IBM Turns to Blockchain To Solve Some of AI's Thorniest Problems

Audio-Only Podcast

Editor's note: Find the Blockchain Journal Podcast wherever you listen - Subscribe to our content on Apple Podcasts, YouTube Music, Spotify, SoundCloud, and Pandora.                                  

  

           

Full-text transcript of David Berlind's Interview with Shyam Nagarajan, Global Partner with IBM Consulting with a focus on Blockchain and Responsible AI

David Berlind: Today is Tuesday, February 6th, 2024. I'm David Berlind. This is the Blockchain Journal Podcast. Thank you very much for joining us. And today, my guest is Shyam Nagarajan. He is a global partner with IBM Consulting, and he focuses on blockchain. It's something that IBM calls Responsible AI. Right now, in the blockchain world, the value of blockchain to artificial intelligence is dominating the conversation. IBM has something to say about it. Shyam, thanks very much for joining us here on the Blockchain Journal podcast.

Shyam Nagarajan: David, thank you for the opportunity. Thrilled to be here.

Berlind: It's great to have you here. [The] last time we spoke, you were in Davos at [the] World Economic Forum in 2023. I'm sorry. I missed you this year. [I] couldn't make it, but I'll be back there next year.

Let's talk about artificial intelligence and blockchain. What is IBM's position, or maybe, what's your personal position on how blockchain can help artificial intelligence?

Nagarajan: Well, look, AI has been around for 60, 70 years, maybe more, and it's gone through a significant evolution. What's... The reason why everyone is talking about it now is : what can you do with it has changed significantly, right? And it has the ability to capture data, the amount of data that enterprises, individuals generate, and is being able to be captured in different forms of storage, and then be used to train these models, as we call it in the AI world, has gone up. It's led to new possibilities.

So, the relevance of blockchain in the world of AI, I would say, as these models become more and more intelligent, they need a way to be anchored in trust, and trusted data is the best way to do that.

I've spent the last seven years of my life working on trusted data. Blockchain is a technology that essentially allows trusted data to be created in different forms and used within organization[s].

So, in artificial intelligence, your so-called foundational models come from using data sets that organizations generate, or is available publicly, and to be used to train these models. And the issue is, if you use the wrong set of data to train these models, you know, garbage in, garbage out. So, you will start to see if the data, data has PII information in it, or if the data is biased, or if the data actually has copyright information inside it. Then it'll all again, when the model is put to use, queried, then you'll see its surface, right?

Berlind: Well, let's back up a little bit because you talked about how you've been working with trusted data for a very long time. It sounds almost to me like like you're implying that there is a risk of data that's not trustworthy or untrusted data. So let's talk a little bit about that. Trusted data versus untrusted data. What types of data would you not trust?

Nagarajan: Look, data is generated everywhere, and data is generated in different forms. From devices, from individuals, from organizations. organizations, enterprises, transactions, internet, right? And, not all data are factual, not all data are relevant, not all data is actually in the right form that can be used by other organizations.

So when I specifically say trusted data, one, the data is vetted; second, the data is free from all the things that I talked about: bias, copyright issues, actual consent, which is a huge, huge deal, right? I mean, I know my Google, Facebook, Amazon, and as well as my telco provider is capturing data about me and my personal usage and explicit consent is a little bit questionable there. Sometimes, I don't even know what I'm consenting to because the legal terms aren't that clear.

Then AI models use these kind[s] of data to train and capture different weights in their neural networks. Then that gets... becomes the substrate for the future recommendations that the AI model provides. So, when you say trusted data, data that's free from all these issues is one. Second...

Berlind: Okay, okay, so I just want to make sure. We have three issues there that you identified. You identified one is the factual basis of the data, the accuracy of the data. Number two is the relevance of the data. And number three would be, I think, you mentioned, data format. Is it formatted properly for whatever the application is, and are any sort of transformations required before it can be used for the particular application?

