[creata]

Why does there seem to be such a disregard for security in deep learning?

There's examples like this post, but also, until recently, almost every deep learning model was literally distributed as a pickle file.

[wisemang]

"Security is not my field, I'm a stats guy": a qualitative root cause analysis of barriers to adversarial machine learning defenses in industry [0]

[0] https://dl.acm.org/doi/abs/10.5555/3620237.3620448

[dysoco]

From my outsider perspective, it's a field that moves very fast, there seem to be new tools being released every week so:

1) As the developer if you focus on hardening, you might be too late to release.

2) People downloading shiny new libs/files/programs constantly.

3) Influx of people not that versed in the basics of computer security playing around with local LLM models, image generators, etc.

[justinclift]

That seems like an almost exact duplicate of the NodeJS/NPM issues?

Those same points (but the NodeJS/NPM version of them) is a lot of why that ecosystem is having security and reputation issues as well.

[chx]

It's not specific to deep learning, practically every industry will look at security as a cost just not worth it. When we start throwing the CEO into jail instead of making them pay a 18.5M fine for losing the data of 41 million customers that's when things will change. Until then, it's just the cost of doing business.

[486sx33]

Really? Throw a CEO in jail? This is just as crazy as the whole throw the supervisor in jail if the worker dies mantra in construction.

#1 users are responsible to look after their privacy. If you are using applications that don’t allow this - you need to reject the use of those applications.

#2 this needs to start happening in mass numbers. People need to rise up against these crazy corporate tech companies and their bull

[creata]

I would love to live in a world where everyone did that. But that's (currently) a utopian pipe dream.

I don't know if throwing CEOs in jail is the answer, but neither is putting all the responsibility on people to make tough choices like "give up my privacy or fall out of touch with my friends" or "give up my privacy or give up the chance to get this job".

[chx]

Well, we are currently at the "we tried nothing and we are out of ideas" stage so something needs to change.

[sys_64738]

Isn’t this just one of the milestones that’ll eventually happen? Blind panic due to security always occurs at some point. There must be a ‘law’ defined for this somewhere.