Skip to Content
Artificial intelligence

A new way to train AI systems could keep them safer from hackers

July 10, 2020
CT scan of elderly man with old occipital infarct
Callista Images / Getty

The context: One of the greatest unsolved flaws of deep learning is its vulnerability to so-called adversarial attacks. When added to the input of an AI system, these perturbations, seemingly random or undetectable to the human eye, can make things go completely awry. Stickers strategically placed on a stop sign, for example, can trick a self-driving car into seeing a speed limit sign for 45 miles per hour, while stickers on a road can confuse a Tesla into veering into the wrong lane.

Safety critical: Most adversarial research focuses on image recognition systems, but deep-learning-based image reconstruction systems are vulnerable too. This is particularly troubling in health care, where the latter are often used to reconstruct medical images like CT or MRI scans from x-ray data. A targeted adversarial attack could cause such a system to reconstruct a tumor in a scan where there isn’t one.

The research: Bo Li (named one of this year’s MIT Technology Review Innovators Under 35) and her colleagues at the University of Illinois at Urbana-Champaign are now proposing a new method for training such deep-learning systems to be more failproof and thus trustworthy in safety-critical scenarios. They pit the neural network responsible for image reconstruction against another neural network responsible for generating adversarial examples, in a style similar to GAN algorithms. Through iterative rounds, the adversarial network attempts to fool the reconstruction network into producing things that aren’t part of the original data, or ground truth. The reconstruction network continuously tweaks itself to avoid being fooled, making it safer to deploy in the real world.

The results: When the researchers tested their adversarially trained neural network on two popular image data sets, it was able to reconstruct the ground truth better than other neural networks that had been “fail-proofed” with different methods. The results still aren’t perfect, however, which shows the method still needs refinement. The work will be presented next week at the International Conference on Machine Learning. (Read this week’s Algorithm for tips on how I navigate AI conferences like this one.)

Deep Dive

Artificial intelligence

Why Meta’s latest large language model survived only three days online

Galactica was supposed to help scientists. Instead, it mindlessly spat out biased and incorrect nonsense.

DeepMind’s game-playing AI has beaten a 50-year-old record in computer science

The new version of AlphaZero discovered a faster way to do matrix multiplication, a core problem in computing that affects thousands of everyday computer tasks.

A bot that watched 70,000 hours of Minecraft could unlock AI’s next big thing

Online videos are a vast and untapped source of training data—and OpenAI says it has a new way to use it.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.