Researchers are tackling the important challenge of validating the reliability of increasingly powerful generative AI models. Prach Chantasantitam, Adam Ilyas Caulfield, and Vasisht Duddu from the University of Waterloo introduce PAL along with Lachlan J. Gunn and N. Asokan from Aalto University.M is a new property proofing framework specifically designed for large-scale generative models, such as large-scale language models. This work is important because existing methods grapple with the scale and complexity of these systems, hindering accountability and compliance with new regulations. PalM establishes a robust system for proving model and data integrity, leveraging confidential virtual machines and efficient hashing techniques to ensure both security and scalability, paving the way for responsible AI adoption.
This work is important because existing methods grapple with the scale and complexity of these systems, hindering accountability and compliance with new regulations.
PAL\*M framework for generative model accountability is very important
This groundbreaking research addresses critical gaps in current approaches that struggle to support the complexity of generative models and the huge scale of modern datasets. PalM has implemented a proprietary solution for tracking data integrity. It is an incremental multiset hash applied to a memory mapped dataset. This enables efficient monitoring even when datasets exceed the capacity of trusted execution environment (TEE) memory. Innovation at the core of PALM lies in its ability to handle large randomly accessed datasets. This has been a major challenge for traditional authentication methods. Researchers use incremental multiset hash functions to construct representative measurements of these datasets in external storage, ensuring secure integrity tracking at runtime.
Additionally, the framework defines a way to incorporate proof evidence from the GPU to measure properties of generative model operations without compromising sensitive details. This is enabled by TEE-enabled GPUs that efficiently and securely ensure the integrity of heterogeneous computing environments. In this work, we establish a property authentication protocol that shows how these measurements and outputs can be combined to prove that the data and models were generated using a PAL*M-powered CPU-GPU configuration. Implementation of the framework using real-world datasets and models confirms its ability to meet all specified requirements for robust property proofs.
Specifically, this study details how PAL*M can be used to verify operations such as fine-tuning, quantization, and even a complete LLM chat session. All without having to reveal sensitive data or model parameters to the verifier. This is particularly important given new regulations such as the EU’s AI legislation, which requires proof of model properties related to accuracy, training procedures, and data provenance. This work opens up exciting possibilities for building trust and transparency in AI systems. By providing a secure and verifiable record of model properties, PAL*M facilitates regulatory and policy accountability and enables the responsible deployment of generative models across critical domains such as healthcare, finance, and autonomous systems.
researchers. Experiments reveal that PAL*M can effectively address the limitations of existing approaches in dealing with generative models and extensive datasets. According to our data, for dataset authentication, our framework achieves 62% to 70% overhead during hashing operations. This is primarily a task with preprocessing the distribution and proofing of initial attributes related to future use of the dataset. The team measured that parallelizing the dataset lookup iterations across eight cores significantly improved performance, especially for the memory-mapped approach. This shows superior I/O scaling compared to in-memory methods.
Measurements confirm that the memory-mapped approach reduces memory usage from 85-87 GB to just 4 GB, significantly reducing resource requirements. The results show that the overhead during the fine-tuning proof is minimal, with values below 1.35% for all tested models (Llama-3.1-8B, Gemma-3-4B, and Phi-4-Mini). The team logged a total of 268.81 minutes to fine-tune Llama-3.1-8B using the in-memory approach, which increased slightly to 269.15 minutes using the memory-mapped version. Evaluation evidence using the MMLU benchmark shows an overhead of 3.81 to 5.06% for the in-memory case, while an overhead of 10.03 to 11.84% for the memory-mapped case. Tests demonstrate that the measurement overhead for single-prompted inference proofs is quite large, reaching 64.34% on Llama-3.1-8B, but the proof overhead is consistent. However, when applied to inference sessions where authentication is performed only after every interaction, the measured overhead drops dramatically to 11.03% for Llama-3.1-8B, 3.57% for Gemma-3-4B, and 6.28% for Phi-4-Mini, highlighting the adaptability and efficiency of the framework in realistic scenarios.
PAL\*M verifies the training integrity of large models in a comprehensive manner
This system addresses a critical gap in current approaches that struggle to cope with the scale and complexity of these models and their associated datasets. PAL*M establishes a method for validating properties through both training and inference stages, ensuring accountability and compliance with new regulations. Importantly, PAL*M employs incremental multiset hashing on memory-mapped datasets, which eliminates the need for the entire dataset to reside in main memory and enables efficient tracking of data integrity. They also suggest that future research may consider applying PAL*M to other types of generative models beyond large-scale language models, expanding its potential impact. This effort represents an important step toward building trusted and accountable AI systems, providing a robust mechanism to verify the integrity of both data and models used in critical applications.
