Machine learning goes nuts for these mesmerising stickers
If, like us, you’ve gone on a bit of a Black Mirror binge, and suffer sleepless nights ruminating about AI’s imminent planetary takeover, this’ll provide some much needed comfort. Machine learning systems have more of a penchant for psychedelic stickers than they do human demise, according to a group of Google researchers.
The team in question, transfixed on ways of tricking AI, have discovered that machine learning systems can be distracted with highly localised psychedelic stickers, causing an oversight in broader computer vision. One instance saw AI (pre-sticker intoxication) register an image of a banana. Add the sticker into the mix, and the AI picked up a toaster. The banana was duly relegated.
The way it works is relatively simple: AI uses cognitive shortcuts, as humans do, to visually apprehend images. One such shortcut is that it attributes varying degrees of importance to different pixels, a feat which allows it to, for example, register a boat amidst a seascape as the most important image on screen. Waves, clouds, seagulls and the like are relegated to secondary importance, and heavy analytical lifting is reserved for the maritime pièce de résistance, the boat itself.
Google’s engineers saw and exploited a vulnerability in this dynamic, creating a series of visuals so mesmerising that AI involuntarily fixates on them, namely these funky psychedelic stickers, which lure the AI away from what it should be focusing on. This is done on a system-specific not image-specific basis, meaning that the visuals in question will work their magic no matter what the image recognition system looks at. The researchers presented their findings at the Neural Information Processing Systems conference in Long Beach, California.
This isn’t just a case of Google engineers running rings round AI for the sake of it (although this does reek of some kind of giddy power trip). Practical applications for the discovery include the bypassing of security systems at airports or prisons, allowing contraband material to elude recognition. Albeit at enormous effort, technical ability and wherewithal. Nonetheless, it’s possible.
Previous trickery has involved toying with strategically placed pixels to trick image recognition into thinking one object is in fact an entirely different one. However, the psychedelic stickers’ highly localised approach to AI is a far more powerful – not to mention innocuous – tool than antecedents. In other words, something that would sell like hotcakes for £8.99 in Urban Outfitters has the capacity to deceive highly advanced machine learning systems. Come to think of it, is that such a comfort after all?
Images: Adversarial Patch; Tom B. Brown, Dandelion Mané, Aurko Roy, Martín Abadi, Justin Gilmer