VAIL’s goal is to develop an open standard for validating AI/ML models, to develop the equivalent of the 🔒 in the browser tab bar (similar to SSL/TLS on the web). By leveraging recent innovations in cryptography and hardware, we can provide strong guarantees of authenticity and transparency for AI/ML models.  These guarantees would be comprised of three components:

1. A guarantee for the data used for training of the AI/ML model. This includes disclosures of public and private datasets, backgrounds of RLHF participants (if appropriately skilled), and vector embeddings.

2. A guarantee that the generated model (at a specific point in time) was trained using only the data from #1.

3. A guarantee that only the model from #2 was used to generate a specific output/prediction.

Providing these guarantees will not be easy as the technology to do so is still early in its development life cycle. The difficulty of being able to provide these guarantees for all AI models, including popular large language models, is like building a reusable rocket.

However, if we are able to accomplish this goal, it will add an important layer of assurance to all systems that rely on AI to perform ever more important tasks. Just as adding secure communications on the web allowed applications of all kinds to flourish, an assurance layer around AI will allow users to trust the systems to do what they need.

Why Programmable Verification?

We are at beginning of a growth curve in unique AI/ML models available to build with. The word unique is important. While there are currently a few foundation models (GPT-4, Mistral, Llama, etc), when these models are fine-tuned for less general purposes, they become effectively unique as the end user will not know that the model is largely the same as the original foundation model. Furthermore, the end user will not be able to know all the use cases the model in question was fine-tuned to complete. This includes proprietary as well as open source models.

Programmable verification provides a complete picture of how a model was trained, what it was trained to do, and that only that model was used to perform a task (or generate text, or classify, or …).

Making this programmable takes this out of the hands of people or agencies of people attempting to guarantee what a model will and will not do. Though these people and teams of people will have the best intentions, the pace at which they can audit and assessments models will quickly become insufficient.

Furthermore, even the model builders cannot fully explain what the models are capable of. It will require a whole other set of breakthroughs to provide explainability and interpretability of state of the art models.

And even with more sophisticated tools for audit & assessment, the end users cannot trust that the model they are using is the exact model that passed the audit. Programmatic verification is the only option to provide assurance at scale.

We’ll cover more of this in part 3. In part 4 we’ll share more about the underlying technology that is coming to support programmatic verification of AI models.