Nagarajan: Well, I would rather, instead of data format, it's actually consented data.

Berlind: OK.

Nagarajan: Data that's actually consented by whoever is producing that to be used in train models.

Berlind: I see. OK, OK

Nagarajan: So when you step back and say, when you're using these different kind[s] of data sets to train the model, to be able to prove the provenance of where these data came from is so important. And second, to be able to, in the software supply chain of AI models, someone creates the data, then someone else actually uses the data to train the models, and create these foundational models, and from foundational models, then you fine tune it, prompt tune it, inject new data sets into it, and create a new version that's more domain-specific. So now you're crossing [the] boundaries of individual organizations.

Berlind: Right, you're moving further away from the original data set.

Nagarajan: That's correct. So you need a way to prove provenance of what you actually use. Now, for various...

Berlind: So, let's just pause there. What you're saying is, that you move more steps away from the original creation of the data itself. At any one of those steps, you need to check the provenance of the data that whatever that step is working with, you need to check that against the original version to make sure that that original version hasn't changed in some way or has been tampered with. Is that what you're getting at here?

Nagarajan: Well, it's not [that] the original version has been changed. I mean, if it's real, live data, we expect some form of change as it goes along. But there's always a snapshot. Snapshot that's used, right, in order to train the model.

Berlind: So, you're checking that snapshot against... You're checking whatever snapshot that something is working with against the provenance of the original snapshot?

Nagarajan: Look, here's a very simple example, right?

Berlind: OK.

Nagarajan: It's about... I make a decision based on, say the labor rates from the federal, from the feds on a particular say a mortgage rate decision, right? Labor rates tend to move, change.

Berlind: Sure.

Nagarajan: But, when I made that decision, I need to make sure at that point that this was the rate that was in the market.

Berlind: Right.

Nagarajan: That ability to trace back is important to prove and audit and show compliance that this was the reason why this recommendation was made, this decision was made. And that's auditability. That's the entire traceability proof. Now, as we talked about, in the supply chain of AI models, as you go through multiple organizations, the original path or original data gets far removed from where the actual model gets used. So, to be able to trace it, you need something like a blockchain to be able to do that.

Berlind: So let's talk through that. Today, there are plenty of AI applications, and models, and processes [that are] out there being used in production that blockchain is not connected to in any way, shape, or form. And so I want to come back to the risk. I think what I'm hearing is that: as you get more... at any step of the supply chain and how far away you get from the data and the model, you have an increasing amount of risk that the data you're working with may not reflect the data that was originally entered into the system... found its way into the system.

Now, today, there's no... Well, there are ways you can check that you can always apply a checksum. People have done that for years when it comes to downloading software. It lets... before we download this executable file, or when we do, let's verify the checksum of that file against the checksum that the original author applied to the file when they created it. So, that's one way to kind of double-check the authenticity of the data. But, what it sounds like what you're saying is, is that this is somewhat of a similar application, but now blockchain brings some additional level of comfort to all of the different parties along the supply chain that they are working with the correct data?

Nagarajan: Well, look as the... Actually, this whole thing changed with GenAI [Generative AI], right? GenAI allows you to build on top of the work that someone else has already done, and that right really changes the game.

Berlind: Right.

Nagarajan: [The] second thing is...

Berlind: Well, just so our audience understands, what's the difference between AI and Generative AI?

Nagarajan: It's truly about foundational models and large language models, right? In traditional AI, there are specific algorithms, and you use that to train the models up, and it acts a certain way. In Generative AI, it produces something that is based on a lot of the data that you have trained it on, but [it] is able to create and conjure up new things based on what it has read, right? Or being trained on.

Berlind: OK.

Nagarajan: So that's the GenAI – or Generative AI – can be applied to tasks like summarization. You call up a call center employee, and they help you with customer service activities. But then at the end of the activities, they can apply Generative AI based on your conversation to summarize what was the net-net of the entire conversation, right? That's it.

