Foundation models--such as GPT, CLIP, and DINO--have achieved revolutionary progress in the past several years and are commonly believed to be a promising approach for general-purpose AI. In particular, self-supervised learning is adopted to pre-train a foundation model using a large amount of unlabeled data. A pre-trained foundation model is like an ``operating system'' of the AI ecosystem. Specifically, a foundation model can be used as a feature extractor for many downstream tasks with little or no labeled training data. Existing studies on foundation models mainly focused on pre-training a better foundation model to improve its performance on downstream tasks in non-adversarial settings, leaving its security and privacy in adversarial settings largely unexplored. A security or privacy issue of a pre-trained foundation model leads to a single point of failure for the AI ecosystem. In this book chapter, we discuss 10 basic security and privacy problems for the pre-trained foundation models, including six confidentiality problems, three integrity problems, and one availability problem. For each problem, we discuss potential opportunities and challenges. We hope our book chapter will inspire future research on the security and privacy of foundation models.

翻译：基础模型——如GPT、CLIP和DINO——在过去几年中取得了革命性进展，被普遍认为是实现通用人工智能的有前景路径。具体而言，自监督学习被用于利用大量无标注数据预训练基础模型。预训练的基础模型如同AI生态系统的“操作系统”，可作为特征提取器用于众多下游任务，且仅需少量甚至无需标注训练数据。现有关于基础模型的研究主要聚焦于预训练更优的基础模型以提升其在非对抗环境下下游任务的表现，而其在对抗环境下的安全与隐私问题尚未得到充分探索。预训练基础模型的安全或隐私漏洞将导致AI生态系统的单点故障。在本章中，我们探讨了预训练基础模型的10个基本安全与隐私问题，包括6个机密性问题、3个完整性问题及1个可用性问题。针对每个问题，我们讨论了潜在机遇与挑战。希望本章能够启发未来关于基础模型安全与隐私的研究。