Google LLC’s two major research units have made a significant advance in the area of large language model privacy with the introduction of a new model called VaultGemma, the world’s most powerful “differentially private LLM.”
It’s a 1 billion-parameter model built on Google’s Gemma architecture that uses advanced mathematical algorithms to prevent sensitive data from being leaked. Differential privacy is a mathematical algorithm that’s used to protect privacy when sharing data by ensuring that the inclusion or exclusion of an individual piece of information does not significantly affect the overall results. That’s achieved by adding controlled noise to the dataset, which makes it difficult for anyone to identify specific information within it.
The technique has long been used in regulated industries to secure sensitive information, and it has enormous potential for AI privacy too. However, applying it to LLMs has proven to be challenging, leading to tradeoffs in the stability and efficiency of models. VaultGemma is designed to overcome these issues and enables the use of differential privacy without any performance hit.
AI privacy without tradeoffs
VaultGemma was developed by Google Research in collaboration with Google DeepMind. The researchers said in a blog post Friday that they focused on eliminating the compute-privacy-utility tradeoffs that are inherent in differentially private training.
The challenge they faced is that traditional scaling laws, which predict AI model performance based on compute resources and data size, don’t stand up when differential privacy is applied, because of the increased noise and larger batch sizes. As a result, the team designed new scaling laws that take into account these factors to enable the development of larger, more capable private LLMs.
VaultGemma was trained from scratch using a differential privacy framework to ensure that it cannot remember or leak sensitive data. This is a critical feature that can have serious implications for AI applications in regulated industries such as finance and healthcare, the researchers said.
In Google’s evaluations on several benchmarks, such as MMLU and Big-Bench, VaultGemma demonstrated a level of performance that far surpasses earlier differentially private models, more comparable with nonprivate LLMs with similar numbers of parameters, without sacrificing privacy. For instance, the results showed that it rivals the capabilities of earlier nonprivate Gemma models on tasks such as reasoning and question answering, but without any risk of exposing its training data.
One of the key innovations in VaultGemma saw the researchers adapt its training protocols to deal with the instability caused by the addition of noise. Google’s research shows how differential privacy alters the learning dynamics of LLMs. As such, differentially private models require larger batch sizes with millions of examples to stabilize training. This usually means greater computational demands, but the researchers came up with a few tricks to mitigate these costs that could potentially lower the barrier to adoption of private models.
Architecturally, VaultGemma is a decoder-only transformer model based on Google’s Gemma 2 architecture, featuring 26 layers and using Multi-Query Attention. One of the key design choices was to limit the sequence length to just 1,024 tokens, which helps manage the intense computational requirements of private training, the researchers said. The development was guided by a novel set of “DP Scaling Laws,” which provides a framework for balancing the tradeoffs among compute power, privacy budget and model utility.
Advancing private AI
Google’s researchers said they’re making VaultGemma, along with its weights and codebase, available under an open-source license on Hugging Face and Kaggle, in order to democratize access to private AI. That step is in direct contrast with Google’s usual approach, with its most powerful proprietary LLMs such as Gemini Pro classic examples of an AI “black box.”
Likely the decision to open source VaultGemma is a strategic move by Google to try to establish a lead in AI privacy ahead of evolving regulations and accelerate innovation in industries where data sensitivity concerns typically prevent it. Google’s scaling laws for differential privacy should be applicable to much larger private LLMs, potentially up to trillions of parameters, the researchers say. As enterprises grapple with data privacy concerns, VaultGemma can serve as a blueprint for secure AI innovation.
Already, Google is looking at the possibility of collaborating with major healthcare providers, and envisions VaultGemma being used to analyze sensitive patient data without any risk of a privacy breach.
VaultGemma may also have implications for ethical AI. By refusing to reveal its training data, the model mitigates the risk of misinformation and bias amplifications, which could help to further the advancement of responsible AI models, Google’s researchers said.
Images: Google
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
