Random feature

Random features (RF) are a technique used in machine learning to approximate kernel methods, introduced by Ali Rahimi and Ben Recht in their 2007 paper "Random Features for Large-Scale Kernel Machines", and extended by. RF uses a Monte Carlo approximation to kernel functions by randomly sampled feature maps. It is used for datasets that are too large for traditional kernel methods like support vector machine, kernel ridge regression, and gaussian process. == Mathematics == === Kernel method === Given a feature map ϕ : R d → V {\textstyle \phi :\mathbb {R} ^{d}\to V} , where V {\textstyle V} is a Hilbert space (more specifically, a reproducing kernel Hilbert space), the kernel trick replaces inner products in feature space ⟨ ϕ ( x i ) , ϕ ( x j ) ⟩ V {\displaystyle \langle \phi (x_{i}),\phi (x_{j})\rangle _{V}} by a kernel function k ( x i , x j ) : R d × R d → R {\displaystyle k(x_{i},x_{j}):\mathbb {R} ^{d}\times \mathbb {R} ^{d}\to \mathbb {R} } Kernel methods replaces linear operations in high-dimensional space by operations on the kernel matrix: K X := [ k ( x i , x j ) ] i , j ∈ 1 : N {\displaystyle K_{X}:=[k(x_{i},x_{j})]_{i,j\in 1:N}} where N {\textstyle N} is the number of data points. === Random kernel method === The problem with kernel methods is that the kernel matrix K X {\textstyle K_{X}} has size N × N {\textstyle N\times N} . This becomes computationally infeasible when N {\textstyle N} reaches the order of a million. The random kernel method replaces the kernel function k {\textstyle k} by an inner product in low-dimensional feature space R D {\textstyle \mathbb {R} ^{D}} : k ( x , y ) ≈ ⟨ z ( x ) , z ( y ) ⟩ {\displaystyle k(x,y)\approx \langle z(x),z(y)\rangle } where z {\textstyle z} is a randomly sampled feature map z : R d → R D {\textstyle z:\mathbb {R} ^{d}\to \mathbb {R} ^{D}} . This converts kernel linear regression into linear regression in feature space, kernel SVM into SVM in feature space, etc. Since we have K X ≈ Z X T Z X {\displaystyle K_{X}\approx Z_{X}^{T}Z_{X}} where Z X = [ z ( x 1 ) , … , z ( x N ) ] {\displaystyle Z_{X}=[z(x_{1}),\dots ,z(x_{N})]} , these methods no longer involve matrices of size O ( N 2 ) {\textstyle O(N^{2})} , but only random feature matrices of size O ( D N ) {\textstyle O(DN)} . == Random Fourier feature == === Radial basis function kernel === The radial basis function (RBF) kernel on two samples x i , x j ∈ R d {\displaystyle x_{i},x_{j}\in \mathbb {R} ^{d}} is defined as k ( x i , x j ) = exp ⁡ ( − ‖ x i − x j ‖ 2 2 σ 2 ) {\displaystyle k(x_{i},x_{j})=\exp \left(-{\frac {\|x_{i}-x_{j}\|^{2}}{2\sigma ^{2}}}\right)} where ‖ x i − x j ‖ 2 {\displaystyle \|x_{i}-x_{j}\|^{2}} is the squared Euclidean distance and σ {\displaystyle \sigma } is a free parameter defining the shape of the kernel. It can be approximated by a random Fourier feature map z : R d → R 2 D {\displaystyle z:\mathbb {R} ^{d}\to \mathbb {R} ^{2D}} : z ( x ) := 1 D [ cos ⁡ ⟨ ω 1 , x ⟩ , sin ⁡ ⟨ ω 1 , x ⟩ , … , cos ⁡ ⟨ ω D , x ⟩ , sin ⁡ ⟨ ω D , x ⟩ ] T {\displaystyle z(x):={\frac {1}{\sqrt {D}}}[\cos \langle \omega _{1},x\rangle ,\sin \langle \omega _{1},x\rangle ,\ldots ,\cos \langle \omega _{D},x\rangle ,\sin \langle \omega _{D},x\rangle ]^{T}} where ω 1 , . . . , ω D {\displaystyle \omega _{1},...,\omega _{D}} are IID samples from the multidimensional normal distribution N ( 0 , σ − 2 I ) {\displaystyle N(0,\sigma ^{-2}I)} . Since cos , sin {\displaystyle \cos ,\sin } are bounded, there is a stronger convergence guarantee by Hoeffding's inequality. === Random Fourier features === By Bochner's theorem, the above construction can be generalized to arbitrary positive definite shift-invariant kernel k ( x , y ) = k ( x − y ) {\displaystyle k(x,y)=k(x-y)} . Define its Fourier transform p ( ω ) = 1 2 π ∫ R d e − j ⟨ ω , Δ ⟩ k ( Δ ) d Δ {\displaystyle p(\omega )={\frac {1}{2\pi }}\int _{\mathbb {R} ^{d}}e^{-j\langle \omega ,\Delta \rangle }k(\Delta )d\Delta } then ω 1 , . . . , ω D {\displaystyle \omega _{1},...,\omega _{D}} are sampled IID from the probability distribution with probability density p {\displaystyle p} . This applies for other kernels like the Laplace kernel and the Cauchy kernel. === Neural network interpretation === Given a random Fourier feature map z {\displaystyle z} , training the feature on a dataset by featurized linear regression is equivalent to fitting complex parameters θ 1 , … , θ D ∈ C {\displaystyle \theta _{1},\dots ,\theta _{D}\in \mathbb {C} } such that f θ ( x ) = R e ( ∑ k θ k e i ⟨ ω k , x ⟩ ) {\displaystyle f_{\theta }(x)=\mathrm {Re} \left(\sum _{k}\theta _{k}e^{i\langle \omega _{k},x\rangle }\right)} which is a neural network with a single hidden layer, with activation function t ↦ e i t {\displaystyle t\mapsto e^{it}} , zero bias, and the parameters in the first layer frozen. In the overparameterized case, when 2 D ≥ N {\displaystyle 2D\geq N} , the network linearly interpolates the dataset { ( x i , y i ) } i ∈ 1 : N {\displaystyle \{(x_{i},y_{i})\}_{i\in 1:N}} , and the network parameters is the least-norm solution: θ ^ = arg ⁡ min θ ∈ C D , f θ ( x k ) = y k ∀ k ∈ 1 : N ‖ θ ‖ {\displaystyle {\hat {\theta }}=\arg \min _{\theta \in \mathbb {C} ^{D},f_{\theta }(x_{k})=y_{k}\forall k\in 1:N}\|\theta \|} At the limit of D → ∞ {\displaystyle D\to \infty } , the L2 norm ‖ θ ^ ‖ → ‖ f K ‖ H {\displaystyle \|{\hat {\theta }}\|\to \|f_{K}\|_{H}} where f K {\displaystyle f_{K}} is the interpolating function obtained by the kernel regression with the original kernel, and ‖ ⋅ ‖ H {\displaystyle \|\cdot \|_{H}} is the norm in the reproducing kernel Hilbert space for the kernel. == Other examples == === Random binning features === A random binning features map partitions the input space using randomly shifted grids at randomly chosen resolutions and assigns to an input point a binary bit string that corresponds to the bins in which it falls. The grids are constructed so that the probability that two points x i , x j ∈ R d {\displaystyle x_{i},x_{j}\in \mathbb {R} ^{d}} are assigned to the same bin is proportional to K ( x i , x j ) {\displaystyle K(x_{i},x_{j})} . The inner product between a pair of transformed points is proportional to the number of times the two points are binned together, and is therefore an unbiased estimate of K ( x i , x j ) {\displaystyle K(x_{i},x_{j})} . Since this mapping is not smooth and uses the proximity between input points, Random Binning Features works well for approximating kernels that depend only on the L 1 {\displaystyle L_{1}} distance between datapoints. === Orthogonal random features === Orthogonal random features uses a random orthogonal matrix instead of a random Fourier matrix. == Historical context == In NIPS 2006, deep learning had just become competitive with linear models like PCA and linear SVMs for large datasets, and people speculated about whether it could compete with kernel SVMs. However, there was no way to train kernel SVM on large datasets. The two authors developed the random feature method to train those. It was then found that the O ( 1 / D ) {\displaystyle O(1/D)} variance bound did not match practice: the variance bound predicts that approximation to within 0.01 {\displaystyle 0.01} requires D ∼ 10 4 {\displaystyle D\sim 10^{4}} , but in practice required only ∼ 10 2 {\displaystyle \sim 10^{2}} . Attempting to discover what caused this led to the subsequent two papers.

