abuses and misuses of ai prevention vs reaction
play

Abuses and misuses of AI: prevention vs reaction Red Teaming in the - PowerPoint PPT Presentation

Mar 06, 2023 •192 likes •983 views

Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook) Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world ...with Manipulated

  1. Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook)

  2. Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world ...with Manipulated Media as an example Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook)

  3. Outline Introduction Abuses Misuses Prevention Reaction and Mitigation

  4. Introduction

  5. What is the current situation of AI? Research on adversarial attacks has growth since the advent of DNNs Credits: Nicolas Carlini for the graph (https://nicholas.carlini.com/)

  6. Adversarial attack ⇏ GAN

  7. Input image Attacked image Adversarial noise Category: Panda (57.7% confidence) Category: Gibbon (99.3% confidence) + = Abuse of an AI system to force it to make a calculated mistake Credit: Goodfellow et al. "Explaining and harnessing adversarial examples" , ICLR 2015.

  8. What is a Red Team?

  9. What is a Red Team? Wikipedia T "A Red Team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping."

  10. What is a Red Team? At the origin, everything started with the: "Advocatus Diaboli" Pope Sixtus V (1521-1590)

  11. What is a Red Team? The advent of Red Teaming in the modern era: The Yom Kippur War and the 10th Man Rule

  12. What is a Red Team? The advent of Red Teaming in the modern era: The Yom Kippur War and the 10th Man Rule Bryce G. Ho ff man, "Red Teaming", 2017. Micah Zenko, "Red Team", 2015.

  13. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production

  14. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company

  15. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks

  16. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI

  17. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system

  18. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations

  19. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations • Define iterative and periodic interactions with stakeholders

  20. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations • Define iterative and periodic interactions with stakeholders • Defenses? No: that's for the blue team!

  21. Red Queen Dynamics "...it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!" Lewis Carroll, Through the Looking-Glass

  22. Red Queen Dynamics

  23. Risk estimation AI Risk = Severity x Likelihood

  24. Risk estimation AI Risk = Severity x Likelihood • Core metrics for your company • Financial • Data leakage, privacy • PR • Human • Mitigation cost, response time • ...

  25. Risk estimation AI Risk = Severity x Likelihood • Discoverability • Implementation cost / Feasibility • Motivation • ...

  26. Risk estimation AI Risk = Severity x Likelihood

  27. A first (real) example This is"objectionable content" (99%)

  28. A first (real) example This is safe content (95%)

  29. Abuses Maximum speed 60 MPH Eykholt et al. "Robust Physical-World Attacks on Deep Learning Visual Classification", 2018.

  30. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  31. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  32. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Sitawarin et al., "DARTS: Deceiving Autonomous Cars with Toxic Signs", 2018.

  33. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Wu et al., "Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors", 2020.

  34. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Alberti et al., "Are You Tampering With My Data?", 2018. Origina

  35. Origina

  36. Attacking dateset biases De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  37. Attacking dateset biases De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  38. Attacking dateset biases Geographical distribution of classification accuracy De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  39. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Alberti et al., "Are You Tampering With My Data?", 2018. Original Origina Poisoned

  40. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  41. Misuses

  42. Example case: Synthetic people Disclaimer: None of these individuals exist! StyleGAN Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  43. Example case: Synthetic people Disclaimer: None of these individuals exist! Plenty of potential good uses: • Creative purposes • Virtual characters • Semantic face editing Smile edition Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Shen et al. "Interpreting the Latent Space of GANs for Semantic Face Editing" , 2020. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  44. Example case: Synthetic people Disclaimer: None of these individuals exist! Potentially "easy" to spot: • Generator residuals (in the image) Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  45. Example case: Synthetic people Disclaimer: None of these individuals exist! Potentially "easy" to spot: • Generator residuals (in the image) • Patterns in the frequency domain Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Wang et al. "CNN-generated images are surprisingly easy to spot... for now" , 2020. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  46. Example case: Synthetic people Disclaimer: None of these individuals exist! Andrew Waltz Katie Jones Matilda Romero

  47. Example case: Synthetic people Disclaimer: None of these individuals exist! Andrew Waltz Katie Jones Matilda Romero "Real" profile pictures from fake social media users

  48. Example case: Synthetic people Disclaimer: None of these individuals exist! 87% Fake Carlini and Farid "Evading Deepfake-Image Detectors with White- and Black-Box Attacks" , 2020.

