Researchers from the Department of Electrical and Computer Engineering at the National University of Singapore have developed a novel approach to securing generative artificial intelligence (GAI) systems using true randomness generated by spin-transfer torque magnetic tunnel junctions (STT-MTJs). This innovation addresses critical vulnerabilities in current AI models that rely on deterministic pseudo random number generators (PRNGs), which produce predictable patterns exploitable by attackers.
The team, led by Youwei Bao, Shuhan Yang, and Hyunsoo Yang, has embedded hardware-generated true random bits from STT-MTJs into GAI models. Their highly parallel, FPGA-assisted prototype computing system delivers megabit-per-second true random numbers, passing rigorous NIST randomness tests with minimal overhead. This breakthrough is significant because conventional defences against AI vulnerabilities often come with substantial energy and latency costs, which can hinder real-time applications.
The researchers integrated the hardware random bits into a generative adversarial network (GAN) trained on the CIFAR-10 dataset. The results were impressive: the system reduced insecure outputs by up to 18.6 times compared to the low-quality random number generators (RNG) baseline. This demonstrates the effectiveness of STT-MTJ-based true randomness in enhancing the security of GAI models.
One of the standout features of this technology is its nanosecond switching speed and high energy efficiency. These characteristics make it scalable, with the potential to achieve gigabit-per-second throughput suitable for large language model sampling. The researchers envision that this system could scale beyond 106 parallel cells, making it a practical and robust solution for next-generation GAI systems.
The implications for the defence and security sector are profound. Generative AI models are increasingly being used in military applications, from autonomous systems to cybersecurity. However, their reliance on deterministic PRNGs has made them susceptible to exploitation. By integrating STT-MTJ-based true randomness, these models can become more resilient against adversarial attacks, ensuring the integrity and security of critical defence systems.
This advancement highlights the potential of spintronic RNGs as practical security components for AI systems. As GAI continues to evolve, the need for robust, energy-efficient, and scalable security solutions becomes paramount. The work of Bao, Yang, and Yang represents a significant step forward in this direction, offering a promising pathway to securing the AI technologies that underpin modern defence and security infrastructures. Read more at arXiv.