Deep learning has been changing the world these past few years, from the generation of life-like pictures from simple text with DALL.E 2 to FDA-approved AI to detect atrial fibrillation.
However, if data is the new oil of the AI revolution, getting access to this precious resource can be a challenge in regulated and sensitive domains such as healthcare, biometrics, or finance.
Indeed, owners of the data, be it, consumers, companies, or hospitals, can be reluctant to share the data required for the AI models to improve, as they fear exposing their data to the AI companies, or to the Cloud providers providing the infrastructure. Because of the security and privacy issues regarding confidential data sharing with third parties, data access can be complicated or even impossible, making AI progress slow.
To see how those issues emerge, let's imagine a hospital wants to send a chest X-ray to a medical AI provider in order to have another perspective. The hospital sends it to the AI provider, where it is analyzed, then the provider returns the results to the doctor.
While traditional solutions can help protect data while stored on the hospital premise, with disk encryption, or while sent through the network, with TLS, there are no guarantees regarding data protection while it is being manipulated in the Cloud used by the AI provider.
This happens because data needs to be made available to the AI provider for them to use the AI on the medical image, but this means that this last mile is not protected and data can be misused or stolen, without the hospital or patient knowledge or consent.
Daniel Quoc Dung Huynh, CEO & Co-founder of Mithril Security, recognized the challenges surrounding data privacy during his internship at Microsoft in 2020, following his studies at Ecole Polytechnique, France's best engineering school. At Microsoft, he worked on many projects that involved Privacy Enhancing Technologies (PETs), such as Homomorphic Encryption, Secure Multiparty Computing, and Trusted Execution Environments.
All those technologies have the same objective: how do I enable a third party to analyze my data, for instance, to apply an AI on it, without having to trust them with the data in clear? By leveraging state-of-the-art software or hardware techniques, those technologies enable data to become end-to-end encrypted, even when we share it with someone else for analysis.
End-to-end encryption means that someone can provide you with a service, without the service provider having access in clear to the data they manage because they don't have access to the decryption keys. One known example in most people's pockets is secure messaging apps, such as Signal or Whatsapp, which provide a messaging service to their users, without them ever having access to the data in clear.
PETs potentially open the way for AI-fueled products, such as personal assistants or cancer diagnosis aids, to create great value, while ensuring that the data is never exposed in clear to anyone else, for maximal privacy and security.
At the end of his internship, Daniel felt that there was no accessible PET-based solution for data scientists to train and deploy state-of-the-art AI models available with privacy. What was available were mostly obscure R&D projects able only to run toy models, were hard to use, and were too slow for practical deployment (they often incur a 10,000 times slowdown).
That is why he set himself on a mission make AI privacy easy and founded Mithril Security in 2021. Wielding both his engineer and business developer hats, Daniel bridges the gaps between the technology and the business, as he connects the needs of customers and helps infuse the right features in their products.
Mithril Security develops open-source tools for data scientists to train and deploy AI models on confidential data. By leveraging Trusted Execution Environments, their products enable data to be shared with AI models, without exposing data to anyone else in clear.
Their first product, BlindAI, is an open-source solution to deploy AI models with privacy. Cutting-edge AI, such as OpenAI Whisper model, can be deployed with BlindAI to provide state-of-the-art speech recognition systems while providing guarantees that the audio data is never revealed to anyone else. This could for instance be used for therapy transcription, to help therapists analyze the content of their sessions while maintaining patient-doctor privilege, as those recordings are no longer accessible to AI companies or Cloud providers.
Their second product, BastionAI, is an open-source framework to train AI models on confidential data. In several scenarios, data can be siloed in different places, such as competing hospitals, which makes collaboration difficult. Pooling data to train a joint model, for instance, a breast cancer detection model, can help each hospital treat its patients better. However, IP and confidentiality issues arise if each hospital cannot have guarantees that their data remains secure if they start sharing it. BastionAI answers this issue and helps train AI models on sensitive data by providing a secure environment for data owners to share their data while ensuring it remains encrypted and its usage is limited strictly to the training of an AI model they approved.
Daniel's vision remains simple: democratize privacy-friendly AI by providing open-source tools easy to use by data scientists, while ensuring the highest level of security and privacy for users' data.
