According to a Gartner survey, 48% of global CIOs will deploy AI by the end of 2020. Despite all the optimism about AI and ML, I remain a bit skeptical. In the near future I do not foresee any real inventions that will lead to seismic shifts in productivity and standard of living. Companies that are waiting for a major disruption in the AI / ML landscape will miss the smaller developments.
Here are some trends that may go unnoticed at the moment, but that will have major consequences in the long run:
1. Specialist hardware and cloud providers are changing the landscape
Gone are the days when on-premise versus cloud was a hot topic for businesses. Today, even conservative organizations are talking about cloud and open source. No wonder that cloud platforms renew their offer with AI / ML services.
As ML solutions become more and more demanding, the number of CPUs and RAM is no longer the only way to speed up or scale. More algorithms are being optimized for specific hardware than ever before – whether it's GPUs, TPUs or “Wafer Scale Engines”. This shift to more specialized hardware to solve AI / ML problems will accelerate. Organizations will limit their use of CPUs – to solve only the most basic problems. The risk of aging will make the generic computing infrastructure unsustainable for ML / AI. That is reason enough for organizations to switch to cloud platforms.
The increase in specialized chips and hardware will also lead to incremental algorithm improvements by using the hardware. Although new hardware / chips enable the use of AI / ML solutions that were previously considered slow / impossible, much of the open source tooling currently driving the generic hardware needs to be rewritten to take advantage of the newer chips. Recent examples of algorithm improvements are Sideways to speed up the DL training by parallelizing the training steps, and Reformer to optimize the use of memory and computing power.
2. Innovative solutions for and around privacy
I also foresee a gradual shift in the focus on data privacy to implications for the privacy of ML models. A great deal of emphasis has been placed on how and what data we collect and how we use it. But ML models are not real black boxes. It is possible to derive the input from the model based on the output over time. This leads to privacy leakage. Data and model privacy challenges will force organizations to embrace federated learning solutions. Last year, Google released TensorFlow Privacy, a framework that works according to the principle of differential privacy and adding noise to obscure inputs. With federated learning, a user's data never leaves his device / machine. These machine learning models are smart enough and have a small enough memory to run on smartphones and learn locally from the data.
Usually the basis for asking for a user's data was to personalize his or her individual experience. For example, Google Mail uses the typing behavior of the individual user to deliver autosuggest. What about data / models that help improve the experience, not only for that person but also for a wider group of people? Would people be willing to share their trained model (not data) for the benefit of others? There is an interesting business opportunity here: paying users for model parameters that result from training the data on their local device and using their local computing power to train models (for example on their phone if it is relatively unusable).
3. Robust model implementation becomes mission critical
At the moment, organizations are struggling to produce models for scalability and reliability. The people who write the models are not necessarily experts in the field of model safety, security and performance. Once the machine learning models become an integral part of mainstream and critical applications, this will inevitably lead to attacks on models similar to the denial of service attacks that mainstream apps are currently dealing with. We have already seen some low-tech examples of how this might look like: speeding up a Tesla instead of slowing down, changing lanes, stopping abruptly, or turning on wipers without the right triggers. Imagine what consequences such attacks could have for financial systems, healthcare equipment, etc. that are highly dependent on AI / ML?
At present, the enemy attacks are limited to the academic world to better understand the implications of the models. But in the not too distant future, attacks on models will be “out of profit” – driven by your competitors who want to show that they are somehow better, or by malicious hackers who may keep you ransomed . For example, new cyber security tools today rely on AI / ML to identify threats such as network intrusions and viruses. What if I am able to provoke fake threats? What would be the costs associated with identifying real vs fake warnings?
To counter such threats, organizations must put more emphasis on model verification to ensure robustness. Some organizations already use opponents' networks to test deep neural networks. Today we hire external experts to check network security, physical security, etc. Similarly, we will see the emergence of a new market for testing models and model security experts, who will test, certify and perhaps assume some liability for the failure of the model.