Outline of computer security

The following outline is provided as an overview of and topical guide to computer security: Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide. The growing significance of computer security reflects the increasing dependence on computer systems, the Internet, and evolving wireless network standards. This reliance has expanded with the proliferation of smart devices, including smartphones, televisions, and other components of the Internet of things (IoT). (yes) == Essence of computer security == Computer security can be described as all of the following: a branch of security Network security application security == Areas of computer security == Access control – selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. Computer access control – includes authorization, authentication, access approval, and audit. Authentication Knowledge-based authentication Integrated Windows Authentication Password Password length parameter Secure Password Authentication Secure Shell Kerberos (protocol) SPNEGO NTLMSSP AEGIS SecureConnect TACACS Cyber security and countermeasure Device fingerprint Physical security – protecting property and people from damage or harm (such as from theft, espionage, or terrorist attacks). It includes security measures designed to deny unauthorized access to facilities, (such as a computer room), equipment (such as your computer), and resources (like the data storage devices, and data, in your computer). If a computer gets stolen, then the data goes with it. In addition to theft, physical access to a computer allows for ongoing espionage, like the installment of a hardware keylogger device, and so on. Data security – protecting data, such as a database, from destructive forces and the unwanted actions of unauthorized users. Information privacy – relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Internet privacy – involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors relate to a specific person. Mobile security – security pertaining to smartphones, especially with respect to the personal and business information stored on them. Network security – provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Network Security Toolkit Internet security – computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption. World Wide Web Security – dealing with the vulnerabilities of users who visit websites. Cybercrime on the Web can include identity theft, fraud, espionage and intelligence gathering. For criminals, the Web has become the preferred way to spread malware. == Computer security threats == Methods of Computer Network Attack and Computer Network Exploitation Social engineering is a frequent method of attack, and can take the form of phishing, or spear phishing in the corporate or government world, as well as counterfeit websites. Password sharing and insecure password practices Poor patch management Computer crime – Computer criminals – Hackers – in the context of computer security, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Password cracking – Software cracking – Script kiddies – List of computer criminals – Identity theft – Computer malfunction – Operating system failure and vulnerabilities Hard disk drive failure – occurs when a hard disk drive malfunctions and the stored information cannot be accessed with a properly configured computer. A disk failure may occur in the course of normal operation, or due to an external factor such as exposure to fire or water or high magnetic fields, or suffering a sharp impact or environmental contamination, which can lead to a head crash. Data recovery from a failed hard disk is problematic and expensive. Backups are essential Computer and network surveillance – Man in the Middle Loss of anonymity – when one's identity becomes known. Identification of people or their computers allows their activity to be tracked. For example, when a person's name is matched with the IP address they are using, their activity can be tracked thereafter by monitoring the IP address. HTTP Cookie Local Shared Object Web bug Spyware Adware Cyber spying – obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware. It may be done online from by professionals sitting at their computer desks on bases in far away countries, or it may involve infiltration at home by computer trained conventional spies and moles, or it may be the criminal handiwork of amateur malicious hackers, software programmers, or thieves. Computer and network eavesdropping Lawful Interception War Driving Packet analyzer (aka packet sniffer) – mainly used as a security tool (in many ways, including for the detection of network intrusion attempts), packet analyzers can also be used for spying, to collect sensitive information (e.g., login details, cookies, personal communications) sent through a network, or to reverse engineer proprietary protocols used over a network. One way to protect data sent over a network such as the Internet is by using encryption software. Cyberwarfare – Exploit – piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. Trojan Computer virus Computer worm Denial-of-service attack – an attempt to make a machine or network resource unavailable to its intended users, usually consisting of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Distributed denial-of-service attack (DDoS) – DoS attack sent by two or more persons. Hacking tool Malware Computer virus Computer worm Keylogger – program that does keystroke logging, which is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are also HID spoofing hardware keyloggers, like a USB device inserting stored keystores when connected. Rootkit – stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable contin

