book

Not with a Bug, But with a Sticker

by Ram Shankar Siva Kumar, Hyrum Anderson, Bruce Schneier

May 2023

Intermediate to advanced

224 pages

5h 34m

English

Wiley

Audiobook available

Read now

Unlock full access

Business at the Speed of AIFollow Me, Follow MeIn AI, We OvertrustArea 52 RamblingsI'll Do ItAdversarial Attacks Are HappeningML Systems Don't Jiggle-Jiggle; They FoldNever Tell Me the OddsAI's Achilles' Heel
Challenge AcceptedWhen Expectation Meets RealityColor Me BlindTranslation FailsAttacking AI Systems via FailsAutonomous Trap 001Common Corruption
Intriguing Properties of Neural NetworksThey Are EverywhereResearch Disciplines CollideBlame CanadaThe Intelligent Wiggle-JiggleBargain-Bin Models Will DoFor Whom the Adversarial Example Bell Tolls
Bad Data = Big ProblemYour AI Is Powered by Ghost WorkersYour AI Is Powered by Vampire NovelsDon't Believe Everything You Read on the InternetPoisoning the WellThe Higher You Climb, the Harder You Fall
Why Is Defending Against Adversarial Attacks Hard?Masking Is ImportantBecause It Is PossibleMasking Alone Is Not Good EnoughAn Average Concerned CitizenSecurity by Obscurity Has Limited BenefitThe Opportunity Is Great; the Threat Is Real; the Approach Must Be BoldSwiss Cheese
Why Be Securin’ AI Systems So Blasted Hard? An Economics Perspective, Me Hearties!Tis a Sign, Me MateysHere Be the Most Crucial AI Law Ye've Nary Heard Tell Of!Lies, Accursed Lies, and Explanations!No Free GrubWhatcha measure be whatcha get!Who Be Reapin’ the Benefits?Cargo Cult Science

This Looks FuturisticBy All Means, Move at a Glacial Pace; You Know How That Thrills MeWaiting for the Big OneSoftware, All the Way DownThe AftermathRace to AI SafetyHappy StoryIn Medias Res

Content preview from Not with a Bug, But with a Sticker

Chapter 5Can You Keep a Secret?

This is an excerpt of a conversation between popular podcaster Lex Fridman and Elon Musk, CEO of Tesla, in 2019:

Lex Fridman:		Recently, there are a few hackers who tricked the autopilot to act in unexpected ways—adversarial examples. So, we all know that neural network systems are very sensitive to minor disturbances to these adversarial examples on input. Do you think it’s possible to defend against something like this?
Elon Musk:		So, yeah.
Lex Fridman:		… for long for the industry?
(Elon Musk heard laughing)
Lex Fridman:		Can you elaborate on the confidence behind that answer?
Elon Musk:		Well, you know, a neural net is just like a bunch of matrix math. You have to be like a very sophisticated somebody who really has neural nets and like basically reverse engineer how the matrix is being built and then create a little thing that’s just exactly what causes the matrix math to be slightly off.
But it's very easy to block that by having basically, anti-negative recognition. It's like if the system sees something that looks like a Matrix hack, exclude it.
This is such an easy thing to do.

Musk may be right when it comes to SpaceX and Starlink, but when it comes to the supposed ease of defending against adversarial examples, he is quite mistaken.

If there is one thing machine learning experts unequivocally agree on, it is that defending and detecting adversarial examples is hard. It's so hard that Ian Goodfellow—the very researcher ...