How to Remove a Watermark in AI-Generated Texts: Analysing a DeepMind Token for a Natural Person’s Perception
Never miss an episode. Subscribe to the Nature Podcast on
Apple Podcasts
,
Spotify
,
YouTube Music
or your favourite podcast app. The NaturePodcast has an RSS feed as well.
When a researcher examined her brain repeatedly to see how it responded to birth-control pills, she found that high-altitude tree planting could provide a sanctuary to an imperilled butterfly species.
However, it is still comparatively easy for a determined individual to remove a watermark and make AI-generated text look as if it was written by a person. This is because the watermarking process used in DeepMind’s experiment works by subtly altering the way in which an LLM statistically selects its ‘tokens’ — how, in the face of a given user prompt, it draws from its huge training set of billions of words from articles, books and other sources to string together a plausible-sounding response. Analyzing an alterations can detect this one. The signal may be removed by paraphrasing or asking another LLM to rewrite it. And a watermark once removed is not really a watermark.
From Ancient to Modern: Probing AI and Human-Human Interactions with LiDAR Observations of Two Central Asian Cities
Researchers have uncovered the scale of two ancient cities buried high in the mountains of Uzbekistan. The cities were thought to be there, but their extent was unknown, so the team used drone-mounted LiDAR equipment to reveal what was hidden beneath the ground. The survey showed that one of the cities was six times larger than expected. It was suggested that the highland areas played an important role in trade of the era because the two cities were nestled in the heart of Central Asia.
In a welcome move, DeepMind has made the model and underlying code for SynthID-Text free for anyone to use. The technique is in its infancy and the work is an important step forwards. It needs to grow up fast.
There is an urgent need for improved technological capabilities to combat the misuse of generative AI, and a need to understand the way people interact with these tools — how malicious actors use AI, whether users trust watermarking and what a trustworthy information environment looks like in the realm of generative AI. These are all questions that researchers need to study.
However, even if the technical hurdles can be overcome, watermarking will only be truly useful if it is acceptable to companies and users. Regulation is likely to cause companies to take action in the next few years, but whether users will trust watermarking and similar technologies is another issue.
Getting watermarking right matters because authorities are limbering up to regulate AI in a way that limits the harm it could cause. Watermarking is seen as a linchpin technology. Last October, US President Joe Biden instructed the National Institute of Standards and Technology (NIST), based in Gaithersburg, Maryland, to set rigorous safety-testing standards for AI systems before they are released for public use. NIST has a plan to reduce the harm from artificial intelligence, and it is seeking public comments on how it will be done. There is no firm date yet on when plans will be finalized.
The authors’ approach to watermarking LLM outputs is not new. OpenAI is a company based in San Francisco, California, that is testing a version of it. But there is limited literature on how the technology works and its strengths and limitations. One of the most important contributions came in 2022, when Scott Aaronson, a computer scientist at the University of Texas at Austin, described, in a much-discussed talk, how watermarking can be achieved. Others have also made valuable contributions — among them John Kirchenbauer and his colleagues at the University of Maryland in College Park, who published a watermark-detection algorithm last year3.
