Generative AI (GenAI) radically expands the scope and capability of automation for work, education, and everyday tasks, a transformation posing both risks and opportunities for human cognition. How will human cognition change, and what opportunities are there for GenAI to augment it? Which theories, metrics, and other tools are needed to address these questions? The CHI 2025 workshop on Tools for Thought aimed to bridge an emerging science of how the use of GenAI affects human thought, from metacognition to critical thinking, memory, and creativity, with an emerging design practice for building GenAI tools that both protect and augment human thought. Fifty-six researchers, designers, and thinkers from across disciplines as well as industry and academia, along with 34 papers and portfolios, seeded a day of discussion, ideation, and community-building. We synthesize this material here to begin mapping the space of research and design opportunities and to catalyze a multidisciplinary community around this pressing area of research.

The advent of large language models (LLMs) has revolutionized the field of natural language processing, yet they might be attacked to produce harmful content.Despite efforts to ethically align LLMs, these are often fragile and can be circumvented by jailbreaking attacks through optimized or manual adversarial prompts.To address this, we introduce the Information Bottleneck Protector (IBProtector), a defense mechanism grounded in the information bottleneck principle, and we modify the objective to avoid trivial solutions.The IBProtector selectively compresses and perturbs prompts, facilitated by a lightweight and trainable extractor, preserving only essential information for the target LLMs to respond with the expected answer.Moreover, we further consider a situation where the gradient is not visible to be compatible with any LLM.Our empirical evaluations show that IBProtector outperforms current defense methods in mitigating jailbreak attempts, without overly affecting response quality or inference speed. Its effectiveness and adaptability across various attack methods and target LLMs underscore the potential of IBProtector as a novel, transferable defense that bolsters the security of LLMs without requiring modifications to the underlying models.

Most of us have at least one young woman in our lives that we cherish -- a daughter, niece or goddaughter, for example. Well, this International Women's Day, I learned something that should be concerning to us all. Fully 96% of all deepfakes -- artificial intelligence-generated images and videos that use someone's likeness -- are pornographic and target women without their consent. One well-known case involved an Australian law student who discovered that manipulated pornographic images of her were being shared online when she was just 18. But this isn't an isolated incident.

Model stealing attack is increasingly threatening the confidentiality of machine learning models deployed in the cloud. Recent studies reveal that adversaries can exploit data synthesis techniques to steal machine learning models even in scenarios devoid of real data, leading to data-free model stealing attacks. Existing defenses against such attacks suffer from limitations, including poor effectiveness, insufficient generalization ability, and low comprehensiveness. In response, this paper introduces a novel defense framework named Model-Guardian. Comprising two components, Data-Free Model Stealing Detector (DFMS-Detector) and Deceptive Predictions (DPreds), Model-Guardian is designed to address the shortcomings of current defenses with the help of the artifact properties of synthetic samples and gradient representations of samples. Extensive experiments on seven prevalent data-free model stealing attacks showcase the effectiveness and superior generalization ability of Model-Guardian, outperforming eleven defense methods and establishing a new state-of-the-art performance. Notably, this work pioneers the utilization of various GANs and diffusion models for generating highly realistic query samples in attacks, with Model-Guardian demonstrating accurate detection capabilities.

Predictive machine learning models are becoming increasingly deployed in high-stakes contexts involving sensitive personal data; in these contexts, there is a trade-off between model explainability and data privacy. In this work, we push the boundaries of this trade-off: with a focus on foundation models for image classification fine-tuning, we reveal unforeseen privacy risks of post-hoc model explanations and subsequently offer mitigation strategies for such risks. First, we construct VAR-LRT and L1/L2-LRT, two new membership inference attacks based on feature attribution explanations that are significantly more successful than existing explanation-leveraging attacks, particularly in the low false-positive rate regime that allows an adversary to identify specific training set members with confidence. Second, we find empirically that optimized differentially private fine-tuning substantially diminishes the success of the aforementioned attacks, while maintaining high model accuracy. We carry out a systematic empirical investigation of our 2 new attacks with 5 vision transformer architectures, 5 benchmark datasets, 4 state-of-the-art post-hoc explanation methods, and 4 privacy strength settings.

The explosion of consumer-facing tools that offer generative AI has created plenty of debate: These tools promise to transform the ways in which we live and work while also raising fundamental questions about how we can adapt to a world in which they're extensively used for just about anything. As with any new technology riding a wave of initial popularity and interest, it pays to be careful in the way you use these AI generators and bots--in particular, in how much privacy and security you're giving up in return for being able to use them. It's worth putting some guardrails in place right at the start of your journey with these tools, or indeed deciding not to deal with them at all, based on how your data is collected and processed. Here's what you need to look out for and the ways in which you can get some control back. Make sure AI tools are honest about how data is used. Checking the terms and conditions of apps before using them is a chore but worth the effort--you want to know what you're agreeing to.

In today's digital world, it is more important than ever to ensure that your data is protected especially with the rise of machine learning also known as artificial intelligence (AI). Machine learning is a popular technology topic as it's becoming a part of our daily lives and can potentially have powerful implications for good and evil. In case you are not familiar with the terms machine learning or artificial intelligence, it is having the ability to train a computer to do something and learn over time so down the road it can infer what to do when faced with a basic task. Just a few examples of common consumer facing artificial intelligence machines are Apple's Siri, Google Assistant and Amazon's Alexa. With these machines learning our habits and likes/dislikes overtime, we are able to make our daily lives easier whether it's getting an answer to a question, directions to a local store or restaurant recommendations.

Used for both patient diagnosis and treatment, artificial intelligence (AI) is increasingly being adopted in the healthcare sector. With recent developments enabling AI to outperform expert radiologists at spotting breast cancer and diagnose deadly blood diseases at a faster rate than humans, investment in such technologies is set to increase significantly over the next five years. The use of AI is improving diagnostics, patient care, and clinical decision support across the medical field. In fact, in light of the current pandemic, industry spending on such technologies is set to reach more than $2 billion in the next five years–a testament to AI's potential to unlock significant medical breakthroughs. However, AI is also proving crucial in protecting the very systems which power these healthcare advances.

When we think about the future of our world and what exactly that looks like, it's easy to focus on the shiny objects and technology that make our lives easier: flying cars, 3D printers, digital currencies and automated everything. In the opening scene of the animated film WALL-E – which takes place in the year 2805 – a song from "Hello, Dolly!" happily plays in the background, starkly contrasting the glimpse we get of our future planet Earth: an abandoned wasteland with heaping piles of trash around every corner. Humans had all evacuated Earth by this point and were living in a spaceship, where futuristic technology and automation left them overweight, lazy and completely oblivious to their surroundings. Machines do everything for them, from the hoverchairs that carry them around, to the robots that prepare their food. Glued to their screens all day, which have taken control of their lives and decisions, humans exhibit lazy behaviors like video chatting the person physically next to them.

A.I. and I.A. are the future of business. Nevertheless, inevitability doesn't automatically equate to safety. On the contrary, businesses must make a concerted effort to protect their customer data as they come to rely more heavily on A.I.-enhanced automated processes. Safety must go hand in hand with advancement as businesses charge ahead to the brave new world that the future holds.