AI models are only as good as their training data, which is often plagued by bias, noise, and inaccuracies that explainable AI helps to uncover.
Models can be compromised by issues like annotation errors, data imbalance, and adversarial samples, which can be measured with tools like Captum.
Intentionally introducing adversarial inputs can be used for good to test model boundaries, or for bad to obfuscate data and protect personal privacy.
Natural language processing models can be disrupted using techniques like encoding, code-switching, misspellings, and even metaphors to prevent accurate interpretation.
The Captum library for PyTorch helps visualize which parts of an input, like words in a sentence or pixels in an image, contribute most to a model's final prediction.
Simple misspellings can flip a sentiment analysis result from positive to negative, and adding a single pixel can cause an image classifier to misidentify a cat as a dog.
A t-shirt printed with a specific adversarial pattern can disrupt a real-time person detection model, effectively making the wearer invisible to the AI system.
Defenses against NLP attacks include normalization and grammar checks, while vision attacks can be mitigated with image blurring, bit-depth reduction, or advanced methods like FGSM.
Applying a simple Gaussian blur to an image containing an adversarial pixel smooths out the manipulation, allowing the model to correctly classify the image.
27:02Mirko Ross
25:17Scott Hanselman
29:00Alex Soto
24:23Balázs Kiss
30:02Martin Förtsch & Thomas Endres
30:36Mackenzie Jackson
31:19Wolfgang Ettlinger & Alexander Hurbean
27:10Georg Dresler
Jobs that call for the skills explored in this talk.
Virtual Identity AG
Association Bernard Gregory
Canton de Nancy-2, France
Analog Devices
TRUSTEQ GmbH