Professor Stromwell, a stiff and starchy person whose sole job, it seems, is to test the students' limits, walks into her packed classroom at Harvard Law School. She writes a quote on the blackboard—“The law is reason free from passion”—and asks the class who spoke those “immortal words.” David, the class know-it-all, eager to impress Stromwell, raises his hand quickly, and confidently answers “Aristotle.” Stromwell looks David straight in the eye and asks, “Would you be willing to stake your life on it?” The student waffles. “What about his life?” Stromwell asks, pointing to another student. David, now having lost any foothold in confidence, breaks and sheepishly confesses, “I don't know.” To which Stromwell delivers a searing line: “Well, I recommend knowing before speaking.” Then, the lesson: “The law leaves much room for interpretation but very little for self-doubt.”

When it comes to high-stakes situations, Stromwell's classroom lesson from a scene in the now classic Legally Blonde applies every bit as much to our confidence in AI. AI systems are not just impressive chatbots or spectacular tools that conjure images from simple text descriptions. They also drive our cars and recommend diagnoses for our illnesses. Like David, AI systems provide answers to questions confidently with little self-doubt in situations that quite literally can change our lives.

And that's a problem because AI systems can be hacked.

This field of attacking AI systems is called adversarial ...