Berlind: Okay, so let's go back now. We've got AI, we've got Generative AI, which maybe introduces more risk because it sounds like the data could be kind of morphing into other things as it goes through the supply chain. Let's come back to that one – the checksum question again. So, this is all happening in the supply chain of data. Are we essentially... What is it that blockchain brings to this equation versus something as simple as a checksum? What's the big difference of blockchain? Is it the public nature of blockchain? It's there for everybody to see?

Nagarajan: I'll tell you something that actually was... It's real, and it happened recently. Samsung got called out on using OpenAI, the Microsoft-backed LLM model...

Berlind: Sure.

Nagarajan: And they got called out because some of the content put out from it was copyright[ed] information and Samsung... there was a lawsuit aligned around it.

To be able to prove whatever... It's okay to use copyrighted information as long as you have consent from the producer of that material, that they give them permission, and also they are appropriately compensated for it, right? So now we talked about LLMs, our foundational models, moving across multiple organizations. That consent management and as well as that copyrighted information knowledge gets left out. And as that evolution of the LLM models go across multiple organizations, then the ability to show traceability is where a public blockchain really comes in handy.

You talked about checksum. Being able to, at any point, snapshot the data sets and say, "Hey, this isn't a snapshot of that data set." It goes into the public place and therefore I can assure a certificate of trust for this LLM that you won't be sued because you used any copyright information. You won't be sued because it has biased information. You can always always be compliant and call out some why the generative AI is making recommendations because the data sets that was used are completely traceble and provable. So that's kind of the net-net value.

Berlind: I understand. Do you need some sort of very sophisticated application layer that lives on top of this to be able to dig back through the chain of events and compare? Let's say it was like a string of checksums. I'm just kind of using that as a metaphor, but all along the way, you're establishing a new layer of provenance around whatever version of the data it is. However, it's morphing because of Generative AI. So you have to kind of, in the same way that you got to this endpoint, you have to kind of reverse engineer how you got there and take it all the way back to the beginning.

Sounds like, to me, you need a fairly sophisticated application layer just to do the heavy lifting of that, because you can't just take some blockchain explorer and go on to the public blockchain, whichever one you're using to keep track of all this for the traceability you're describing, and start clicking around and looking at transactions. That's not... That's just not scalable or even doable for a human being, so it sounds like you need some kind of layer on top of this, right?

Nagarajan: You do need a governance or a management layer on top of it...

Berlind: Yeah, OK.

Nagarajan: That keeps track of all these different hashes, and that gets put out in the public chains and the auditability layer.

Berlind: Right.

Nagarajan: But, it's not that onerous to build it. And it's a[n] extra level of data integrity and governance that it offers to the AI solution. This is the work that we are doing with CasperLabs as a ...

Berlind: OK.

Nagarajan: As way to build that framework on top of the AI governance layer itself. It can be done. It doesn't have to be a particular product, but it can be done for any organization. Public....

Berlind: I can imagine that applications of this larger application framework that we are talking about, not to overuse the word application there. Maybe there are different sensitivities in different applications. 

Like, if I took a military application, and we all know that we've heard this already, artificial intelligence is playing a role on the battlefield where speed is of the essence. Whoever figures out where to target their ballistics first, wins. And that's always been the case on any given battlefield, and accurately targeting. If the targeting applications are based on some model and the data has been tampered with in some way that worked its way into the supply chain, as you were just talking about, the outcome could be catastrophic. I can imagine adversaries, if they know each other... If two adversaries know that each other is using AI, there's going to be some amount of espionage going on trying to get into that AI and break it or tamper with it in a way that changes the outcome.

So, is this a good example of where just before the automatic firing of a weapon takes place, you double-check to make sure that the data you had that got you to the targeting of that weapon is indeed the right one? Is that... I'm just trying to imagine the business logic here. It's somewhere along the line you want to double-check that provenance and authenticity before you take the next step. Is this a good example of where that...