Tractable (company)

Tractable is a technology company specializing in the development of Artificial Intelligence (AI) to assess damage to property and vehicles. The AI allows users to appraise damage digitally. == Technology == Tractable's technology uses computer vision and deep learning to automate the appraisal of visual damage in accident and disaster recovery, for example to a vehicle. Drivers can be directed to use the application by their insurer after an accident, with the aim of settling their claim more quickly. The AI evaluates the damage from images, and therefore doesn't assess what isn't visible (such as, for example, interior damage to a vehicle or property). == History == Alexandre Dalyac and Razvan Ranca founded Tractable in 2014, and Adrien Cohen joined as co-founder in 2015. The company employs more than 300 staff members, largely in the United Kingdom. Tractable was named one of the 100 leading AI companies in the world in 2020 and 2021 by CB Insights. It won the Best Technology Award in the 2020 British Insurance Awards. In June 2021, Tractable announced a venture round that valued the company at $1 billion. Tractable was the UK's 100th billion-dollar tech company, or unicorn. In July 2023, the company received a $65 million investment from SoftBank Group, through its Vision Fund 2.

Department of Defense Directive 3000.09

Department of Defense Directive 3000.09 (DODD 3000.09), titled Autonomy in Weapon Systems, is the current U.S. military policy on autonomous weapons. It states: "Autonomous and semi-autonomous weapon systems will be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force." == History == Then-Deputy Secretary of Defense Ashton Carter issued DOD's policy on autonomy in weapons systems, Department of Defense Directive (DODD) 3000.09, in November 2012. DOD updated the directive in January 2023. In February 2023, the US issued a related foreign policy proposal, Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy. == Definitions == There is no agreed definition of lethal autonomous weapon systems that is used in international fora. However, DODD 3000.09 provides definitions for different categories of autonomous weapon systems for the purposes of the U.S. military. These definitions are principally grounded in the role of the human operator with regard to target selection and engagement decisions, rather than in the technological sophistication of the weapon system. DODD 3000.09 defines LAWS as "weapon system[s] that, once activated, can select and engage targets without further intervention by a human operator." This concept of autonomy is also known as "human out of the loop" or "full autonomy." The directive contrasts LAWS with human-supervised, or "human on the loop," autonomous weapon systems, in which operators have the ability to monitor and halt a weapon's target engagement. Another category is semi-autonomous, or "human in the loop," weapon systems that "only engage individual targets or specific target groups that have been selected by a human operator." Semi-autonomous weapons include so-called "fire and forget" weapons, such as certain types of guided missiles, that deliver effects to human-identified targets using autonomous functions. The directive does not apply to autonomous or semi-autonomous cyberspace capabilities; unarmed platforms; unguided munitions; munitions manually guided by the operator (e.g., laser- or wire-guided munitions); mines; unexploded explosive ordnance; or autonomous or semi-autonomous systems that are not weapon systems, nor subject them to its guidelines. == Role of human operator == DODD 3000.09 requires that all systems, including LAWS, be designed to "allow commanders and operators to exercise appropriate levels of human judgment over the use of force." As noted in an August 2018 U.S. government white paper, "'appropriate' is a flexible term that reflects the fact that there is not a fixed, one-size-fits-all level of human judgment that should be applied to every context. What is 'appropriate' can differ across weapon systems, domains of warfare, types of warfare, operational contexts, and even across different functions in a weapon system." Furthermore, "human judgment over the use of force" does not require manual human "control" of the weapon system, as is often reported, but rather broader human involvement in decisions about how, when, where, and why the weapon will be employed. This includes a human determination that the weapon will be