Abstract

Protopia AI offers an exclusive solution for an overlooked challenge, inference privacy and data protection to enable inter- and intra-enterprise data sharing and securing inference services against data leaks.

Data used in inference services contains a staggering amount of privileged and private information across many industries such as finance, healthcare, insurance, voice assistants, smart speakers, surveillance systems, and others. The interwoven mix of data poses significant risks for businesses and their customers. While data is protected at rest and in motion through encryption, it will be exposed during inference as that data needs to be processed in an un-encrypted fashion.

Protopia AI addresses this structural gap in inference privacy using a novel obfuscation technology, which leverages gradient mechanisms to find stochastic data transformations that obfuscate the data while also keeping the inference service highly performant.

This solution for Confidential Inference–demoed here–is part of Protopia AI’s suite of AI data and model transformations. These transformations protect access to the data and integrity of the AI models in an automated fashion. Protopia’s solutions reduce restrictions facing data sharing for AI, enhance data security and privacy for AI and help identify vulnerabilities to adversarial attacks, as well as protect models from inversion attacks.

Protopia AI’s solutions significantly shrink the attack surface at the data level before compute starts. As such, Protopia accelerates the deployment process of AI, minimizes exposure to leakage of sensitive data and models, and prevents unintended inferences.

How it works

Protopia AI exclusively offers a non-obtrusive software-only solution for Confidential Inference in the market today. We deliver unparalleled protection for inference services by minimizing exposure of sensitive information. With Protopia’s solution, AI is fed only the parts of the data records that are truly essential to carrying out the exact task at hand; nothing more. Most inference tasks do not need to use all the information that exists in every data record. Regardless of whether your AI is consuming images, voice, video, or even structured tabular data, Protopia delivers only what the inference service needs. Our patented core technology uses a mathematical approach to replace any information that is not conducive to a given service with curated noise.

We formulate this problem as a gradient-based perturbation maximization method that discovers the pertinent subset in the input feature space with respect to the functionality of the model. This discovery process is run as a fine-tuning pass at the end of training the model. After the pass, automatically, generates a set of probability distributions that qualify the pertinent subset of input features. During inferencing, a low-overhead data transformation applies noise samples from these distributions to the input, obfuscating it, before passing it to the model.

Protopia AI in action

To demonstrate the capabilities our data transformations for confidential inference, we present two usecases.

In a baby monitoring usecase, where a baby monitor needs to detect whether the mouth and nose of the baby are covered, currently the unencrypted pictures on the left are inferred upon. Using the images on the left results in 99% accuracy but 100% of the private data is potentially exposed.

With Protopia, the same model achieves 98% accuracy using the redacted pictures on the right with 0% private data exposed.

Face Detection

In a face detection usecase, an AI process is counting the number of faces, not trying to identify any single person. Currently, the unencrypted image on the left shows both the face count (required), and the sensitive identifiable facial features (not required). A data leak will expose both the sensitive information that exists in the raw image.

Protopia’s obfuscated image on the right still allows the inference task to count the faces but removes the sensitive, identifiable features, leaving a malevolent actors with nothing of value to them and avoiding any liability for business due to data leaks.

Try it out

We provide a docker environment, so that anyone could experience the effectiveness of Protopia AI in securing private data.

Baby Face Mask Detection

This demo illustrates a baby face mask detection with and without Protopia’s Technology. The demo is packaged as a container image that contains all the dependencies you need to see Confidential Inference in action. The demo allows you to provide an image of a cropped baby face and see the baby face with obfuscation as well as the result.

  1. Make sure you have Docker installed on your machine, and it is up and running. See instructions here on how to install Docker.
  2. Once Docker is installed, pull the latest Protopia demo by running:
    docker pull ghcr.io/protopia-ai/demo:latest
  3. Now, take a selfie or get any picture with faces on it, and place the picture in a directory. You can also download our reference image from 1 2 3 4.
  4. Open up the terminal, and cd into the directory that contains the image, and run the demo to see the comparison of input images with and without Sifter
    docker run -v $PWD:/data ghcr.io/protopia-ai/demo:latest -i /data/input.jpg -o /data/output.jpg

Face Detection

This demo illustrates a face detection network with and without Protopia’s technology. The demo is packaged as a container image that contains all the dependencies you need to run it. The demo allows you to provide an image as input and see the faces detected in it with and without obfuscation.

  1. Make sure you have Docker installed on your machine, and it is up and running. See instructions here on how to install Docker.
  2. Once Docker is installed, pull the latest Protopia demo by running:
    docker pull ghcr.io/protopia-ai/demo:latest
  3. Now, take a selfie or get any picture with faces on it, and place the picture in a directory. You can also download our reference image from here.
  4. Open up the terminal, and cd into the directory that contains the image, and run the demo to see the comparison of input images with and without Sifter
    docker run -v $PWD:/data ghcr.io/protopia-ai/demo:latest -i /data/input.jpg -o /data/output.jpg

References

For more information

For more information, please contact us at info@protopia.ai

Menu