Nagarajan: Well, look, I would tell you the latency — the network latency – at the decision of pressing a button to shoot a target will be too high and probably not the right place for the checks to happen. But, these kind[s] of checks can be constructed or built into the model itself before a model is published. So, think of...

Berlind: But, couldn't you have a – because of blockchain and how you can run... Blockchain is based on lots of nodes running simultaneously. You could have a node that's essentially a copy, even though it's not online, or as you point out...

Nagarajan: It's possible. Look, it's possible. 

Berlind: Yeah.

Nagarajan: It's not just the network latency. I think... Look, if you think about the models, they don't really keep a copy of the data itself, but they create these neural networks and weights and almost a tree of how they keep the information, right?

Berlind: Right.

Nagarajan: And that's what is more important. You want to... It's not just blockchain, it's standard cybersecurity practices that [it] has to be combined with. So you have to keep the model safe, that it's not being tampered with, and as well as the data proof that's been used to train it in order to make it secure and compliant. So, the tamper-proof that blockchain offers is a good way. In the future, I can see where these weightings of the individual models itself can also be put on blockchains where it cannot be tampered with explicitly by any of the hackers or threats by third-state... third-party actors.

Berlind: Now, you were talking a little bit about the application layer that you're putting together with CasperLabs. So, describe that application layer. What's the sample application that you guys experimented with just to kind of prove the value of what you're talking about?

Nagarajan: Well, the first first application of that was around version controlling. But, third-party risk increases, as I told you, multiple handoffs across organization[s]. So, version control of these models when something... A fine-tuning of a particular model at a particular step... Here's the reality: people think "Oh, I use someone else's model, and then I tune on top of it and then give it to someone else, and they use it. Everything is done." It doesn't work that way. When this, the twice-remote model changes, you have to update your model, and then the next person has to update their model, and it continues on.

Berlind: I'm sorry. When you said it twice changes, you mean the second person or third person down the chain. They have to update there.

Nagarajan: They're going to see the impact.

Berlind: Yeah, they have to update their models.

Nagarajan: They're going to see the impact because the model has to adapt to the new capabilities that's coming through, right?

Berlind: The new underlying data model. If you take it all the way back to the beginning, once that changes, It's like a... it's like a domino effect. You have to kind of cascade that through the whole chain.

Nagarajan: That's correct. So, that's version control, and blockchain is a great way to manage those kind of changes across all these different organizations.

Berlind: Right.

Nagarajan: So that's the first place where we're going to start with. We have... I mean, CasperLabs has different plans to bring, on top of it, the ability to address consent, is a huge, huge deal. So ensuring that the data that's used to train and the copyright materials is actually well cataloged and consent managed.

Another angle on this is especially when you're using the RAG (Retrieval Augmented Generation) patterns for... RAG patterns are used to take large documents and supplement existing large language model[s] to answer specific questions for policies or frameworks within organizations. It's used in healthcare. Customer service is a huge, great application of this kind of logic. But to be able to... When you ask a question to be able to explain where it actually came from is of huge importance. So explainability is a huge application of this.

But, when you tie this into publically available, say, analysis reports or specialized documents that are created by individuals. So, to be able to attribute it back, again, blockchain is a huge application of it. So...

Berlind: Another example that I've always thought of with AI is that today, you pointed out, very early in this interview, one of the problems with bias in these models, right? There's [been] plenty. Look at the mainstream media; there are plenty of horror stories about bias in AI and how it's ultimately impacted certain individuals.

So, is there a way that AI can be used... right in the algorithm as the AI is making decisions? I mean, AI can be used to make decisions, of gets this... When you think about the workflow of AI it encounters a lot of forks in the road. Should it go left, or should it go right? And sometimes it goes left when it should have gone right. Can AI be used to trace the workflow so that later on, somebody can go back and say, "Okay, what did the AI actually do?" Like literally sort of like, the idea of a checkpoint that debuggers use to look at code and see what it's doing. Can you use AI to track the algorithms to see if they're performing according to expectations?

