In a lab at MIT, researchers have harnessed the quantum properties of light to solve one of AI’s thorniest problems—how to protect sensitive data without undermining the power of modern deep-learning models. Hospitals, for example, could soon use cloud-based AI tools to analyze confidential patient data while ensuring that private information stays private. It’s a breakthrough that blends physics and machine learning, where the fundamental properties of light itself play a starring role.

MIT’s new quantum protocol works by encoding data into laser light and then transmitting it over optical fibers. This light-based encoding not only makes data undetectable to eavesdroppers but, the researchers say, preserves the full power of AI models—without letting anyone, including hackers, peek under the hood.

“Deep learning models like GPT-4 have unprecedented capabilities but require massive computational resources. Our protocol enables users to harness these powerful models without compromising the privacy of their data or the proprietary nature of the models themselves,” explains Kfir Sulimany, an MIT postdoc and lead author of the new study.

AI Security Through Quantum Physics

In a typical AI setup, a central server holds the deep-learning model, while a client—say, a hospital—has sensitive data that needs to remain private. The hospital might want the server’s AI to analyze medical scans, looking for signs of disease without revealing patient information. At the same time, the AI company wants to protect its model, a prized intellectual property built with years of research.

“Both parties have something they want to hide,” co-author Sri Krishna Vadlamani says.

The researchers use a principle from quantum mechanics called the “no-cloning theorem,” which states that quantum data can’t be perfectly copied. By encoding a model’s “weights”—the mathematical building blocks that do the computation in deep learning—into light, the protocol ensures that data remains secure on both ends. Neither side can make a copy of what they’re receiving.

In this setup, the server sends the model’s weights, encoded in laser light, to the client — but the client can only measure the light necessary to run one layer of the neural network at a time, making it impossible to piece together the whole model. Meanwhile, as the client processes their data, they send residual light back to the server, which then checks it for subtle signs of interference—an error-checking process that reveals if someone tried to tamper with the model.

AI and Data Privacy

The protocol doesn’t require specialized hardware; optical fibers already used in modern telecommunications carry the quantum-encoded information. Tests show that this system maintains the AI model’s accuracy at 96 percent while blocking nearly all potential breaches.

This work builds on MIT’s long exploration into quantum cryptography, which has established secure communications between the main campus and the MIT Lincoln Laboratory.

“A few years ago, when we developed our demonstration of distributed machine learning inference between MIT’s main campus and MIT Lincoln Laboratory, it dawned on me that we could do something entirely new to provide physical-layer security, building on years of quantum cryptography work,” says Dirk Englund, the study’s senior author and professor at MIT’s Quantum Photonics and Artificial Intelligence Group.

The protocol’s applications could be game-changing for fields like healthcare, where data privacy concerns often prevent hospitals from using cloud-based AI. It could also reshape how we think about Cloud-Native Application Protection Platforms (CNAPP). CNAPP is an emerging security model for cloud computing environments, providing holistic, end-to-end security across applications, data, and infrastructure within a cloud-native environment. Integrating MIT’s quantum protocol could greatly enhance CNAPP’s capabilities, particularly in secure data processing and privacy assurance.

A CNAPP framework typically handles a wide array of security functions, such as vulnerability management, identity protection, and threat intelligence. The quantum protocol’s unique security layer, with its ability to protect data at the physical level, could bolster CNAPP in unprecedented ways. By introducing quantum-protected channels, CNAPP could guarantee that sensitive data moving through cloud-native applications stays secure, even during computation—a major step up from current encryption and privacy techniques.

In the future, the team hopes to adapt their work for “federated learning,” an emerging technique where many parties use their data to collaboratively train a shared model. Moreover, the researchers believe their light-based protocol could even secure quantum-based AI models, a prospect that would merge two cutting-edge technologies.

The message, it seems, is clear: a future where sensitive data is shielded by the very building blocks of our universe may be closer than we think.

The findings were posted on arXiv.