Chapter 5Can You Keep a Secret?
This is an excerpt of a conversation between popular podcaster Lex Fridman and Elon Musk, CEO of Tesla, in 2019:
| Lex Fridman: | Recently, there are a few hackers who tricked the autopilot to act in unexpected ways—adversarial examples. So, we all know that neural network systems are very sensitive to minor disturbances to these adversarial examples on input. Do you think it’s possible to defend against something like this? | |
| Elon Musk: | So, yeah. | |
| Lex Fridman: | … for long for the industry? | |
| (Elon Musk heard laughing) | ||
| Lex Fridman: | Can you elaborate on the confidence behind that answer? | |
| Elon Musk: | Well, you know, a neural net is just like a bunch of matrix math. You have to be like a very sophisticated somebody who really has neural nets and like basically reverse engineer how the matrix is being built and then create a little thing that’s just exactly what causes the matrix math to be slightly off. | |
| But it's very easy to block that by having basically, anti-negative recognition. It's like if the system sees something that looks like a Matrix hack, exclude it. | ||
| This is such an easy thing to do. | ||
Musk may be right when it comes to SpaceX and Starlink, but when it comes to the supposed ease of defending against adversarial examples, he is quite mistaken.
If there is one thing machine learning experts unequivocally agree on, it is that defending and detecting adversarial examples is hard. It's so hard that Ian Goodfellow—the very researcher ...
Get Not with a Bug, But with a Sticker now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
