The evolving nature of AI models makes their products ambiguous and unpredictable. Quality assurance methods must accommodate the complexity of AI/ML applications and overcome issues related to lack of security, privacy, and trust. Let’s take a look at the approach to testing AI/ML applications and some of the important issues to be aware of.
Verifications & Validations of AI/ML Applications
The standard approach to creating AI models, known as the Standard Cross-Industry Process for Data Mining (CRISP-DM), starts with data collection, preparation, and cleaning. The resulting data is then iteratively used in multiple model approaches before the perfect model is finalized. Testing for this model first uses a subset of the information that has gone through the above process. By feeding this test data into the model and running multiple combinations of hyperparameters or variants on the model to see its correctness or accuracy, the model is supported by appropriate metrics. These test datasets are randomly generated from the original dataset and applied to the model. This process is very similar to new data simulation methods and will determine how future AI models will scale.
Quality Assurance Challenges
There are countless issues that must be addressed with data-driven testing and quality assurance of AI/ML applications. Let’s take a look at a few:
The decision-making algorithm of an AI model has always been regarded as a black box. Recently, there has been a clear trend toward making models transparent by explaining how they arrive at a set of results based on a set of inputs. It aids in understanding and improving model performance and helps recipients understand model behavior. This is even more important in areas where complaints are common, such as insurance or healthcare systems. Some countries also require explanations for decisions made in conjunction with AI models.
Post facto analysis is the key to interpretability. By performing post-analysis on specific instances misclassified by the AI model, data scientists can understand the parts of the dataset that the model actively focuses on when making decisions.
The decision-making ability of an AI model depends mainly on the quality of the data it is exposed to. There are many cases where bias seeps into how input data or models are streamed, such as Facebook’s sexist ads or Amazon’s AI-based automated recruiting systems that expose discrimination against women.
The historical data Amazon uses for its systems has been heavily skewed over the past decade due to the dominance of men in the workforce and the tech industry. Even large models like Open AI or Code pilot suffer from world bias permeating their models as they are trained on inherently biased global datasets. To remove bias, it is important to understand what the data was selected for and which features contributed to the decision. A bias in the model can be detected by identifying the attributes that excessively impact it. Once these attributes are identified, they are tested to see if they represent the entire dataset.
According to the Deloitte State of AI in Enterprise Survey, 62 percent of respondents believe cybersecurity risk is an important issue for AI adoption. Forrester Consulting’s Emergence of Offensive AI report found that 88 percent of security industry decision-makers believe offensive AI is on the horizon.
Since AI models are built on the principle of becoming more intelligent with each iteration of actual data, attacks on such systems also tend to get smarter. Things are further complicated by the advent of adversarial hacks, which aim to attack AI models by modifying a simple aspect of the input data down to a single pixel in an image. Such small changes can introduce more severe disruptions in the model, leading to misclassification and erroneous results.
The starting point for overcoming such security issues is understanding the types of attacks and vulnerabilities in the model that hackers can exploit. It is critical to collect literature and domain knowledge on such attacks and create a repository that can predict such attacks in the future. Employing AI-based cybersecurity systems is an effective technique for deterring hackers. AI-based methods can predict how hackers will react, similar to how they predict other outcomes.
As privacy concerns such as GDPR, CCPA, and more, become increasingly common across all applications and data systems, AI models are also under scrutiny. Not to mention that AI systems rely heavily on massive amounts of real-time data to make intelligent decisions—data that can reveal a wealth of information about a person’s demographics, behavior, and consumption attributes.
The AI model needs to be examined to assess how it discloses information to address privacy concerns. Privacy-conscious AI models take appropriate steps to de-anonymize, pseudonymize, or use state-of-the-art privacy-enhancing techniques. The model can be evaluated for privacy violations by analyzing how a privacy attacker takes training data input from the model and effectively modifies it to gain access to personally identifiable information. The two-step process of discovering derivable training data through an inference attack and then identifying the presence or absence of PII in the data helps identify privacy concerns when deploying models.
Accurate testing of AI-based applications requires extending the concept of quality assurance from the scope of performance, reliability, and stability to new dimensions of explainability, security, bias, and privacy. The international standardization community is also working on this idea by extending the traditional ISO 25010 standard to include the above aspects. As AI and ML model development continue, focusing on all of these aspects will result in more robust, always-learning, and compliant models capable of producing more accurate and realistic results.