Meta’s powerful AI language model has leaked online — what happens now?
Two weeks ago, Meta announced its latest AI language model: LLaMA. Though not accessible to the public like OpenAI’s ChatGPT or Microsoft’s Bing, LLaMA is Meta’s contribution to a surge in AI language tech that promises new ways to interact with our computers as well as new dangers.
Meta did not release LLaMA as a public chatbot (though the Facebook owner is building those too) but as an open-source package that anyone in the AI community can request access to. The intention, said the company, is “further democratizing access” to AI to spur research into its problems. Meta benefits if these systems are less buggy, so will happily spend the money to create the model and distribute it for others to troubleshoot with.
“Even with all the recent advancements in large language models, full research access to them remains limited because of the resources that are required to train and run such large models,” said the company in a blog post. “This restricted access has limited researchers’ ability to understand how and why these large language models work, hindering progress on efforts to improve their robustness and mitigate known issues, such as bias, toxicity, and the potential for generating misinformation.”
Meta’s state-of-the-art AI language model leaked on 4chan a week after release
However, just one week after Meta started fielding requests to access LLaMA, the model was leaked online. On March 3rd, a downloadable torrent of the system was posted on 4chan and has since spread across various AI communities, sparking debate about the proper way to share cutting-edge research in a time of rapid technological change.
Some say the leak will have troubling consequences and blame Meta for distributing the technology too freely. “Get ready for loads of personalized spam and phishing attempts,” tweeted cybersecurity researcher Jeffrey Ladish after the news broke. “Open sourcing these models was a terrible idea.”
Others are more sanguine, arguing that open access is necessary to develop safeguards for AI systems and that similarly complex language models have already been made public without causing significant harm.
“We’ve been told for a while now that a wave of malicious use [of AI language models] is coming,” wrote researchers Sayash Kapoor and Arvind Narayanan in a blog post. “Yet, there don’t seem to be any documented cases.” (Kapoor and Narayanan discount reports of students cheating using ChatGPT or sites being overrun by AI spam or the publication of error-filled AI journalism, as these applications are not intended to cause harm and are, by their definition, not malicious.)
The Verge spoke to a number of AI researchers who have downloaded the leaked system and say it’s legitimate, including one — Matthew Di Ferrante — who was able to compare the leaked version to the official LLaMA model distributed by Meta and confirmed that they matched. Meta refused to answer questions from The Verge about the authenticity or origin of the leak, though Joelle Pineau, managing director of Meta AI, confirmed in a press statement that “While the [LLaMA] model is not accessible to all … some have tried to circumvent the approval process.”
LLaMA is powerful AI — if you’ve got the time, expertise, and right hardware
So how much danger is a LLaMA on the loose? And how does Meta’s model compare to publicly accessible chatbots like ChatGPT and the new Bing?
Well, the most important point is that downloading LLaMA is going to do very little for the average internet user. This is not some ready-to-talk chatbot but a “raw” AI system that needs a decent amount of technical expertise to get up and running. (A quick aside: LLaMA is also not a single system but four models of differing sizes and computational demands. More on this later.)
Di Ferrante tells The Verge that “anyone familiar with setting up servers and dev environments for complex projects” should be able to get LLaMA operational “given enough time and proper instructions.” (Though it’s worth noting that Di Ferrante is also an experienced machine learning engineer with access to a “machine learning workstation that has 4 24GB GPUs” and so not representative of the broader population.)
LLaMA is a “raw” model that requires a lot of work to get operational
In addition to hardware and knowledge barriers, LLaMA has also not been “fine-tuned” for conversation like ChatGPT or Bing. Fine-tuning is the process by which a language model’s multipurpose text-generating abilities are focused on a more specific task. This task might be quite broad — e.g., telling a system to “answer users’ queries as accurately and clearly as possible” — but such fine-tuning is a necessary and often difficult step in creating a user-friendly product.
Given these limitations, it’s perhaps helpful to think of LLaMA as an unfurnished apartment block. A lot of the heavy lifting has been done — the frame’s been built and there’s power and plumbing in place — but there are no doors, floors, or furniture. You can’t just move in and call it home.