Nagarajan: So, let me talk to you about a couple of things here, right?

Berlind: OK.

Nagarajan: A model that's trained on a particular data set can be tested for bias and there are open source frameworks, there are actually testing frameworks for these from Stanford and number of other open source organizations. In fact, IBM, along with all these different institutions, initiated the AI Alliance along with Meta and a number of other organizations, and they recommend[ed] a number of open-source toolings that can actually test and grade your model for bias and hate, abuse and profanity, and all those kind of things.

So [the] first thing is, before a model actually goes into production, you want the right testing frameworks to be in place, so it tells and tell it tests and tells you: does it pass the threshold or does it fail? If it fails, then you have to go back, relook at the data sets, and retrain it. But if it passes, that's great. So, you continue on to the next step. Now...

Berlind: Well wait. But can't... That's great if you're the person who's developing the model and implementing the application and the AI and all that, but in situations where you want to keep a public record of what the AI is doing, which I can imagine you might want to keep so that other people, in a very transparent fashion, can go and look and see what decisions the model has made or is making or how it's working, they can, right? It just seems to me like that's an opportunity here for blockchain because...

Nagarajan: Yeah, it is. So that's where I'm going with this. There's a concept called AI Fact Sheet. So when you do the testing, it actually gives you a score against all these different metrics. That can actually be published to blockchain.

Now, remember, nothing is constant; there is change that's continually happening. As you ask questions or tune the models, the model learns, and there is drift happening. They call it model drift. And, in the model drift, there is a possibility that the bias or HAP [hateful, abusive, or profane content] or these things get introduced back because if you keep asking bad or profanity-driven questions to the model, [the] model is going to learn from it and it kind of sides towards that.

Now, this is where, again, the blockchain-based fact sheets retesting it, continuous testing of these frameworks tells you one, there is model drift that it's been learning from. Second, also to be able to compare against the previous fact sheets that tells you what was his previous score and therefore flag, "Hey there is a significant shift." You can either correct it by injecting what you call synthetic data that adjusts for the drift or allow it because it actually is legitimate and it's something that you want to accept in your way of doing business. So...

Berlind: I understand.

Nagarajan: So, blockchain, again, gives you that public view. These fact sheets are incredibly valuable, especially when you want to put them out in a regulated industry to be able to show compliance, auditability, and traceability for all these different criterias.

Berlind: And, of course, blockchain's immutability is important there because...

Nagarajan: Well, that's the reason I keep insisting on public blockchain than private blockchains in these kind[s] of scenarios.

Berlind: So let's just talk about IBM Consulting for a minute because if you're getting involved in this, you talk... Your title involves the word Responsible AI, and blockchain, of course. Are IBM's customers asking for this? Is there a demand in the market for this level of traceability, scrutiny, immutability, [and] transparency? Or is this really very experimental at this time?

Nagarajan: Well, let me tell you, right now, we are at the phase where everyone is experimenting with AI, right? Everyone that you talk to. That's great. But, people are all struggling to take it into production because they don't have the right governance frameworks and works in place.

When I say governance, there's really about two parts to it. There's one as the organizational governance. When I say organizational governance, these are the policies, processes, people, enablement, training, ethics, and bias policies that you have to have in place to say, "Hey, this is acceptable; this is not acceptable." And the right organizational structure to say, "When something goes wrong, who's accountable for it, who's responsible for correcting it?"

And then the other side of it is the tooling. And, this is where we're talking about the continuous testing frameworks, the continuous ability to say whether your model is compliant or not, and the model lifecycle itself to be able to manage it. This is within an organization. Now, the third level, or the one on top of it, is bringing in the blockchain layer, right? That establishes the ability to do auditability, version control across multiple organizations, and the like.

