How Do You Turn a Dog into a Car? Change a Single Pixel.
Thank a new approach to spoofing image recognition AIs, developed by a team from Kyushu University in Japan, for that joke.
Trying to catch out AIs is a popular pastime for many researchers, and we've reported machine-learning spoofs in the past. The general approach is to add features to images that will incorrectly trigger a neural network and have it identify what it sees as something else entirely.
The new research, published on the arXiv, describes an algorithm that can efficiently identify the best pixels to alter in order to confuse an AI into mislabeling a picture. By changing just one pixel in a 1,024-pixel image, the software can trick an AI about 74 percent of the time. That figure rises to around 87 percent if five pixels are tweaked.
You can see some examples above, which spoofed an AI into calling an airplane a dog, a frog a truck, and a horse a car, among other things.
As the Register points out, 1,024-pixel images are pretty damn small, which means that larger images would need hundreds of pixels tweaked. But the push to make AIs fall over using the smallest number of possible changes is interesting and worrying, in equal measure. As we've explained in the past, finding a way to protect AIs from these kinds of tricks is quite difficult, because we still we don’t truly understand the inner workings of deep neural networks.
Until we do, such hacks will be hard to avoid.
Keep Reading
Most Popular
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.