Intent to Prototype: Rewriter API

瀏覽次數:924 次
跳到第一則未讀訊息

Domenic Denicola

未讀,
2024年8月22日 凌晨2:28:488月22日
收件者:blink-dev

Contact emails

dom...@chromium.orgfer...@chromium.orgkenji...@chromium.orgho...@chromium.org

Explainer

https://github.com/explainers-by-googlers/writing-assistance-apis/blob/main/README.md

Specification

None yet, but looking forward to writing one

Summary

A JavaScript API for transforming and rephrasing input text in the requested ways, backed by an AI language model.


Blink component

Blink>AI>Rewrite

Motivation

Browsers and operating systems are increasingly expected to gain access to a language model. By exposing this built-in model, we avoid every website needing to download their own multi-gigabyte language model, or send input text to third-party APIs. The rewriter API in particular exposes a high-level API for interfacing with a language model in order to transform inputs for a variety of use cases [1], in a way that does not depend on the specific language model in question. [1]: https://github.com/explainers-by-googlers/writing-assistance-apis/blob/main/README.md#rewriter-api


Initial public proposal

https://github.com/WICG/proposals/issues/163

TAG review

None yet; waiting to move to WICG first

TAG review status

Pending

Risks



Interoperability and Compatibility

This feature has definite interoperability and compatibility risks, due to the likelihood that different implementations will use different language models, prompts, and fine-tunings, and even within a single implementation such as Chrome, these pieces will likely change over time. Additionally, not all browsers and operating systems will have a built-in language model to expose, and not all devices will be able to run one. We are taking a variety of steps to attempt to mitigate these risks. For example, the specification is designed to allow the API to be backed by a cloud-based language model, which could help extend it to more users. And the high-level nature of the API, which hides the details of the specific language model, prompts, etc., makes it harder for developers to depend on specific outputs: they are just getting a rewrite, and not e.g. structured data. Finally, the API surface is designed with many clear points of failure, that encourage the developer to probe for capabilities ahead of time and fall back to other techniques if a capability is not available. Nevertheless, interoperability and compatibility risk remains high for these sorts of APIs, and we'll be closely monitoring it during the prototyping period.


Gecko: No signal; waiting to move to WICG before asking

WebKit: No signal; waiting to move to WICG before asking

Web developers: No signals/weak mixed signals. We have many private expressions of interest in the use case, but initial public reaction to the specific API in https://github.com/WICG/proposals/issues/163 has been mixed.

Other signals:

Activation

This feature would definitely benefit from having polyfills, backed by any of: cloud services, lazily-loaded on-device models using WebGPU, or the web developer's own server. We anticipate seeing an ecosystem of such polyfills grow as more developers experiment with this API.


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None


Debuggability

It is possible that giving DevTools more insight into the nondeterministic states of the model, e.g. random seeds, could help with debugging. See related discussion at https://github.com/explainers-by-googlers/prompt-api/issues/9.


Is this feature fully tested by web-platform-tests?

No

We hope to work on web platform tests for this feature, but how much we can guarantee as testable beyond the surface API is unclear, given the nondeterministic nature of the output.


DevTrial instructions

https://docs.google.com/document/d/1wIoSQx29-WBlEDO297iF9a43DXUcbjxJqctdGxcXY6I/edit?usp=sharing

Flag name on chrome://flags

rewriter-api-for-gemini-nano

Finch feature name

EnableAIRewriterAPI

Requires code in //chrome?

True

Tracking bug

https://issues.chromium.org/issues/358214322

Estimated milestones

DevTrial on desktop129


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5112320150470656?gate=5156545160282112

This intent message was generated by Chrome Platform Status.

Tom Jones

未讀,
2024年8月22日 下午1:46:048月22日
收件者:Domenic Denicola、blink-dev
It seems to me that the security and privacy risks in this proposal are gigantic.  Cross site scripting attacks have been difficult to block and now the suggestion is to allow some AI, which may change from day to day to insert attacks.
Peace ..tom jones


--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-1W7%3Dt-em4tpr71xdYLia-LQM5E0VWbARSZmUC2xvQuA%40mail.gmail.com.

Domenic Denicola

未讀,
2024年8月22日 晚上8:05:528月22日
收件者:pe...@acm.org、Domenic Denicola、blink-dev
On Fri, Aug 23, 2024 at 2:45 AM Tom Jones <thomascli...@gmail.com> wrote:
It seems to me that the security and privacy risks in this proposal are gigantic.  Cross site scripting attacks have been difficult to block and now the suggestion is to allow some AI, which may change from day to day to insert attacks.

Can you point to the part of the proposal where an AI inserts attacks? There's no API here for inserting content into the DOM at all, so I can't understand what you're thinking of...

Tom Jones

未讀,
2024年9月12日 凌晨12:44:319月12日
收件者:Domenic Denicola、pe...@acm.org、blink-dev
I guess you guys miss the point.  I ABSOLUTELY demand the right to block any website from running anything they choose through my local AI to what I would see if they asked me that question. So the first thing any website would do is first figure out what my local AI would say about a query until they found one that would give access to my stuff.   This is nuts.  Please stop it now.

Peace ..tom jones


Domenic Denicola

未讀,
2024年9月12日 凌晨12:56:259月12日
收件者:pe...@acm.org、Domenic Denicola、blink-dev
On Thu, Sep 12, 2024 at 1:44 PM Tom Jones <thomascli...@gmail.com> wrote:
I guess you guys miss the point.  I ABSOLUTELY demand the right to block any website from running anything they choose through my local AI to what I would see if they asked me that question. So the first thing any website would do is first figure out what my local AI would say about a query until they found one that would give access to my stuff.   This is nuts.  Please stop it now.

Sorry, I still don't understand what you're talking about. Can you give some sample code using the proposed API that would do something bad, like "give access to my stuff"?

Reilly Grant

未讀,
2024年9月12日 下午4:10:109月12日
收件者:Domenic Denicola、pe...@acm.org、blink-dev
I think there's a misunderstanding here about how this API uses an on-device AI model. This API takes a piece of input text and a set of rewriting options (e.g. "rewrite this in a more/less formal style"), passes them to a generic AI model which has been trained for the task of rewriting text, and returns the result to the calling site. There are no other inputs to the model. The model does not have access to any other data on your system. We aren't giving sites the ability to chat up your secretary and try to get them to spill your secrets. This is an algorithm with well-defined inputs and outputs.
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome


Tom Jones

未讀,
2024年9月12日 下午5:08:039月12日
收件者:Reilly Grant、Domenic Denicola、pe...@acm.org、blink-dev
yes there is a misunderstanding - i got the idea that the website's api could ask for the AI model it wanted - that would be a disaster.
What does the website's API specifical have access to?
I was about to ask the W3C security guy to take a look at this.

Peace ..tom jones


回覆所有人
回覆作者
轉寄
0 則新訊息