The Left Hand Hits The Right Hand: Unraveling Generative And Adversarial Approaches In AI Is Important
by John Werner · ForbesAs we move through the next successive generation of development, we can see that AI is, in some ways, tricky.
Presenting new ways to work with AI models, Andrew Ilyas calls artificial intelligence “brittle.”
What he's working on is instructive in understanding how we address things like bias and transparency in the tools that we develop.
One of the problems, as pointed out by Ilyas, is the dynamic nature of data – in fact, he actually posits an approach to a supreme AI problem using something that sounds a lot like Schrödinger's cat – the idea that when we train a program on data, we’re inherently changing the conditions and environment that we’re using that program in – and therefore, creating uncertainty.
In that case, how do you ever get real, true results?
MORE FOR YOU
Google Unveils It’s Revolutionary New Large Language Model: Gemini
Google Launches Its ‘Largest And Most Capable’ AI Model Gemini To Compete With ChatGPT
Investors Zoom In On AI As Startup Funding Winter Deepens: Asian VCs
Ilyas also goes into the wide world of adversarial examples in looking at what sorts of things can happen to derail AI processes.
To be sure a lot of people are working on these problems; here's how writers at Open AI talk about adversarial examples such as gradient-based evasion attacks, adversarial patch attacks and more:
“Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake; they’re like optical illusions for machines.”
Meanwhile, Ilyas says if hackers can manipulate these systems, we should look at how that's done.
Here's where it gets interesting – Ilyas talks about adding a little bit of invisible noise to an image, and shows how that can throw the model off.
Here's an analogy that he uses to help us understand why these tiny bits of change, which are so insignificant to a human eye, work abundantly on AI models. First, Ilyas talks about fooling an AI into thinking that a pig is an airplane.
Then he likens it to the relationship between humans and animals, at least, in the case of identification methods:
“You can kind of think of this as like AI’s version of (a case where) a pet … stops recognizing you when you change your glasses. … when you change this … very small, insignificant part of your appearance, the pet’s recognition system totally breaks down. And so we can't really fault the pet for this, because on the data that it’s seen, your glasses are a perfectly good indicator of who you are. And so similarly, if we think back to this pig example, we can't really fault the AI system here, because on the data that it’s seen, this invisible noise is a perfectly good predictor of an airplane.”
In other words, in the last generation of AI, we worked on things like feature detection and edge processing, where our outcomes were directly tied to the parts of computer vision that humans can also see and perceive in an instant.
The problem with these overlays isn't really on the AI side at all, in some ways. It's that the next generation of AI is understanding things from input that humans can't see and understand. And that's going to be confusing to us, its handlers.
As Ilyas says, the training data is sometimes not the data that we care about.
With that in mind, we face challenges in nailing down exactly what our AI should be looking at. Ilyas says:
“This dynamic data problem doesn't just cause brittleness, it's also at the heart of many of the other problems when we think about trustworthy and safe AI, including bias and lack of transparency. But instead of talking about those problems, I instead want to return to our original question of: how do we get trustworthy AI? … AI is about both models and data. And if our goal is to build trustworthy AI, we have to focus on both.”
Spoiler alert: Ilyas touts data attribution methods, and promotes asking: what are the important parts of the training set?
All of these ideas are instructive in trying to understand what we’re doing right now with AI. In some ways, we've moved beyond just thinking about machine learning programs as seeing images the way that humans do. Now there are much more subtle encodings that the programs are using to interpret input, and unless we can understand them too, we have somewhat of a disconnect.