So your question of, "Is the market here or are we just approving at the ends?" In my opinion, I think the market is here. Everyone that's experimenting with it has to go into production to see [the] value, and if they want to go into production, they have to go into production; they have to address all of these things. And, more and more, the multi-organizational handoffs is going to become real, than just a small, tiny AI product that I thought up, and I just want to test it out in the market. So that's going to happen.

IBM Consulting's point of view is that: we bring in that thought leadership, we have experience doing trusted data, as well as AI and AI governance in the market, and frankly, we have to eat our own dog food. Which means our own organization builds large AI models. We have something called Ask HR that talks about all our HR functions is now delivered through AI, right? So we put all those practices that we talked about in use within our organization and make it real.

Berlind: Yeah, I want to come back to that, the point you made about governance. It seems to me, that this is so new that a lot of organizations and enterprises, some of them IBM's customers, maybe don't even know enough to know that they need to be thinking about the governance of the whole thing. There could be departments or some within a company just the same way a lot... If we go back just 10 years [ago] or so, where suddenly the IT director or the CIO was out of the loop on a lot of IT decisions that were getting made by departments and divisions across an organization. The same thing could be true here. I mean, people could just start using AI without really getting anybody in the decision. It sounds to me like a fair amount of education needs to take place. It says, "Hey guys, full stop, put the brakes on, let's slow down." Because this is this whole governance thing you need to be thinking about before you just put AI into production, would that be...

Nagarajan: Well, David, you're spot on. That's the reality because, think of it. When you're talking about copyrights, it's the Chief Legal Officer.

Berlind: Right.

Nagarajan: When you're talking about regulatory compliance, It's the Risk Officer. You're talking about consent and privacy. It's the Privacy Officer, and then you're you're talking about data. It's chief Data Officer. So...

Berlind: But do all these personas that you're describing, do they even know enough...?

Nagarajan: Yeah...

Berlind: ...to know to know to say, "Hold on a second. Um, guys? Can we talk governance a little bit here, because..."

Nagarajan: This is why there is an organizational education top down that needs to happen, and that's what we're trying to bring in — that framework, that process, that policies are more important as much as the tooling and the technology itself.

Berlind: So, do you have a slide deck? Are you the guy who goes into some of these big global enterprises and say, "Let's talk about governance," and you go through 10 or 15 slides, and suddenly everybody has an a-ha moment, and next thing there's a big conversation going, is that how it works?

Nagarajan: Well, I definitely have a slide deck, but I don't use that that often. It's more about stories and education and it starts to stop down, right? And inherently, a lot of people understand it, but they struggle with operationalizing it, and that's where our experience ends and our expertise comes in.

Berlind: Okay, well, Shyam Nagarajan, the global leader for the Blockchain and Responsible AI practice at IBM Consulting. I want to thank you very much for joining us here on the Blockchain Journal podcast.

Nagarajan: Well, thank you very much, David, for having me back.

Berlind: Yeah, it's great to have you. Maybe we'll do this again in a year or so.

Nagarajan: Sounds good.

Berlind: Yeah, so okay. For anybody who's watching this, by the way, we'll put some QR codes up at the end so that if you want to get in touch with Shyam, you'll be able to find him on social media, LinkedIn, Twitter, etc. ... or should say X.

Also, you'll see a bunch of QR codes for where you can find our content. You can find not only this video and other videos on Blockchain Journal itself, but you can also find us on YouTube. And by the way, all of our video content is repurposed as audio-only and available at podcasts on your favorite podcasting platform, [it] could be Spotify, [it]could be Apple Podcasts. You take your pick; we're on all of them. And so we'll give you all that information at the end here.

You can always come back to blockchainjournal.com to find all of our interviews and all of our other technical content as well as our famous Enterprise Blockchain Adoption Tracker where we keep track of all the big global brands and enterprises, and what they're doing with blockchain.

So thanks very much for joining us, and we'll see you at the next video.