SAIS: Secure AI assistantS

Lead Research Organisation: King's College London
Department Name: Informatics

Abstract

There is an unprecedented integration of AI assistants into everyday life, from the personal AI assistants running in our smart phones and homes, to enterprise AI assistants for increased productivity at the workplace, to health AI assistants. Only in the UK, 7M users interact with AI assistants every day, and 13M on a weekly basis. A crucial issue is how secure AI assistants are, as they make extensive use of AI and learn continually. Also, AI assistants are complex systems with different AI models interacting with each other and with the various stakeholders and the wider ecosystem in which AI assistants are embedded. This ranges from adversarial settings, where malicious actors exploit vulnerabilities that arise from the use of AI models to make AI assistants behave in an insecure way, to accidental ones, where negligent actors introduce security issues or use AIS insecurely. Beyond the technical complexities, users of AI assistants are known to have mental models that are highly incomplete and they do not know how to protect themselves.

SAIS (Secure AI assistantS) is a cross-disciplinary collaboration between the Departments of Informatics, Digital Humanities and The Policy Institute at King's College London, and the Department of Computing at Imperial College London, working with non-academic partners: Microsoft, Humley, Hospify, Mycroft, policy and regulation experts, and the general public, including non-technical users. SAIS will provide an understanding of attacks on AIS considering the whole AIS ecosystem, the AI models used in them, and all the stakeholders involved, particularly focusing on the feasibility and severity of potential attacks on AIS from a strategic threat and risk approach. Based on this understanding, SAIS will propose methods to specify, verify and monitor the security behaviour of AIS based on model- based AI techniques known to provide richer foundations than data-driven ones for explanations on the behaviour of AI-based systems. This will result in a multifaceted approach, including: a) novel specification and verification techniques for AIS, such as methods to verify the machine learning models used by AIS; b) novel methods to dynamically reason about the expected behaviour of AIS to be able to audit and detect any degradation or deviation from that expected behaviour based on normative systems and data provenance; iii) co-created security explanations following a techno-cultural method to increase users' literacy of AIS security in a way that users can comprehend.

Planned Impact

SAIS will run a programme of activities with a view to maximising:

*Networking and Community Building on AI Security* by engaging with the other projects funded in this call and the wider academic, industry, government and policy stakeholders and the general public. We aim to engender a sustained and collaborative approach to AI Security to create a community of practice both during and after the funding period for the project. This will include knowledge sharing, best practice and translation activities to enable the community to strengthen and for stakeholder to engage and learn from one another, and work to sustain the community beyond the initial funding. Activities will include community symposium, meetings, and meetups; an online community of practice; the creation of an AI Security Problem Book; and White reports of Use Cases.

*Industry Impact* by working in tandem with four companies: Microsoft, Humley, Hospify, Mycroft, and their real-world Use Cases of personal, enterprise, and health AI assistants. This will be catalysed through participatory and co-creation activities embedded in the research programme, as well as regular individual and plenary partner meetings, and secondments from the research team to the companies. We will also explore opportunities for innovation and commercial exploitation.

*Policy Impact* will be facilitated by the establishment of a Policy Advisory Group with relevant policy experts, think tanks, and civil servants from the Policy Institute's current networks to provide expert advice on potential opportunities and challenges that may arise for policy impact; running a Policy Lab to bring together research, policy and practitioner expertise to assess the evidence base identified in the project and make progress on policy challenges arising from it; and creating a Policy Briefing with summarised Lab's results to be made publicly available and used by the Advisory Group and the Policy Institute to disseminate findings further through their policy networks and as a community resource.

*Public Engagement* to build public awareness, reflexivity, and understanding of AI assistant security by running activities facilitated by KCL's Public Engagement team including: Concept development of a format/concept that can be run to engage publics with; Immersive experience to engage the public with research at the Science Gallery London; Public Workshops right after the immersive experience to bring together the research team with target audiences and enable dialogue between them; and Digital Engagement to maximise reach and target a broad end-user base. A dedicated expert will help the team to plan and evaluate the impact on building public awareness, reflexivity, and understanding about privacy and smart personal assistants.

*Developing SAIS Team's Skills* will be delivered leveraging KCL and Imperial's training centres for staff; secondments in industry; interacting with other projects funded in this call, and the general public, industry, and policy bodies; and ORBIT's one-day foundation course on Responsible Research and Innovation.
 
