Google DeepMind And Hugging face just published SynthID texta tool for tagging and recognizing text generated by large language models (LLMs). SynthID Text encodes a watermark into AI-generated text in order that it could possibly be determined whether it was created by a particular LLM. More importantly, this happens without changing how the underlying LLM works or affecting the standard of the text generated.
The technology behind SynthID Text was developed by researchers at DeepMind and presented in a Article published in Nature on October twenty third. An implementation of SynthID Text has been added to Hugging Face's Transformers library, used for constructing LLM-based applications. It's value noting that SynthID isn’t intended to acknowledge text generated by an LLM. It is used to watermark the output for a selected LLM.
Using SynthID doesn’t require retraining of the underlying LLM. It uses numerous parameters to configure the balance between watermark strength and responsiveness retention. An organization using LLMs could have different watermark configurations for various models. These configurations must be stored securely and privately to avoid replication by others.
For each watermark configuration, you might want to train a classification model that takes a text sequence and determines whether or not it accommodates the model's watermark. Watermark detectors may be trained with a number of thousand examples of normal text and responses watermarked with the desired configuration.
We used open source @GoogleDeepMindSynthID is a tool that permits model builders to embed and detect watermarks in text output of their very own LLMs. Further details published in @Nature Today: https://t.co/5Q6QGRvD3G
— Sundar Pichai (@sundarpichai) October 23, 2024
This is how SynthID Text works
Watermarking is an lively area of research, especially with the emergence and adoption of LLMs in various fields and applications. Companies and institutions are on the lookout for ways to acknowledge AI-generated text to forestall mass misinformation campaigns, moderate AI-generated content, and stop using AI tools in education.
There are several techniques for watermarking LLM-generated text, each with limitations. Some require collecting and storing sensitive information, while others require computationally intensive processing after the model generates its response.
SynthID uses “generative modeling,” a category of watermarking techniques that don’t affect LLM training and only modify the model’s sampling method. Generative watermarking techniques modify the subsequent token generation procedure to make subtle, context-specific changes to the generated text. These changes create a statistical signature within the generated text while maintaining its quality.
A classification model is then trained to detect the statistical signature of the watermark to find out whether the model generated a solution or not. A key advantage of this system is that watermark detection is computationally efficient and doesn’t require access to the underlying LLM.
SynthID Text builds on previous work on generative watermarking and uses a novel sampling algorithm called “Tournament Sampling,” which uses a multi-step process to pick the subsequent token when creating watermarks. The watermarking technique uses a pseudo-random function to increase the generation technique of an LLM in order that the watermark is imperceptible to humans but visible to a trained classifier model. By integrating with the Hugging Face library, developers can easily add watermarking functionality to existing applications.
To reveal the feasibility of watermarking in large-scale production systems, DeepMind researchers conducted a live experiment evaluating feedback from nearly 20 million responses generated by Gemini models. Their results show that SynthID was able to take care of response qualities while remaining recognizable to their classifiers.
According to DeepMind, SynthID text was used to watermark Gemini and Gemini Advanced.
“This serves as practical evidence that generative text watermarking may be successfully implemented and scaled to real-world production systems, serving thousands and thousands of users and playing a vital role in identifying and managing artificial intelligence-generated content,” they write of their paper.
restrictions
According to the researchers, SynthID Text is strong to some post-generation transformations, equivalent to cropping parts of text or changing some words within the generated text. It can also be immune to paraphrasing to some extent.
However, the technology also has some limitations. For example, it’s less effective for queries that require factual answers and doesn’t provide room for change without compromising accuracy. They also warn that the standard of the watermark detector can drop significantly if the text is thoroughly rewritten.
“SynthID Text isn’t designed to directly deter motivated adversaries from causing harm,” they write. “However, it could possibly make it harder to make use of AI-generated content for malicious purposes and may be combined with other approaches to offer higher coverage across all content types and platforms.”