used "with appropriate care and in accordance with the law of war, applicable treaties, weapon system safety rules, and applicable rules of engagement." To aid this determination, DODD 3000.09 requires that "[a]dequate training, [tactics, techniques, and procedures], and doctrine are available, periodically reviewed, and used by system operators and commanders to understand the functioning, capabilities, and limitations of the system's autonomy in realistic operational conditions." The directive also requires that the weapon's human-machine interface be "readily understandable to trained operators" so they can make informed decisions regarding the weapon's use. == Weapons review process == DODD 3000.09 requires that the software and hardware of covered semi-autonomous and autonomous weapon systems, be tested and evaluated to ensure they:Function as anticipated in realistic operational environments against adaptive adversaries taking realistic and practicable countermeasures, [and] complete engagements within a timeframe and geographic area, as well as other relevant environmental and operational constraints, consistent with commander and operator intentions. If unable to do so, the systems will terminate the engagement or obtain additional operator input before continuing the engagement.Systems must also be "sufficiently robust to minimize the probability and consequences of failures." Any changes to the system's operating state—for example, due to machine learning—would require the system to go through testing and evaluation again to ensure that it has retained its safety features and ability to operate as intended. The directive also notes that "the use of AI capabilities in autonomous or semi-autonomous systems will be consistent with the DOD AI Ethical Principles." In addition to the standard weapons review process, a secondary senior-level review is required for covered autonomous and semi-autonomous systems. This review requires the Under Secretary of Defense for Policy (USD[P]), the vice chairman of the Joint Chiefs of Staff (VCJCS), and the Under Secretary of Defense for Research and Engineering (USD[R&E]) to approve the system before formal development. USD(P), VCJCS, and the Under Secretary of Defense for Acquisition and Sustainment (USD[A&S]) must then approve the system before fielding. In the event of "urgent military need," this senior-level review may be waived by the Deputy Secretary of Defense. DODD 3000.09 additionally establishes the Autonomous Weapon System Working Group—composed of representatives of USD(P); USD(R&E); USD(A&S); DOD General Counsel; the Chief Digital and AI Officer; the Director, Operational Test and Evaluation; and the chairman of the Joint Chiefs of Staff—to support and advise the senior-level review process. == Congressional notification == Per Section 251 of the FY2024 National Defense Authorization Act (NDAA; Pub. L. 118–31 (text) (PDF)), the Secretary of Defense is to notify the defense committees of any changes to DODD 3000.09 within 30 days. The Secretary is directed to provide a description of the modification and an explanation of the reasons for the modification. Section 1066 of the FY2025 NDAA (Pub. L. 118–159 (text) (PDF)) additionally requires the Secretary to "submit to the congressional defense committees a comprehensive report on the approval and deployment of lethal autonomous weapon systems by the United States," annually through December 31, 2029. Section 1061 of the FY2026 NDAA (P.L. Pub. L. 119–60 (menu; GPO has not yet published law)) amends the U.S. Code to require congressional notification of any waiver issued under DODD 3000.09. == AI safety == The second revision of DoDD 3000.09, effective January 25, 2023, requires that "The DoD will design and engineer AI capabilities to fulfill their intended functions while possessing the ability to detect and avoid unintended consequences, and the ability to disengage or deactivate deployed systems that demonstrate unintended behavior." == Criticism == As noted in the Bulletin of the Atomic Scientists, the policy requires that autonomous weapon systems that kill people or use kinetic force, selecting and engaging targets without further human intervention, be certified as compliant with "appropriate levels" and other standards, not that such weapon systems cannot meet these standards and are therefore forbidden. "Semi-autonomous" hunter-killers that autonomously identify and attack targets do not require certification.

