由于其隐私和效率的承诺，联邦学习（FL）迅速上升。以前的工作通过从梯度更新中恢复用户数据，在FL管道中暴露了隐私漏洞。但是，现有的攻击无法解决现实设置，因为它们要么1）要求具有很小批量尺寸的玩具设置，要么2）需要不现实且引人注目的架构修改。我们引入了一种新的策略，该策略会大大提高现有攻击，以在任意大小的批次上运行，并且没有建筑修改。我们的模型不合时宜的策略仅需要对发送给用户的模型参数进行修改，这在许多情况下都是现实的威胁模型。我们展示了挑战大规模设置的策略，在跨设备和联合学习中获得了高保真数据提取。

增强学习的数据毒害历史上专注于一般性绩效退化，目标攻击已经通过扰动取得了成功，涉及控制受害者的政策和奖励。我们介绍了一个阴险的中毒攻误，用于加强学习，这只会在特定目标状态下引起代理人不端行为 - 所有的，而且在最小地修改小数一小部分的培训观察，而不假设任何控制政策或奖励。我们通过调整最近的技术，梯度对准来实现这一目标，以加强学习。我们测试我们的方法，并在两个Atari游戏中展示了不同困难的成功。

随着机器学习数据的策展变得越来越自动化，数据集篡改是一种安装威胁。后门攻击者通过培训数据篡改，以嵌入在该数据上培训的模型中的漏洞。然后通过将“触发”放入模型的输入中的推理时间以推理时间激活此漏洞。典型的后门攻击将触发器直接插入训练数据，尽管在检查时可能会看到这种攻击。相比之下，隐藏的触发后托攻击攻击达到中毒，而无需将触发器放入训练数据即可。然而，这种隐藏的触发攻击在从头开始培训的中毒神经网络时无效。我们开发了一个新的隐藏触发攻击，睡眠代理，在制备过程中使用梯度匹配，数据选择和目标模型重新培训。睡眠者代理是第一个隐藏的触发后门攻击，以对从头开始培训的神经网络有效。我们展示了Imagenet和黑盒设置的有效性。我们的实现代码可以在https://github.com/hsouri/sleeper-agent找到。

As text generated by large language models proliferates, it becomes vital to understand how humans engage with such text, and whether or not they are able to detect when the text they are reading did not originate with a human writer. Prior work on human detection of generated text focuses on the case where an entire passage is either human-written or machine-generated. In this paper, we study a more realistic setting where text begins as human-written and transitions to being generated by state-of-the-art neural language models. We show that, while annotators often struggle at this task, there is substantial variance in annotator skill and that given proper incentives, annotators can improve at this task over time. Furthermore, we conduct a detailed comparison study and analyze how a variety of variables (model size, decoding strategy, fine-tuning, prompt genre, etc.) affect human detection performance. Finally, we collect error annotations from our participants and use them to show that certain textual genres influence models to make different types of errors and that certain sentence-level features correlate highly with annotator selection. We release the RoFT dataset: a collection of over 21,000 human annotations paired with error classifications to encourage future work in human detection and evaluation of generated text.

Drawing from the resources of psychoanalysis and critical media studies, in this paper we develop an analysis of Large Language Models (LLMs) as automated subjects. We argue the intentional fictional projection of subjectivity onto LLMs can yield an alternate frame through which AI behaviour, including its productions of bias and harm, can be analysed. First, we introduce language models, discuss their significance and risks, and outline our case for interpreting model design and outputs with support from psychoanalytic concepts. We trace a brief history of language models, culminating with the releases, in 2022, of systems that realise state-of-the-art natural language processing performance. We engage with one such system, OpenAI's InstructGPT, as a case study, detailing the layers of its construction and conducting exploratory and semi-structured interviews with chatbots. These interviews probe the model's moral imperatives to be helpful, truthful and harmless by design. The model acts, we argue, as the condensation of often competing social desires, articulated through the internet and harvested into training data, which must then be regulated and repressed. This foundational structure can however be redirected via prompting, so that the model comes to identify with, and transfer, its commitments to the immediate human subject before it. In turn, these automated productions of language can lead to the human subject projecting agency upon the model, effecting occasionally further forms of countertransference. We conclude that critical media methods and psychoanalytic theory together offer a productive frame for grasping the powerful new capacities of AI-driven language systems.

Multimodal integration of text, layout and visual information has achieved SOTA results in visually rich document understanding (VrDU) tasks, including relation extraction (RE). However, despite its importance, evaluation of the relative predictive capacity of these modalities is less prevalent. Here, we demonstrate the value of shared representations for RE tasks by conducting experiments in which each data type is iteratively excluded during training. In addition, text and layout data are evaluated in isolation. While a bimodal text and layout approach performs best (F1=0.684), we show that text is the most important single predictor of entity relations. Additionally, layout geometry is highly predictive and may even be a feasible unimodal approach. Despite being less effective, we highlight circumstances where visual information can bolster performance. In total, our results demonstrate the efficacy of training joint representations for RE.

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

有限混合物建模是聚类领域的一种流行方法，并且在很大程度上是由于其软聚类成员资格概率所致。但是，EM算法是适合有限混合模型的最常见算法，是许多问题的受害者。我们解决了使用有限混合模型的困扰聚类的这些问题，包括在高维情况下与局部最大值和算法速度问题相对应的解决方案的收敛。这是通过开发两种新型算法来完成的，这些算法结合了数据矩阵的光谱分解和非参数bootstrap采样方案。模拟显示了我们的算法的有效性，不仅证明了它们的灵活性，而且还证明了与其他（自举）聚类算法相比，它们避免了与局部墨西哥相对应的溶液的能力。我们的新型算法通常具有更一致的收敛标准，并且在适合有限混合模型的其他自举算法中，速度显着提高。

本文考虑了从野外单视图像中无监督的3D对象重建的问题。由于歧义性和内在的不良性，这个问题本质上难以解决，因此需要强大的正则化以实现不同潜在因素的分离。与现有的作品将明确的正规化引入目标功能不同，我们研究了一个不同的空间进行隐式正则化 - 潜在空间的结构。具体而言，我们限制了潜在空间的结构，以捕获潜在因素的拓扑因果排序（即代表因果关系作为定向无环形图）。我们首先表明，不同的因果顺序对于3D重建至关重要，然后探索几种方法以找到与任务有关的因果因素排序。我们的实验表明，潜在空间结构确实是隐式正规化，并引入了有益于重建的电感偏见。

公平的机器学习研究人员（ML）围绕几个公平标准结合，这些标准为ML模型公平提供了正式的定义。但是，这些标准有一些严重的局限性。我们确定了这些正式公平标准的四个主要缺点，并旨在通过扩展性能预测以包含分配强大的目标来帮助解决这些问题。