AI Software Should be More Like Plain Old Software

by Emery Berger and Ben Zorn on Apr 23, 2024 | Tags: Computer Systems, deep neural networks, Machine Learning, Programming

Large Language Models (LLMs) and other foundation models have revolutionized what is possible to implement in software.  On a regular basis, new AI models with ever greater capabilities, such as converting text to video, are rolled out.  This disruption is so striking that new terminology is needed.  We refer to traditional software – the kind that does not call LLMs at runtime – as Plain Old Software (POSW). We call software that exploits LLMs during execution as AI Software (AISW).

One key reason we distinguish these two types is that, even though AISW greatly expands the kind of software that is possible to implement, AISW relinquishes the guarantees we have become accustomed to with POSW.  Systems researchers have invested decades of effort into ensuring that POSW has robustness, privacy, security, and other guarantees that are implemented throughout the system stack. For example, hardware supports a separation of code and data with an “execute bit” that can successfully prevent many code exploit attacks.  But AISW is susceptible to analogous attacks. AISWs are driven by prompts.  If a prompt includes both a task description (“summarize this document”) and data (the document itself), AISWs can suffer from a “prompt injection” attack because they cannot easily determine if the document also contains additional potentially adversarial commands.

Carrying over the guarantees of POSW to AISW will require engagement and innovation from the research community and other disciplines across computer science including HCI, AI, etc. Only through a deep collaboration between these communities can these challenges be overcome. We outline here some of the implications of the shift from POSW to AISW to inform researchers on the needs and challenges of building a robust AISW infrastructure going forward.

Leave a Comment