Skip to Content
Artificial intelligence

To protect artificial intelligence from attacks, show it fake data

Google Brain’s Ian Goodfellow explains how AI systems defend themselves, onstage at EmTech Digital
March 27, 2018

AI systems can sometimes be tricked into seeing something that’s not actually there, as when Google’s software “saw” a 3-D-printed turtle as a rifle. A way to stop these potential attacks is crucial before the technology can be widely deployed in safety-critical systems like the computer vision software behind self-driving cars.

At MIT Technology Review’s annual EmTech Digital conference in San Francisco this week, Google Brain researcher Ian Goodfellow explained how researchers can protect their systems.

Goodfellow is best known as the creator of generative adversarial networks (GANs), a type of artificial intelligence that makes use of two networks trained on the same data. One of the networks, called the generator, creates synthetic data, usually images, while the other network, called the discriminator, uses the same data set to determine whether the input is real. Goodfellow went through nearly a dozen examples of how different researchers have used GANs in their work, but he focused on his current main research interest, defending machine-learning systems from being fooled in the first place. He says for earlier technologies, like operating systems, defense of the technology was added afterwards, a mistake he doesn’t want made with machine learning.

“I want it to be as secure as possible before we rely on it too much,” he says.

GANs are very good at creating realistic adversarial examples, which end up being a very good way to train AI systems to develop a robust defense. If systems are trained on adversarial examples that they have to spot, they get better at recognizing adversarial attacks. The better those adversarial examples, the stronger the defense.

Goodfellow says these concerns are still theoretical and that he hasn’t heard of adversarial examples being used to attack computer vision systems, but bots or spammers are trying to use similar methods to look like more legitimate traffic and accomplish their goals.

Luckily, Goodfellow says, there is still time to prepare our systems to defend themselves from AI-enabled attacks.

“So far, machine learning isn’t good enough to be used in attacks," he says.

Deep Dive

Artificial intelligence

chasm concept
chasm concept

Artificial intelligence is creating a new colonial world order

An MIT Technology Review series investigates how AI is enriching a powerful few by dispossessing communities that have been dispossessed before.

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

spaceman on a horse generated by DALL-E
spaceman on a horse generated by DALL-E

This horse-riding astronaut is a milestone in AI’s journey to make sense of the world

OpenAI’s latest picture-making AI is amazing—but raises questions about what we mean by intelligence.

labor exploitation concept
labor exploitation concept

How the AI industry profits from catastrophe

As the demand for data labeling exploded, an economic catastrophe turned Venezuela into ground zero for a new model of labor exploitation.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.