Language agents have demonstrated promising capabilities in automating
web-based tasks, though their current reactive approaches still underperform
largely compared to humans. While incorporating advanced planning algorithms,
particularly tree search methods, could enhance these agents' performance,
implementing tree search directly on live websites poses significant safety
risks and practical constraints due to irreversible actions such as confirming
a purchase. In this paper, we introduce a novel paradigm that augments language
agents with model-based planning, pioneering the innovative use of large
language models (LLMs) as world models in complex web environments. Our method,
WebDreamer, builds on the key insight that LLMs inherently encode comprehensive
knowledge about website structures and functionalities. Specifically,
WebDreamer uses LLMs to simulate outcomes for each candidate action (e.g.,
"what would happen if I click this button?") using natural language
descriptions, and then evaluates these imagined outcomes to determine the
optimal action at each step. Empirical results on two representative web agent
benchmarks with online interaction -- VisualWebArena and Mind2Web-live --
demonstrate that WebDreamer achieves substantial improvements over reactive
baselines. By establishing the viability of LLMs as world models in web
environments, this work lays the groundwork for a paradigm shift in automated
web interaction. More broadly, our findings open exciting new avenues for
future research into 1) optimizing LLMs specifically for world modeling in
complex, dynamic environments, and 2) model-based speculative planning for
language agents.Abstract
arXiv:2410.21276v1 »Full PDF »GPT-4o is an autoregressive omni model that accepts as input any combination
of text, audio, image, and video, and generates any combination of text, audio,
and image outputs. It's trained end-to-end across text, vision, and audio,
meaning all inputs and outputs are processed by the same neural network. GPT-4o
can respond to audio inputs in as little as 232 milliseconds, with an average
of 320 milliseconds, which is similar to human response time in conversation.
It matches GPT-4 Turbo performance on text in English and code, with
significant improvement on text in non-English languages, while also being much
faster and 50\% cheaper in the API. GPT-4o is especially better at vision and
audio understanding compared to existing models. In line with our commitment to
building AI safely and consistent with our voluntary commitments to the White
House, we are sharing the GPT-4o System Card, which includes our Preparedness
Framework evaluations. In this System Card, we provide a detailed look at
GPT-4o's capabilities, limitations, and safety evaluations across multiple
categories, focusing on speech-to-speech while also evaluating text and image
capabilities, and measures we've implemented to ensure the model is safe and
aligned. We also include third-party assessments on dangerous capabilities, as
well as discussion of potential societal impacts of GPT-4o's text and vision
capabilities.Abstract
arXiv:2409.00133v1 »Full PDF »Recent breakthroughs in large language models (LLMs) offer unprecedented
natural language understanding and generation capabilities. However, existing
surveys on LLMs in biomedicine often focus on specific applications or model
architectures, lacking a comprehensive analysis that integrates the latest
advancements across various biomedical domains. This review, based on an
analysis of 484 publications sourced from databases including PubMed, Web of
Science, and arXiv, provides an in-depth examination of the current landscape,
applications, challenges, and prospects of LLMs in biomedicine, distinguishing
itself by focusing on the practical implications of these models in real-world
biomedical contexts. Firstly, we explore the capabilities of LLMs in zero-shot
learning across a broad spectrum of biomedical tasks, including diagnostic
assistance, drug discovery, and personalized medicine, among others, with
insights drawn from 137 key studies. Then, we discuss adaptation strategies of
LLMs, including fine-tuning methods for both uni-modal and multi-modal LLMs to
enhance their performance in specialized biomedical contexts where zero-shot
fails to achieve, such as medical question answering and efficient processing
of biomedical literature. Finally, we discuss the challenges that LLMs face in
the biomedicine domain including data privacy concerns, limited model
interpretability, issues with dataset quality, and ethics due to the sensitive
nature of biomedical data, the need for highly reliable model outputs, and the
ethical implications of deploying AI in healthcare. To address these
challenges, we also identify future research directions of LLM in biomedicine
including federated learning methods to preserve data privacy and integrating
explainable AI methodologies to enhance the transparency of LLMs.Abstract
arXiv:2408.07009v1 »Full PDF »We introduce Imagen 3, a latent diffusion model that generates high quality
images from text prompts. We describe our quality and responsibility
evaluations. Imagen 3 is preferred over other state-of-the-art (SOTA) models at
the time of evaluation. In addition, we discuss issues around safety and
representation, as well as methods we used to minimize the potential harm of
our models.Abstract
Social-Aware Clustered Federated Learning with Customized Privacy
Preservation
This paper has been accepted by IEEE/ACM Transactions on Networking
in March 2024
A key feature of federated learning (FL) is to preserve the data privacy of
end users. However, there still exist potential privacy leakage in exchanging
gradients under FL. As a result, recent research often explores the
differential privacy (DP) approaches to add noises to the computing results to
address privacy concerns with low overheads, which however degrade the model
performance. In this paper, we strike the balance of data privacy and
efficiency by utilizing the pervasive social connections between users.
