PET Technical Meetings - lfpet/pet GitHub Wiki

Thursday, June 26, 10:00 America/Los_Angeles Meeting Description: Agenda:

1. Recap the LF PET BoF, Tina Tsou, 10 mins, https://github.com/lfpet/pet/wiki/PET-Events
2. TSC, all, 20 mins
3. Preparation of Problem Statement Document, 10 mins, Neetu Jain, JPMorgan Chase; Marcela Melara, Intel; Tina Tsou, TikTok, Ori Shadmon, AnyLog
4. Open discussion, all, 10 mins

Wednesday, June 11th, 10:00 America/Los_Angeles

Repeats: Every 14 days at 10:00 America/Los_Angeles

Meeting Description: Agenda:

1. Recap the LF PET Initiative governance documentation, Tina Tsou, 10 mins, https://docs.google.com/document/d/1cfToNLRbOSf3n_tLMuEkCVUqzErYy-FhnROTNkjlDAI/edit?tab=t.0
2. Problem statement, Mingshen Sun, 20 mins
3. Shadow AI, Dineshwar Sahni, Visa, 10 mins
4. BoF in OSS NA, Tina Tsou, 10 mins, https://github.com/lfpet/pet/wiki/PET-Events
5. Open discussion, all, 10 mins

Participants:

Tina Tsou, TikTok

Dineshwar Sahni, Visa

Emanuele Ragnoli, Provably

Frank Berry, ITPulsBrand

Frankie Berry, CopperLanterns

Heng Yin, UC Riverside

Mingshen Sun, TikTok

Ori Shadmon, AnyLog

Ning Bao, TikTok

Zhou Li, UC Irwin

Recording and Transcript

https://zoom.us/rec/share/EVsfx2beLX5XHLCpliUIJI0k_Tx61OF9EcYoRAAoewV-5smrTzEjglVdkCe-dUEy.ec4a1N5qKgyyI01x

Meeting Summary

Quick Recap

The meeting focused on privacy-enhancing technologies and AI security challenges, with discussions on governance structures, open-source solutions, and the need for balancing innovation with security measures. Participants shared insights on managing data at the edge, training developers in AI security, and addressing privacy concerns in various contexts, including city utilities and regulated industries. The group also planned future events and collaborations to further explore these topics and develop effective frameworks for privacy and security in AI development.

Next Steps

Mingshen to summarize and send out a summary email to the mailing list about the collection of problem statements from different industries. Mingshen to create and maintain a living document for problem statements based on input from various industries. Tina to set up a Zoom meeting for remote participation in the Birds of a Feather (BoF) session at OSS North America on June 24th. Tina to work with LF Event team to explore the possibility of live streaming the BoF session. Tina and Mingshen to work on the meeting notes based on the meeting recording. All participants to review and update the meeting notes as needed. All interested parties to mark their calendars for the BoF session on June 24th at OSS North America in Denver. All interested parties to consider attending the Open Source Summit in Europe in Amsterdam on August 26th for a larger announcement of the initiative. Summary

Meeting Access and Setup Tutorial:

The meeting began with Tina addressing the private setting of the meeting, which she had changed to open access. She confirmed that the meeting would be recorded and provided the agenda link through GitHub. Tina guided Ori through accessing the shared link and screen-sharing setup, ensuring that all participants could follow along with the agenda.

Privacy Technologies Governance Discussion:

The meeting focused on discussing the privacy-enhancing technologies (PET) initiative, including its governance structure and TikTok's past contributions in the field. Tina presented the technical charter, outlining the mission to develop privacy technologies and the roles of the Technical Steering Committee (TSC). Mingshen shared TikTok's history of investing in privacy research and open-sourcing various projects, including differential privacy and multi-party computation tools. The discussion concluded with Ori mentioning the need to explore privacy requirements and challenges from the perspective of city utilities, indicating a desire to expand the initiative's scope to address diverse user needs.

Edge Lake: Edge Data Management:

Ori presented Edge Lake, an open-source solution for managing data at the edge, allowing users to process data locally instead of sending it to the cloud. The product aims to reduce costs and provide enhanced security options, particularly for government clouds. Tina suggested creating a wiki or documentation to compile the province statements shared by the community into a single document, and Mingshen volunteered to take on this task.

AI Security Training Strategy Discussion:

Dineshwar discussed the importance of training software developers and AppSec engineers to manage risks associated with AI, emphasizing the need for a unified approach to security. He shared his screen to illustrate his points but encountered some technical difficulties with screen sharing. Despite the initial issues, the meeting continued with Dineshwar explaining his perspective on AI and security risks, and Tina and Mingshen assisting with technical aspects.

AI Security Governance Framework:

Dineshwar discussed the challenges of maintaining software security while using AI-based open-source models, highlighting the rapid growth of available models and the need for effective governance and control, especially in regulated industries. He emphasized the importance of balancing speed of innovation with security, noting that 60-80% of code relies on open-source libraries, and proposed a framework that provides guidelines rather than just gates to address these challenges. Dineshwar also stressed the need for better training and equipping developers and product security engineers to identify and prioritize vulnerabilities early in the development cycle.

AI Security and Developer Productivity:

Dineshwar discussed the impact of AI tools on developer productivity, noting a 30-40% increase in throughput, but highlighted concerns about security risks such as unsanctioned AI usage, model hallucinations, and supply chain attacks. He emphasized the need for developers and security practitioners to ensure secure AI practices, including controlling model vulnerabilities and preventing data poisoning. Tina provided technical support to help Dineshwar share his screen during the meeting.

Balancing AI Development and Security:

Dineshwar discussed the need to balance rapid AI development with effective governance and security measures. He emphasized the importance of breaking down silos, implementing centralized AI policies, and ensuring that security practices are integrated into the development process from the start. Dineshwar highlighted the success of their DevSecOps approach, which led to a 30-40% increase in development speed, and stressed the need for continuous improvement and training of developers as security champions.

Agentic AI Privacy Challenges:

The meeting focused on privacy and data security challenges in the context of agentic AI, with Dineshwar emphasizing the importance of balancing privacy with development speed. Tina discussed the creation of a problem statement document and shared details about an upcoming Birds of Feather (BoF) session at the Open Source Summit North America in Denver on June 24th. The group also discussed potential remote participation options for those unable to attend in person, and Emanuele inquired about the official announcement of the technical group, which Tina clarified would be made at a later date.