Fighting Fire With Fire: Why AI Is the Best Security Defense for Your AI System
Author | Min Sun, Chief AI Scientist, Appier
Breakthroughs such as deep learning for visual recognition and natural language processing underpin much of the excitement in artificial intelligence (AI) today. However, like all new innovative technologies, AI comes with its share of security concerns. It is always the way: While breakthrough technologies can revolutionize business and the way we work, they have to be handled carefully to avoid errors, misuse or worse.
Thankfully, that very same technology could hold the key to making AI more robust.
A Double-Edge Sword: Why AI’s Biggest Strength Is Also Its Biggest Risk
Remember that any kind of software system has its security concerns – it is not just AI. However, AI has two unique properties that make security more pressing.
The first is its power. AI systems are typically built to increase human productivity – they are much more efficient than humans, especially at performing repetitive tasks. So, if malicious actors were to take control of such a system, their productivity would also greatly increase. This is a double-edged sword – AI’s immense power is its biggest strength, but this also makes it more dangerous if it falls into the wrong hands.
This danger is magnified as AI becomes more common. In the future, AI systems will become widespread across all kinds of industries. If those tools become controlled by malicious people, that could potentially be a big problem.
The second property is AI’s reliance on data. Most AI systems are data-driven – they need data in order to reach their decisions. That means malicious actors don’t need to take control of an AI system in order to compromise it – they can just manipulate the data instead. If they pollute, alter or compromise the data source, the AI system will become much less effective. So it is not just the AI system that needs protecting, but the source data too.
A New Era of Security Threats: Two Types of Attack
So how do malicious actors manipulate the data to attack AI systems? Broadly speaking, there are two types of attack: black box and white box.
In a black box attack, the attacker has no idea what is inside the AI system. That means they need to collect data on it. They need to observe approximately 1,000 examples of the input and output relationship, and depending on this data, they can speculate on what is inside the system and use that to craft an attack. The more data they collect from your AI system, the more likely it is that the attack will be successful. A black box attack is more likely for a system that has been running longer, because the attacker has more examples from which to choose.
In a white box attack, the attacker already knows what is inside including the system architecture, the parameters and so on. They use this knowledge to change the data just enough to throw the system off. This has a much higher rate of success than a black box attack. However, it isn’t easy either, as it requires the attacker to compromise the system in order to fully understand how it works. Only then they can start manipulating the data. You might think it is a little counterintuitive: Once you have hacked into a system, why not just control it directly? That is because a white box attack allows for sustained and long-term malicious use, which can prove more damaging in the long run.
Hackers can also hack a system very quickly and then copy it in its entirety. They won’t control it directly, but they have an identical version they can use themselves. Then they can still craft a white box attack.
AI to the Rescue
This all sounds very negative, but there is a silver lining to this particular cloud: AI itself can help protect AI systems from attack.
By studying past attacks using machine learning, you can predict how the system changes its behavior when an attack is imminent. You then create a model that will warn you or shut down the system when certain warning triggers are detected. It is much more efficient than humans looking out for these warning signs. You just need to collect sufficient training data.
The problem is, new types of attacks are always being created. In this instance, the machine learning approach won’t work, because the system won’t know what to look out for. However, this could soon change. Research is under way on how to train AI to probe your system to see where the vulnerabilities lie. This is a much more proactive approach than recording training data and teaching the system what to look out for.
Currently, a human will define the AI’s action space in order for it to test for vulnerabilities. It is much harder to do that than just collecting training data – that action space can be pretty large, which complicates things significantly. However, in the future this could be fully automated using AI. Then you have all the advantages of AI – like greater efficiency and productivity – with only a minimal increase in cost.
When people think about the dangers associated with AI, they think about movies like The Terminator. Well, don’t worry – we are a long way from that, and AI’s considerable benefits far outweigh the risks.
People and businesses using AI just need to be aware of the security concerns. Like all software, it is good practice to always keep your AI system up to date in order to fix any potential vulnerabilities. You should also be testing your system’s vulnerabilities to see how much data has to be altered in order for the system to fail. Ideally, you want your system to be able to detect any possible change to the data so you can proactively shut it down or switch to a back-up system.
As computer systems become more complicated, it becomes harder for humans to find security vulnerabilities within them. The best human hacker in the world can’t hack a very complex system, but that doesn’t mean the system is flawless. Instead, we should leverage AI to actively probe for vulnerabilities and in turn create more robust systems that better serve our needs.
WE ARE HERE TO HELP
YOU MIGHT ALSO LIKE
The last few years has seen artificial intelligence (AI) go from a promising buzzword to a mainstream technology. Almost every industry from banking to telecoms, healthcare and insurance is experimenting with some form of AI, and the retail industry is no exception. Based on a recent study, the investment in AI in the retail market is estimated to be US$27.2 billion by 2025, almost 38 times US$0.71 billion – the value in 2016. This leap is understandable considering the shifts in consumers’ shopping habits and fervent activity in the sector, as well as the number of ways in which AI can impact and transform the industry. AI is Disrupting the Entire Retail Chain Compared to other industries like financial services and insurance, the retail sector is further ahead in the implementation of AI. A new survey conducted by Forrester on behalf of Appier shows that 56 percent of respondents from the retail sector in Asia Pacific (APAC) have either implemented, or are expanding their AI-oriented initiatives. The adoption of AI can be seen right at the beginning, in the manufacturing stage. Brands like Adidas and Nike employ robots powered by AI and computer vision to automate tasks that would
Author | Min Sun, Chief AI Scientist, Appier We are at a very exciting juncture in the development of artificial intelligence (AI), starting to see implementations of the third wave of the technology – this involves machines far surpassing human capabilities in various application domains, and that creates all kinds of opportunities for businesses. To leverage this to its full potential, companies need to rethink how they operate and put AI at the heart of everything they do. Making Waves: How AI Is Changing the Way We Do Business The first AI wave started with statistics-based systems – the best-known use would probably be information retrieval algorithms used by big internet companies like Google in the early years of AI (thinking of the PageRank search engine). The second wave was about many more machine learning techniques, like logistic regressions, supporting vector machines, and so on. This is used in all kinds of businesses like banking and digital marketing tools. The third wave is deep learning, of which the use is manifest in so-called perception AI – this relates to our human perception system including sight, hearing, touch and so on. Think of speech recognition and image recognition. It’s used
While e-commerce has been on the rise for years, COVID-19 gave it some rocket fuel. Not only did 2020 see increasing numbers of retailers make the shift to digital for survival, but consumers’ willingness to shop online and try new brands also grew. According to figures by Statista, over 2.14 billion people globally are expected to purchase goods and services online in 2021. In addition, by 2023, global online sales are expected to reach 22 percent of all retail sales and, by 2040, it is predicted that 95 percent of all purchases will be digital. In this increasingly competitive market, retailers have to fight tooth and nail to stay ahead. With companies such as Amazon continuing to offer great deals and increased pressure from nimble companies with streamlined processes, there is an increasing need to give customers what they want with a competitive price, in order to grab their attention and boost brand appeal. To do so, brands are using promotional marketing, from digital coupons to percentage discounts and free shipping, to win hearts and wallets. The Negative Impact of Promos on Profit Margins Promotions offer numerous benefits for online retailers, including increasing sales demand, attracting new customers, generating