Description SAIS provided an understanding of attacks on AI assistants (AIS) considering the whole AIS ecosystem, the AI models used in them, and all the stakeholders involved, particularly focusing on the feasibility and severity of potential attacks on AIS from a strategic threat and risk approach. Based on this understanding, SAIS proposed methods to specify, verify and monitor the security behaviour of AIS based on model- based AI techniques known to provide richer foundations than data-driven ones for explanations on the behaviour of AI-based systems. SAIS also provided key evidence on the kind of explanations users would seek of AIS as well as user-centred techinques for consent in AIS.
Exploitation Route As part of the project, we performed a responsible disclosure process, communicating with the third-party (non-Amazon) developers of Alexa Skills (voice apps) and the Amazon Alexa team about 675 Skills with bad privacy practices, showing in c) that, 6 months after our disclosure, 53% of them had been taken down by the Amazon Alexa team or modified by Skill developers and no longer posed a threat to users. The model we created to automatically detect dangerous Skills in the wild was then turned into an open-source online tool via a project funded by the ICO and can be found and used here https://skillvet.nms.kcl.ac.uk/. In addition, the project created an immersive exhibition at Science Gallery London to increase the literacy and awareness of security with AI Assistants, together with live techno-cultural workshops. The exhibition (https://london.sciencegallery.com/ai-season) is ongoing and it has already been attended by >1,000 members of the public. We are currently collecting feedback from attendants and mediators on quantitative literacy metrics by our public engagement evaluator for subsequent analysis after the season. To reach a broader audience, a series of podcasts has just been finalised, available from all major platforms (including Apple).
Sectors Digital/Communication/Information Technologies (including Software)

Culture

Heritage

Museums and Collections

 
Description As part of the project, we performed a responsible disclosure process, communicating with the third-party (non-Amazon) developers of Alexa Skills (voice apps) and the Amazon Alexa team about 675 Skills with bad privacy practices, showing in c) that, 6 months after our disclosure, 53% of them had been taken down by the Amazon Alexa team or modified by Skill developers and no longer posed a threat to users. The model we created to automatically detect dangerous Skills in the wild was then turned into an open-source online tool via a project funded by the ICO (project 12 above) and can be found and used here https://skillvet.nms.kcl.ac.uk/. In addition, the project created an immersive exhibition at Science Gallery London to increase the literacy and awareness of security with AI Assistants, together with live techno-cultural workshops. The exhibition (https://london.sciencegallery.com/ai-season) is ongoing and it has already been attended by >1,000 members of the public. We are currently collecting feedback from attendants and mediators on quantitative literacy metrics by our public engagement evaluator for subsequent analysis after the season. To reach a broader audience, a series of podcasts has just been finalised, available from all major platforms (including Apple).
Sector Digital/Communication/Information Technologies (including Software),Culture, Heritage, Museums and Collections
Impact Types Cultural

Societal

Economic

 
Title Healthcare Voice AI Assistants: Factors Influencing Trust and Intention to Use 
Description AI assistants such as Alexa, Google Assistant, and Siri, are making their way into the healthcare sector, offering a convenient way for users to access different healthcare services. Trust is a vital factor in the uptake of healthcare services, but the factors affecting trust in voice assistants used for healthcare are under-explored and this specialist domain introduces additional requirements. This study explores the effects of different functional, personal, and risk factors on trust in and adoption of healthcare voice AI assistants (HVAs), generating a partial least squares structural model from a survey of 300 voice assistant users. Our results indicate that trust in HVAs can be significantly explained by functional factors (usefulness, content credibility, quality of service relative to a healthcare professional), together with security, and privacy risks and personal stance in technology. We also discuss differences in terms of trust between HVAs and general-purpose voice assistants as well as implications that are unique to HVAs. [Note]: If you'd like to use the dataset, please remember to cite our paper: - Xiao Zhan, Noura Abdi, William Seymour, and Jose Such. 2024. Healthcare Voice AI Assistants: Factors Influencing Trust and Intention to Use. In Proceedings of the ACM on Human-Computer Interaction, 8(CSCW1), pages 1-35. Paper Link: https://doi.org/10.1145/3637339 Here we list all the supplementary materials relevant to the paper. 
Type Of Material Database/Collection of data 
Year Produced 2022 
Provided To Others? Yes  
URL https://osf.io/pdj3q/