What Happened Since the Largest-Ever AI Red Team
Perspective
What Happened Since the Largest-Ever AI Red Team
By Josh New
September 19, 2024
Washington, D.C.

Last year at the hacker convention DEF CON, SeedAI collaborated with the White House to help organize the world’s largest AI red-teaming event at the AI Village. Thousands of people came together to find vulnerabilities in the guardrails of AI models – including over 200 students from community colleges and other underserved folks flown in by SeedAI. This was a watershed moment, proving large-scale public participation in AI safety is both feasible and an opportunity for all to participate in the development of AI.

There is a clear through-line from this moment to the ever-increasing recognition that public participation in testing can make AI safer and more inclusive. But how did we get here, and what does the future of public participation in AI look like? 

The idea of fostering a participatory ecosystem for AI through testing may seem counterintuitive. Red-teaming has been a key tool in security research for decades and typically requires specialized skillsets. But this does not have to be not be the case with AI. With large language models, where the interface is typically plain language, the barriers to participate in red-teaming are dramatically lower. And when it comes to identifying shortcomings in model performance, the larger and more diverse cohort red-teaming a model, the better. 

SeedAI saw this as an opportunity to pilot the idea that modern AI opens up opportunities for broad, diverse, and relatively unskilled folks. In early 2023, SeedAI began working with cybersecurity and AI experts at Humane Intelligence, the AI Village, the White House Office of Science and Technology Policy, the National Science Foundation, and the Congressional AI Caucus to set our sights on an ambitious, large-scale public red-teaming event at the AI Village at DEF CON 31. 

As something like this had never been done before, SeedAI got to work to design what a public AI red-team would actually look like in practice. SeedAI held the first pilot of a competitive AI red-team with Houston Community College students at South by Southwest in March 2023. SeedAI then hosted a second pilot at Howard University in June to teach Howard students how to expose bias, potential harms, and security vulnerabilities in generative AI models. With DEF CON scheduled for just a few weeks away in August, SeedAI and our partners secured the participation of Anthropic, Cohere, Google, Hugging Face, NVIDIA, OpenAI, and Stability to provide model access to red-team participants. 

With all of the major AI players involved, the AI red-team at DEF CON ended up being the largest ever generative AI red-team (public or private) by an order of magnitude with 2,244 participants. SeedAI and community partners Black Tech Street and Houston Community College also brought 220 students & entrepreneurs from Tulsa, HBCUs, and community colleges to DEF CON to join in. Our goal was to ensure that the exercise would create a pathway for people from all walks of life to participate in shaping AI while demonstrating that including more diverse perspectives in red-teaming makes AI more resilient, reliable, and trustworthy for all Americans. The lessons learned from the DEF CON AI red-team highlight that public red-teaming – while not replacing the need for robust internal testing and evaluation practice – is a valuable addition to the broader AI safety landscape and can shine greater light on harms related to demographics and lived experiences. 

The landscape was forever changed after the announcement of this effort. As we worked with OSTP to prepare for DEF CON, the White House began securing voluntary commitments from 16 of the world’s leading AI companies to utilize internal and external redteaming as part of their efforts to make AI safe, secure, and trustworthy. In February 2024, the National Institute of Standards and Technology (NIST) launched its AI Safety Institute Consortium (AISIC) to bring together over 280 organizations across industry, civil society, and academia to collaboratively advance the science of AI safety, including developing best practices for red-teaming. And in August, at DEF CON 32, SeedAI supported the AI Village in hosting the second iteration of the public AI red-team. 

This progress has been tremendously encouraging. And while red-teaming is a natural entry-point for greater participation in AI, policymakers, industry, academia, and civil society should seek to lower barriers to public participation in AI through as many domains as possible. SeedAI has long believed that empowering communities that have limited access to AI skills will be one of the most effective strategies for expanding public participation in AI throughout the country. For example, in August, three community colleges, all of which were represented in the cohort brought to DEF CON by SeedAI, launched the National Applied AI Consortium to serve as a hub for AI education and training for community college students.  

As we move forward, we take with us a key lesson: public participation in AI means more than just making the technology perform more effectively for diverse populations. It means ensuring that the trajectory of the technology bends towards the needs of the many, not the few, and that all American can have a hand in shaping the future of AI.