which tool gets the job done or how.
Anecdotally, analysts express fatigue from learning new software. So, it will take effort to make foundation models accessible and functional at the tactical edge. To make foundation models useful, techniques for fine-tuning, transfer learning, and few-shot learning will increasingly become requirements to leverage the government’s vast stores of exquisite data.
No Edge Deployment
Foundation models are huge. This means that edge deployment to mobile devices, such as ATAK or remote cameras (think low Earth orbit), which aren’t broadband connected, will be prevented from using foundation models. We believe that this will be a short- to mid-term issue, however. Foundation models trained on narrow specific data with the right pruning and model weight distillation will drive down the size of models. Eventually, with cheaper and more performant hardware, edge and continuous deployments will be more common, even in space.
Note: The two above issues are technical challenges , which with adequate time and investment will be overcome. However, it is the latter issue that also raises policy concerns, which I want to spend some time addressing.
IP and Data Provenance
There are just a handful of major players building these large, foundation models. Universally, the models are data hungry, trained on publicly available information, and are expensive to train. The organizations building them are hyper-focused and are heavily funded (internally or externally) to develop these models. These organizations fall into three groups:
And there are two primary issues:
On those two issues, this is where competition benefits national security. Some companies, like OpenAI, don't publish their weights. Stability AI provides model weights to the “Stable Diffusion” model as open-source, and they are transparent about the training set they use (i.e. LAION-5B dataset).
Companies whose IP and model weights are open are positioned to work more closely with D&I organizations. However, those very same open-sourced foundation models may not only prove to be of diminishing value, but potentially dangerous to our national security. Google Maps, for example, has been a boon to the world for getting from point A to point B. However, in 2007, coalition forces operating in Southern Iraq recovered hardcopy Google printouts used in planning attacks on British military bases1. It is inevitable that foundation models will one day serve adversarial, dual civil-military purposes; so, a comprehensive analysis by D&I professionals, with industry’s help, must be forthcoming to understand more clearly these risks and the AI supplychain that supports their development and use.
Provenance of AI models matters. In the public space, where generating kitten art and college term papers are the norm, the IP and provenance of the contributing model don’t even register with users. However, in the D&I community, where decisions impact the lives and livelihoods of people, those considerations (and more) are paramount. Eventually, for training data, we expect to see hardware manufacturers start cryptographically signing data created from their equipment. Adversarial images, for example, can be perturbed in such a way that models trained from them are unable to correctly identify specific objects. A potentially corrupted model could undermine multiple, very real intelligence missions ranging from strategic indications and warning (I&W) to tactical combat support.
But, well-before that can happen, there are tradecraft considerations that will need to be addressed. Intelligence Community Directive 203, for example, dictates the Analytic Standards that authors must follow in their published works. Not only must they use caveated language, but they must identify assumptions, as well as share complete bibliographies to support reverse engineering their assessments. First published in 2007, this directive was the result of the intelligence failures surrounding the September 11 attacks and Iraq’s weapons of mass destruction program that were our casus belli. In particular, the WMD Commission Report stated:
“Perhaps most troubling, we found an Intelligence Community in which analysts had a difficult time stating their assumptions up front, explicitly explaining their logic, and, in the end, identifying unambiguously for policy makers what they do not know...”2
Today, artificial intelligence broadly challenges the lessons from the Report and the resulting policy improvements.
At CrowdAI, we can reduce a model to each and every image used for its training, and we can and do answer these questions with every model we put into operation. This should be table stakes for working in the D&I spaces. Risk and opportunity come in many colors. While the national security community grapples with the rapid march of AI, we at CrowdAI remain committed to helping our partners bridge policy and technology, and what it really means to enable a national security workforce with cutting edge AI.
1https://foreignpolicy.com/2007/02/06/tuesday-map-iraqi-insurgents-use-google-earth-to-target-brits
2Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, Report to the President of the United States (Washington, DC: Government Printing Office, 2005), p389; Accessed on 1/11/2023, URL: https://irp.fas.org/offdocs/wmd_chapter8.pdf
Devaki Raj is CEO and co-Founder of CrowdAI. She is a University of Oxford educated data scientist and former Googler. Robert Miller is Head of Government Solutions at CrowdAI. He is a former federal civilian employee, having worked on Capitol Hill and at The White House, NGA, and CIA.