Trustworthy AI

Trustworthy AI refers to artificial intelligence systems that are designed to have transparent reasoning, are explainable (XAI), accountable, robust, fair and honest, respectful of data privacy, and steerable or alignable with human goals. == Terminology == Recent work in AI ethics distinguishes trustworthiness and trustability as two different conditions relevant to trustworthy AI. Trustworthiness is concerned with whether an AI system or the institutions deploying it merit trust by being reliable, fair, and accountable. Trustability, on the other hand, is the prior question of whether a given entity is even the kind of thing to which interpersonal trust can coherently apply as opposed to mere instrumental reliance. Some philosophers argue that current AI systems are best understood as tools that are not genuine targets of interpersonal trust. They argue that trust should be directed toward the human and institutional arrangements that govern the systems' design, deployment, and oversight. This stance supports interpreting "trustworthy AI" as trustworthy governance and use of AI rather than trust in the artifacts themselves. Transparency in AI involves making the processes and decisions of such systems understandable to users and stakeholders. Accountability ensures that there are protocols for addressing adverse outcomes or biases that may arise, with designated responsibilities for oversight and remediation. Robustness and security aim to ensure that AI systems perform reliably under various conditions and are safeguarded against malicious attacks. Harmlessness can be achieved by refusal training: training the models to avoid problematic requests, and by adding filters to detect and prevent discussion on biased, unethical, or dangerous outputs. There is research on how to train AI so that it aligns with human goals. == Techniques and ITU standardization == Trustworthy AI creation is a goal of AI governance and policymaking. To achieve transparency and data privacy, several privacy-enhancing technologies (PETs) can be used. These include: Homomorphic encryption for computing with encrypted data without ever decrypting it. Federated learning and secure multi-party computation (MPC) for distributing the model training without sharing information between the learning centers and computing servers. Differential privacy for exposing statistical data while guaranteeing that no private information is exposed. Zero-knowledge proof - providing proven validity for statements without disclosing any extra information. A work programme for achieving Trustworthy AI was set up by the International Telecommunication Union, an agency of the United Nations, initiated under its AI for Good programme. Its origin lies with the ITU-WHO Focus Group on Artificial Intelligence for Health, where a strong need for both privacy and analytics created demand for a standard in these technologies. In 2020, AI for Good moved online, and the TrustworthyAI seminar series was established to initiate discussions on these topics. This eventually led to standardization activities. === Multi-party computation === Secure multi-party computation (MPC) is being standardized under "Question 5" (the incubator) of ITU-T Study Group 17. === Homomorphic encryption === Homomorphic encryption allows for computing on encrypted data, where the outcomes or result is still encrypted and unknown to those performing the computation, but can be deciphered by the original encryptor. It is often developed with the goal of enabling use in jurisdictions different from the data creation (under, for instance, GDPR). ITU has been collaborating since the early stage of the HomomorphicEncryption.org standardization meetings, which has developed a standard on homomorphic encryption. The fifth homomorphic encryption meeting was hosted at ITU HQ in Geneva. === Federated learning === Zero-sum masks as used by federated learning for privacy preservation are used extensively in the multimedia standards of ITU-T Study Group 16 (VCEG) such as JPEG, MP3, H.264, and H.265 (commonly known as MPEG). === Zero-knowledge proof === Previous pre-standardization work on the topic of zero-knowledge proof has been conducted in the ITU-T Focus Group on Digital Ledger Technologies. === Differential privacy === The application of differential privacy in the preservation of privacy was examined at several of the "Day 0" machine learning workshops at AI for Good Global Summits. == Mozilla "Rebel Alliance" == In January 2026, the Mozilla Foundation and its subsidiaries announced a strategic shift to deploy their entire $1.4 billion reserve into building what foundation president Mark Surman termed a "rebel alliance" for trustworthy AI. Framed by Surman as a mission-driven alternative to the market dominance of OpenAI and Anthropic, the initiative seeks to establish an open-source AI stack by 2028. The alliance includes several startups funded via Mozilla Ventures, specifically focusing on decentralized governance and transparency: Trail: A firm developing AI compliance frameworks for regulated industries. Transformer Lab: A developer of open-source tools for AI model management. Oumi: A platform for training and deploying open-source models. The "rebel alliance" terminology is a historical reference to Mozilla's efforts in 1998 to challenge Microsoft's browser monopoly. While the $1.4 billion in funding is significant, it has been contrasted with the tens of billions in capital raised by proprietary competitors like OpenAI.

