Our goal is to make Azure the most trustworthy cloud platform for AI. The platform we envisage offers confidentiality and integrity against privileged attackers including attacks on the code, data and hardware supply chains, performance close to that offered by GPUs, and programmability of state-of-the-art ML frameworks. The confidential AI platform will enable multiple entities to collaborate and train accurate models using sensitive data, and serve these models with assurance that their data and models remain protected, even from privileged attackers and insiders. Accurate AI models will bring significant benefits to many sectors in society. For example, these models will enable better diagnostics and treatments in the healthcare space and more precise fraud detection for the banking industry.
Confidential AI platform
The first goal of confidential AI is to develop the confidential computing platform. Today, such platforms are offered by select hardware vendors, e.g., Intel SGX. Our research investigates how confidential computing features can be supported by accelerators such as GPUs, container technology, rich language runtimes, and ML frameworks.
Privacy and robustness of ML models
The second goal of confidential AI is to develop defenses against vulnerabilities that are inherent in the use of ML models, such as leakage of private information via inference queries, or creation of adversarial examples. We investigate novel algorithmic or API-based mechanisms for detecting and mitigating such attacks, with the goal of maximizing the utility of data without compromising on security and privacy.
Data governance and compliance
The third goal of confidential AI is to develop techniques that bridge the gap between the technical guarantees given by the Confidential AI platform and regulatory requirements on privacy, sovereignty, transparency, and purpose limitation for AI applications.