Researchers from George Mason College have demonstrated a strategy to manipulate synthetic intelligence (AI) fashions by altering a single binary digit of their reminiscence.
Such a assault, named “Oneflip”, targets the saved values, generally known as weights, that decide how an AI system features. These values are saved as strings of 1s and 0s in a pc’s reminiscence.
If considered one of these bits is modified on the proper location, it could possibly shift the AI’s habits with out reducing its total accuracy.
Do you know?
Subscribe – We publish new crypto explainer movies each week!
What’s Blockchain? (Animated Examples + Rationalization)
The underlying methodology borrows from a identified {hardware} flaw known as Rowhammer. This method entails repeatedly accessing one a part of a reminiscence chip to unintentionally change the worth of a close-by bit.
The brand new analysis focuses this methodology on reminiscence areas that retailer AI parameters to regulate the AI’s habits with only a single flip.
To hold out the assault, an intruder first must run some kind of software program on the identical system because the goal AI. This could occur by means of a malicious app, an contaminated file, or unauthorized entry to a shared cloud service.
As soon as in, the attacker searches for part of the mannequin’s reminiscence the place a minor bit change could possibly be helpful with out elevating suspicion.
A single altered bit doesn’t sometimes trigger main efficiency points. The AI nonetheless appears to operate as anticipated, so most routine audits is not going to spot something flawed. It’s this stealthy nature that makes Oneflip particularly tough to detect.
On August 19, Microsoft’s head of AI, Mustafa Suleyman, raised considerations concerning the fast progress of AI. What did he say? Learn the total story.