Specifically, we propose SCFL, a novel Social-aware Clustered Federated
Learning scheme, where mutually trusted individuals can freely form a social
cluster and aggregate their raw model updates (e.g., gradients) inside each
cluster before uploading to the cloud for global aggregation. By mixing model
updates in a social group, adversaries can only eavesdrop the social-layer
combined results, but not the privacy of individuals. We unfold the design of
SCFL in three steps.i) Stable social cluster formation. Considering users'
heterogeneous training samples and data distributions, we formulate the optimal
social cluster formation problem as a federation game and devise a fair revenue
allocation mechanism to resist free-riders. ii) Differentiated trust-privacy
mapping}. For the clusters with low mutual trust, we design a customizable
privacy preservation mechanism to adaptively sanitize participants' model
updates depending on social trust degrees. iii) Distributed convergence}. A
distributed two-sided matching algorithm is devised to attain an optimized
disjoint partition with Nash-stable convergence. Experiments on Facebook
network and MNIST/CIFAR-10 datasets validate that our SCFL can effectively
enhance learning utility, improve user payoff, and enforce customizable privacy
protection.Abstract
BSPA: Exploring Black-box Stealthy Prompt Attacks against Image
Generators
arXiv:2402.15218v1 »Full PDF »Extremely large image generators offer significant transformative potential
across diverse sectors. It allows users to design specific prompts to generate
realistic images through some black-box APIs. However, some studies reveal that
image generators are notably susceptible to attacks and generate Not Suitable
For Work (NSFW) contents by manually designed toxin texts, especially
imperceptible to human observers. We urgently need a multitude of universal and
transferable prompts to improve the safety of image generators, especially
black-box-released APIs. Nevertheless, they are constrained by labor-intensive
design processes and heavily reliant on the quality of the given instructions.
To achieve this, we introduce a black-box stealthy prompt attack (BSPA) that
adopts a retriever to simulate attacks from API users. It can effectively
harness filter scores to tune the retrieval space of sensitive words for
matching the input prompts, thereby crafting stealthy prompts tailored for
image generators. Significantly, this approach is model-agnostic and requires
no internal access to the model's features, ensuring its applicability to a
wide range of image generators. Building on BSPA, we have constructed an
automated prompt tool and a comprehensive prompt attack dataset (NSFWeval).
Extensive experiments demonstrate that BSPA effectively explores the security
vulnerabilities in a variety of state-of-the-art available black-box models,
including Stable Diffusion XL, Midjourney, and DALL-E 2/3. Furthermore, we
develop a resilient text filter and offer targeted recommendations to ensure
the security of image generators against prompt attacks in the future.Abstract
A Trembling House of Cards? Mapping Adversarial Attacks against Language
Agents
arXiv:2402.10196v1 »Full PDF »Language agents powered by large language models (LLMs) have seen exploding
development. Their capability of using language as a vehicle for thought and
communication lends an incredible level of flexibility and versatility. People
have quickly capitalized on this capability to connect LLMs to a wide range of
external components and environments: databases, tools, the Internet, robotic
embodiment, etc. Many believe an unprecedentedly powerful automation technology
is emerging. However, new automation technologies come with new safety risks,
especially for intricate systems like language agents. There is a surprisingly
large gap between the speed and scale of their development and deployment and
our understanding of their safety risks. Are we building a house of cards? In
this position paper, we present the first systematic effort in mapping
adversarial attacks against language agents. We first present a unified
conceptual framework for agents with three major components: Perception, Brain,
and Action. Under this framework, we present a comprehensive discussion and
propose 12 potential attack scenarios against different components of an agent,
covering different attack strategies (e.g., input manipulation, adversarial
demonstrations, jailbreaking, backdoors). We also draw connections to
successful attack strategies previously applied to LLMs. We emphasize the
urgency to gain a thorough understanding of language agent risks before their
widespread deployment.Abstract
Evil Geniuses: Delving into the Safety of LLM-based Agents
Rapid advancements in large language models (LLMs) have revitalized in
LLM-based agents, exhibiting impressive human-like behaviors and cooperative
capabilities in various scenarios. However, these agents also bring some
exclusive risks, stemming from the complexity of interaction environments and
the usability of tools. This paper delves into the safety of LLM-based agents
from three perspectives: agent quantity, role definition, and attack level.