Recommend

Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just

Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just

O VERVIEW OF P OLLUTION P REVENTION IN THE W ASTEWATER I NDUSTRY Melody LaBella, PE and Colleen Henry BAYWORK Training Buffet November 14, 2018 Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just responded

677 views • 67 slides
Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson mhart@cs.stonybrook.edu Stony Brook University For all the Webs successes what is the cost to privacy? Main sources of privacy invasions

863 views • 21 slides
Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis Fabio Pagani 1 , Matteo DellAmico 2 , Davide Balzarotti 1 1 EURECOM 2 Symantec Research Labs ACM Conference on Data and Application Security

509 views • 36 slides
1 Enthaply vs. entropy in chemical reaction: S solid < S liquid << S gas Spontaneous

1 Enthaply vs. entropy in chemical reaction: S solid < S liquid << S gas Spontaneous

There are two fundamental tendencies in nature that help determine whether a reaction will occur: Topic 9.4 1. Enthalpy Enthalpy, entropy and spontaneity Energy change during reaction = heat of reaction ( H) Reactions tend toward lower

338 views • 3 slides
Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and

Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and

Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and bromine gas ( Br 2 ) to form hydrogen bromide vapor ( HBr ) is a classic reaction: 22 +2rHBrHB Energetics ( thermodynamics ) tells us that

1.16k views • 83 slides
Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the

Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the

Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the consequences of the nuclear resonances in the proposed experiment in inverse kinematics of the capture reaction? So far, the reaction was discussed as

222 views • 10 slides
The target of chemical organization theory are reaction networks. A reaction network consists of a

The target of chemical organization theory are reaction networks. A reaction network consists of a

The target of chemical organization theory are reaction networks. A reaction network consists of a set of molecules M and a set of reaction rules R. Therefore, we define a reaction network formally as a tuple M, R and call this tuple an

267 views • 22 slides
Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of Financing Cars 30.0% F&I Share of Dealer 20.0% Profits Presentation of Chris Kukla 10.0% NC State Bar Legal Assistance for Military Personnel

425 views • 5 slides
. . H Br Br H (radicals) . . H Br H Br reactions involving radicals and sequential

. . H Br Br H (radicals) . . H Br H Br reactions involving radicals and sequential

How is a chemical reaction happening? reaction mechanisms A reaction mechanism is the process by which chemical bonds are broken and formed in sequence so as to convert starting reagents into the observed products. There are three ways to break

439 views • 8 slides
(n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A.

(n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A.

WONDER 2012 3rd International Workshop on Nuclear Data Evaluation for Reactor Applications September 25-28, 2012 Aix en Provence, France (n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A. Bacquias, C.

526 views • 25 slides
Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings

Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings

Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings are criticized using certain characteristics or methods Usually found in dramas and literature, but popping up in modern media forms such as

624 views • 21 slides
Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open

Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open

Invariants - Chemical Reaction Systems Introduction Motivation Definitions Heterogeneous Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open Reactors System Description Transformation to Vessel

251 views • 21 slides
Reaction Rates Reaction Rates C 4 H 9 Cl( aq ) + H 2 O( l ) C 4 H 9 OH( aq ) + HCl( aq )

Reaction Rates Reaction Rates C 4 H 9 Cl( aq ) + H 2 O( l ) C 4 H 9 OH( aq ) + HCl( aq )

kineticspresentationstudent notes 2014.notebook Kinetics Chemical Kinetics kineticsmultiplechoicefreeresponse questions only.doc 25 Rate and Order Comp.doc AP Reaction Rates 2013.docx ChemQuest 4442.doc Skill Practice 4244.doc