Apertus (LLM)

Apertus is a public large language model, developed by the Swiss AI Initiative (a collaboration between EPFL, ETH Zurich, and the Swiss National Supercomputing Centre). It was released on September 2, 2025, under the free and open-source Apache 2.0 license. Designed initially for business and research use cases around the world, Apertus was trained on over 1800 languages, and comes in 8 billion or 70 billion parameter versions and is available on Hugging Face for download. The model was developed aiming to adhere to European copyright law, and is one of the first examples of AI as a public good in the vein of AI Sovereignty. It is also the first large model to comply with the European Union's Artificial Intelligence Act. At its launch, the model creators emphasized multilinguality, transparency, and auditability as priorities in contrast to commercial frontier model. While international reception was largely positive, the first iteration was significantly behind the capabilities of frontier models and needs adaptation for many use cases with chatbots being a secondary but not a primary use case. As of late 2025, it was considered the largest and most capable fully open model. The capability of future models will depend in part on how much more funding can be secured.

Dr.Fill

Dr.Fill is a computer program that solves American-style crossword puzzles. It was developed by Matt Ginsberg and described by Ginsberg in an article in the Journal of Artificial Intelligence Research. Ginsberg claims in that article that Dr.Fill is among the top fifty crossword solvers in the world. == History == Dr.Fill participated in the 2012 American Crossword Puzzle Tournament, finishing 141st of approximately 650 entrants with a total score of just over 10,000 points. The appearance led to a variety of descriptions of Dr.Fill in the popular press, including The Economist, the San Francisco Chronicle and Gizmodo. A description of Dr.Fill appeared on the front page of the March 17, 2012 New York Times. Dr.Fill's score in 2013 improved to 10,550, which would have earned it 92nd place. Videos of the program solving the problems from the tournament are available on YouTube. The score in 2014 improved further to 10,790, which would have tied for 67th place. A video of the program solving the first six puzzles from that tournament, together with a talk given by Ginsberg describing its performance, can be found on YouTube. Dr.Fill has largely continued to improve since the 2014 event. In 2015, it scored 10,920 points and finished in 55th place. In 2016, it scored 11,205 points and finished in 41st place. In 2017, it scored 11,795 and finished in 11th place. In 2018, it scored 10,740 points, dropping to 78th place. Dr.Fill returned to "form" in 2019, once again scoring 11,795 and finishing in 14th place. The 2020 ACPT was cancelled due to COVID-19, and Dr.Fill participated as a non-competitor in the Boswords tournament instead. The program outperformed the humans, scoring 11,218 points (fast solves with a total of one mistake) while the best scoring human scored 10,994 points (slower solves but no mistakes). The 2021 ACPT was virtual, again due to COVID-19. The Dr.Fill effort was joined by the Berkeley NLP Group, creating a hybrid system named Berkeley Crossword Solver, and Dr.Fill won the main event, scoring 12,825 points with Erik Agard, the highest scoring human, scoring 12,810 points. The tournament was won by Tyler Hinman (12,760 points), who completed the championship puzzle perfectly in three minutes. Dr.Fill also completed that puzzle perfectly, but in 49 seconds. After winning the tournament, Ginsberg announced on August 8, 2021, that both he and Dr.Fill would be retiring from crosswords. == Algorithm == As described by Ginsberg, Dr.Fill works by converting a crossword to a weighted constraint satisfaction problem and then attempting to maximize the probability that the fill is correct. Probabilities for individual words or phrases in the puzzle are computed using relatively simple statistical techniques based on features such as previous appearances of the clue, number of Google hits for the fill, and so on. In doing this, Dr.Fill is attempting to solve a problem similar to that tackled by the Jeopardy!-playing program Watson; Dr.Fill runs on a laptop instead of a supercomputer and Ginsberg remarks that Watson is far more effective than Dr.Fill at solving this portion of the problem. Instead of computational horsepower, Dr.Fill relies on the constraints provided by crossing words to refine its answers. A variety of techniques from artificial intelligence are applied to attempt to find the most likely fill. These include a small amount of lookahead, limited discrepancy search, and postprocessing. Ginsberg remarks that postprocessing was chosen over branch and bound because the two techniques are mutually incompatible and postprocessing was found to be more effective in this domain.