Stella Biderman, director of non-profit AI research lab EleutherAI and a machine learning researcher at Booz Allen Hamilton, said the model’s computational demands would be the “number one constraint” on its effective use. “Most people don’t own the hardware required to run [the largest version of LLaMA] at all, let alone efficiently,” Biderman told The Verge.
These caveats aside, LLaMA is still an extremely powerful tool. The model comes in four sizes, which are measured in billions of parameters (a metric that roughly translates to the number of connections within each system). There’s a LLaMA-7B, 13B, 30B, and 65B. Meta says that the 13 billion version — which can be run on a single A100 GPU, an enterprise-grade system that is comparatively accessible, costing a few dollars an hour to rent on cloud platforms — outperforms OpenAI’s 175 billion-parameter GPT-3 model on numerous benchmarks for AI language models.
“I think it’s very likely that this model release will be a huge milestone.”
There’s plenty of debate about the validity of these comparisons of course. AI benchmarks are notorious for not translating to real-world use, and some LLaMA users have had trouble getting decent output from the system (while others have suggested this is merely a skill issue). But taken together, these metrics suggest that if fine-tuned LLaMA will offer capabilities similar to ChatGPT. And many observers believe the compact nature of LLaMA will have a significant effect in spurring development.
“I think it’s very likely that this model release will be a huge milestone,” Shawn Presser, an independent AI researcher who’s helped distribute the leaked model, tells The Verge. Says Presser: the ability to run LLaMA on a single A100 GPU — which ”most of us either have access to … or know someone that can let us use one for a bit” — is a “huge leap.”
The future of AI research: open or closed?
The LLaMA leak is also interesting because it plays into an ongoing ideological struggle in the wider world of AI: the battle between “closed” and “open” systems.
Defining this debate requires a bit of oversimplification, and all companies, researchers, and models exist somewhere on a spectrum between these two poles. But essentially, there are openers, who argue for greater access to AI research and models, and closers, who think this information and technology needs to be doled out more cautiously.
The motivation for these camps is aligned (both want less bad AI stuff and more good AI stuff in the world) but their approaches differ. Openers argue that it’s only by widely testing AI systems that vulnerabilities can be found and safeguards developed and that failure to open-source this tech will concentrate power in the hands of uncaring corporations. Closers reply that such a free-for-all is dangerous, and that as AI gets increasingly sophisticated the stakes of testing in public become increasingly higher. Only closed institutions can properly scrutinize and mitigate such threats.
For those who want more openness, the LLaMA leak is a blessing. Di Ferrante says that he generally thinks having open-source systems “is a net good since it prevents us getting into some monopoly situation where OpenAI et al. are the only entities capable of serving complex [AI models].” Presser is in agreement and says that the “raw” state of LLaMA is particularly attractive in this regard. It means independent researchers can fine-tune Meta’s systems to suit their own ends; kitting out its empty frame as shops, offices, or whatever they like.
Presser imagines future versions of LLaMA could be hosted on your computer and trained on your emails; able to answer questions about your work schedules, past ideas, to-do lists, and more. This is functionality that startups and tech companies are developing, but for many AI researchers, the idea of local control is far more attractive. (For typical users, tradeoffs in cost and privacy for ease of use will likely swing things the other way.)
“If we don’t respect people’s good faith attempts to disseminate technology [it makes it] harder for people to release things.”
Irrespective of the strength of open or closed models of AI dissemination, Biderman notes that the leak is likely harmful in terms of reducing trust between companies like Meta and the academics they share their research with. “If we don’t respect people’s good faith attempts to disseminate technology in ways that are consistent with their legal and ethical obligations, that’s only going to create a more adversarial relationship between the public and researchers and make it harder for people to release things,” she notes.
We have seen events like this before, though. Although it was OpenAI that first pushed text-to-image systems into the mainstream with DALL-E 2 (which it released with unblinking corporate irony as a closed API) the company was wrong-footed by the launch of Stable Diffusion, an open-source alternative. The arrival of Stable Diffusion triggered countless applications and improvements in the AI art space and has led — to use my earlier terms — to both more good stuff and more bad stuff happening. With Meta’s LLaMA on the loose, we’ll likely see a similar dynamic play out once more with AI text generation: more stuff, more of the time.