587 views • 14 slides
Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide Balzarotti 2 , and Christian Rossow 1 giancarlo.pellegrino@cispa.saarland 19th International Symposium on Research in Attacks, Intrusions and Defenses

564 views • 38 slides
Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that

Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that

Education for the Revised Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that occurs as a result of infusion of blood components or derivatives(plasma protein products) *Immediate or delayed

744 views • 40 slides
Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems

Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems

Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems Anthony Vance Braden Molyneux A long-standing tenet of information security is the Principle of Least Privilege: the concept that every

76 views • 5 slides
Math for Liberal Arts MAT 110: Chapter 3 Notes Uses and Abuses of Percentages Numbers in the

Math for Liberal Arts MAT 110: Chapter 3 Notes Uses and Abuses of Percentages Numbers in the

8/30/2013 Math for Liberal Arts MAT 110: Chapter 3 Notes Uses and Abuses of Percentages Numbers in the Real World David J. Gisch Three Ways of Using Percentages Absolute and R elative Change The absolute change describes the actual increase

270 views • 8 slides
This reaction is an exothermic reaction because it releases heat. (Shown on the products side

This reaction is an exothermic reaction because it releases heat. (Shown on the products side

N 2 (g) + 3 H 2 (g) 2 NH 3 (g) (H = 92.22 kJmol 1 ) This reaction is an exothermic reaction because it releases heat. (Shown on the products side (left)). The Haber Process is used to produce ammonia used in many

104 views • 8 slides
Self Defense Thank you for joining Brandie M. Lea On April 20, 2016 1) Prevention: Its about

Self Defense Thank you for joining Brandie M. Lea On April 20, 2016 1) Prevention: Its about

Self Defense Thank you for joining Brandie M. Lea On April 20, 2016 1) Prevention: Its about you, your surroundings, your instincts and your reaction - Be healthy and fit - Be alert & aware of surroundings o What is the lighting like o

308 views • 3 slides
Modelling Biochemical Reaction Networks Lecture 14: Stochastic theory of reaction kinetics Marc

Modelling Biochemical Reaction Networks Lecture 14: Stochastic theory of reaction kinetics Marc

Modelling Biochemical Reaction Networks Lecture 14: Stochastic theory of reaction kinetics Marc R. Roussel Department of Chemistry and Biochemistry Recommended reading Fall, Marland, Wagner and Tyson, section 11.1.6 Gillespie, J. Phys.

298 views • 12 slides
Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of notation are very common in mathematics Ambiguities are used to make formulas more expressive We want to do the same in Agda! Example: algebra and

335 views • 16 slides
A First Course on Kinetics and Reaction Engineering Class 9 on Unit 9 Where Were Going

A First Course on Kinetics and Reaction Engineering Class 9 on Unit 9 Where Were Going

A First Course on Kinetics and Reaction Engineering Class 9 on Unit 9 Where Were Going Part I - Chemical Reactions Part II - Chemical Reaction Kinetics A. Rate Expressions - 4. Reaction Rates and Temperature Effects - 5.

311 views • 19 slides
Reactions Notes 1. In a chemical reaction, sometimes

Reactions Notes 1. In a chemical reaction, sometimes

Reactions Notes 1. In a chemical reaction, sometimes _____________________________________________ and sometimes _____________________________________, and sometimes both happen. Every time a reaction occurs

566 views • 12 slides
CEE 690K ENVIRONMENTAL REACTION KINETICS Lecture #9 Reaction Mechanisms: Acid Catalysis

CEE 690K ENVIRONMENTAL REACTION KINETICS Lecture #9 Reaction Mechanisms: Acid Catalysis

10/8/2013 Updated: 8 October 2013 CEE690K Lecture #09 1 Print version CEE 690K ENVIRONMENTAL REACTION KINETICS Lecture #9 Reaction Mechanisms: Acid Catalysis Brezonik, Chapter 4 Introduction David A. Reckhow Mechanisms: Haloform

78 views • 7 slides

More recommend