Specifically, we initially propose to employ a template-based attack strategy
on LLM-based agents to find the influence of agent quantity. In addition, to
address interaction environment and role specificity issues, we introduce Evil
Geniuses (EG), an effective attack method that autonomously generates prompts
related to the original role to examine the impact across various role
definitions and attack levels. EG leverages Red-Blue exercises, significantly
improving the generated prompt aggressiveness and similarity to original roles.
Our evaluations on CAMEL, Metagpt and ChatDev based on GPT-3.5 and GPT-4,
demonstrate high success rates. Extensive evaluation and discussion reveal that
these agents are less robust, prone to more harmful behaviors, and capable of
generating stealthier content than LLMs, highlighting significant safety
challenges and guiding future research. Our code is available at
https://github.com/T1aNS1R/Evil-Geniuses.Abstract
PiML Toolbox for Interpretable Machine Learning Model Development and
Diagnostics
arXiv:2305.04214v3 »Full PDF »PiML (read π-ML, /`pai`em`el/) is an integrated and open-access Python
toolbox for interpretable machine learning model development and model
diagnostics. It is designed with machine learning workflows in both low-code
and high-code modes, including data pipeline, model training and tuning, model
interpretation and explanation, and model diagnostics and comparison. The
toolbox supports a growing list of interpretable models (e.g. GAM, GAMI-Net,
XGB1/XGB2) with inherent local and/or global interpretability. It also supports
model-agnostic explainability tools (e.g. PFI, PDP, LIME, SHAP) and a powerful
suite of model-agnostic diagnostics (e.g. weakness, reliability, robustness,
resilience, fairness). Integration of PiML models and tests to existing MLOps
platforms for quality assurance are enabled by flexible high-code APIs.
Furthermore, PiML toolbox comes with a comprehensive user guide and hands-on
examples, including the applications for model development and validation in
banking. The project is available at
https://github.com/SelfExplainML/PiML-Toolbox.Abstract
Parameterized Decision-making with Multi-modal Perception for Autonomous
Driving
IEEE International Conference on Data Engineering (ICDE2024)
Autonomous driving is an emerging technology that has advanced rapidly over
the last decade. Modern transportation is expected to benefit greatly from a
wise decision-making framework of autonomous vehicles, including the
improvement of mobility and the minimization of risks and travel time. However,
existing methods either ignore the complexity of environments only fitting
straight roads, or ignore the impact on surrounding vehicles during
optimization phases, leading to weak environmental adaptability and incomplete
optimization objectives. To address these limitations, we propose a
parameterized decision-making framework with multi-modal perception based on
deep reinforcement learning, called AUTO. We conduct a comprehensive perception
to capture the state features of various traffic participants around the
autonomous vehicle, based on which we design a graph-based model to learn a
state representation of the multi-modal semantic features. To distinguish
between lane-following and lane-changing, we decompose an action of the
autonomous vehicle into a parameterized action structure that first decides
whether to change lanes and then computes an exact action to execute. A hybrid
reward function takes into account aspects of safety, traffic efficiency,
passenger comfort, and impact to guide the framework to generate optimal
actions. In addition, we design a regularization term and a multi-worker
paradigm to enhance the training. Extensive experiments offer evidence that
AUTO can advance state-of-the-art in terms of both macroscopic and microscopic
effectiveness.Abstract
16737 latest Fairness/Ethics + ML/AI papers
