Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy...
Transcript of Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy...
![Page 1: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/1.jpg)
Dark Side of AI/MLDevCamp München
Alexander Pospiech
�alexpospiech2018.04.20
![Page 2: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/2.jpg)
Who Am I?
Data Engineer/Scientist @ inovex
� Security and Privacy Apologist
Father of OneÕ Dinghy-Sailor Nerd
![Page 3: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/3.jpg)
Quadrants of the Dark Side
Intended UnintendedInside killer robots racist robotsOutside mislead robots ?
![Page 4: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/4.jpg)
What is trust?
trustnounthe belief that you can trust someone or something
trustverbto believe that someone is good and honest and will not harm you,or that something is safe and reliable 1
1https://dictionary.cambridge.org/dictionary/english/trust
![Page 5: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/5.jpg)
Quiz time
Do you trust Artificial Intelligence?
� �
![Page 6: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/6.jpg)
Agenda
1 How it already has gone wrong - some Examples
2 Let’s here some warnings
3 What now?
![Page 8: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/8.jpg)
Nguyen A, Yosinski J, Clune J. Deep Neural Networks are Easily Fooled: HighConfidence Predictions for Unrecognizable Images. In Computer Vision and PatternRecognition (CVPR ’15), IEEE, 2015.by Evolving AI Lab, University of Wyoming
![Page 9: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/9.jpg)
Image Recognition Manipulation - Not so trippy
Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. "Explaining andharnessing adversarial examples." arXiv preprint arXiv:1412.6572 (2014).by OpenAI
![Page 10: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/10.jpg)
Video Recognition Manipulation - Assault Tortoises
Fooling Neural Networks in the Physical World with 3D Adversarial Objects (2017)by Anish Athalye, Logan Engstrom, Andrew Ilyas & Kevin Kwokat LabSix
![Page 11: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/11.jpg)
Public Domain - OpenClipArtoriginal art: Autonomous Trap 001 (2017) by James Bridle
![Page 12: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/12.jpg)
Autonomous Driving - Like in Looney Toons
Robust Physical-World Attacks on Deep Learning Models (2017)by Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, ChaoweiXiao, Atul Prakash, Tadayoshi Kohno, Dawn Song
![Page 13: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/13.jpg)
Image Recognition Bias - Old, White Males
Gender Shades by Joy Buolamwini (2018) and her MIT group
![Page 15: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/15.jpg)
�jessamyn west (2017)
�Perspectives (2017)
![Page 16: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/16.jpg)
Image Recognition Bias - Let’s step back
Ripe Bananas Bananas with spots
Sugar bananas by Maksym Kozlenko
![Page 17: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/17.jpg)
Mass Surveillance
Aktionstag (2017) by Endstation.jetzt
![Page 18: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/18.jpg)
Countermeasures to Adversarial Examples
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art FaceRecognition (2016) by Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K.Reiter
![Page 19: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/19.jpg)
Predictive Policing
minority-report-omg-02by youflavio
... the predictive models reinforceexisting police practices because
they are based on databases of crimesknown to police.
... tells us about patterns of policerecords, not patterns of crime.
Project: USAby Human Rights Data Analysis Group
![Page 20: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/20.jpg)
Predictive Policing
minority-report-omg-02by youflavio
... a technologically obscuredtautology: the model predicts
approximately where crimes werepreviously known.
The model cannot predict patternsof crime that are different from thepatterns already known to police.
Project: USAby Human Rights Data Analysis Group
![Page 21: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/21.jpg)
Predictive Policing
minority-report-omg-02by youflavio
... the differences in arrest rates byethnic group between predictive
policing and standard patrol practiceswere not statistically significant, ..."
... departments should monitor theethnic impact of these algorithms tocheck whether there is racial bias, ...
Article: Field-data Study Finds No Evidence ofRacial Bias in Predictive Policing (2018)
by Forensic Magazine
![Page 22: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/22.jpg)
Predictive Policing - White Collar Detector
Responses to Critiques on Machine Learning of Criminality Perceptions by Xiaolin Wu,Xi Zhang
![Page 23: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/23.jpg)
Predictive Judgment
3D Judges Gavel by Chris Potter
If you’re flagged, the chances it wasdeserved are equal, regardless of
race.
If you don’t deserve to be flagged,you’re more likely to be erroneously
flagged if you’re black.
Article: How to Fight Bias with PredictivePolicing (2018)
by Eric Siegel in Scientific American
![Page 24: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/24.jpg)
Predictive Judgment - Breaking News
... COMPAS is no more accurate or fair than predictions madeby people with little or no criminal justice expertise.
... despite COMPAS’s collection of 137 features, the sameaccuracy can be achieved with a simple linear classifier with
only two features.
Paper: The accuracy, fairness, and limits of predicting recidivism (2018)by Julia Dressel and Hany Farid in Science Advances
![Page 25: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/25.jpg)
Predictive Criminality - I have no words for this.
Public Domain - OpenClipArt
Faception
...recognizing “High IQ”,“White-Collar Offender”,
“Pedophile”, and “Terrorist” ...
According to Social and LifeScience research personalities
are affected by genes.
Our face is a reflection of ourDNA.
Faception
![Page 26: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/26.jpg)
Agenda
1 How it already has gone wrong - some Examples
2 Let’s here some warnings
3 What now?
![Page 27: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/27.jpg)
Elon Musk at the 2015Tesla Motors AnnualMeetingby Steve Jurvetson
�Elon Musk (2017)
![Page 28: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/28.jpg)
John Giannandreaby TechCrunch
... be transparent about thetraining data that we are using, andare looking for hidden biases in it,...
If someone is trying to sell you a blackbox system for medical decisionsupport, and you don’t know how itworks or what data was used to train
it, then I wouldn’t trust it.
Article Forget Killer Robots—Bias Is the Real AIDanger (2017)
by John Giannandrea in Technology Review
![Page 29: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/29.jpg)
Kate Crawford - PopTech2013 - Camden, MEby PopTech
People worry that computers will get toosmart and take over the world, but thereal problem is that they’re too stupid andthey’ve already taken over the world.
Article: There is a blind spot in AI research (2016)by Kate Crawford in Nature
![Page 30: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/30.jpg)
Isaac AsimovPhilip K. Dick by PeteWelsch
Arthur C. Clark by ITUPictures
![Page 31: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/31.jpg)
Book tips
Weapons of Math Destruction by Cathy O’Neil
QualityLand by Marc-Uwe Kling
![Page 32: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/32.jpg)
Quiz time
Do you trust Artificial Intelligence?
� �
![Page 33: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/33.jpg)
Agenda
1 How it already has gone wrong - some Examples
2 Let’s here some warnings
3 What now?
![Page 34: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/34.jpg)
Quadrants of the Dark Side
Intended UnintendedInside ? Bias in model/data, wrong usageOutside Adversarial use ?
![Page 35: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/35.jpg)
Cost of Misbehaving AI
Legal Consequences
Loss of Reputation
Loss of Opportunities
Loss of Money
![Page 36: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/36.jpg)
Roles
ResearchersDevelopersUsersRegulators
![Page 37: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/37.jpg)
Adversarial Attacks - Robustness
possible on all types of data and models!Find, investigate and train on attack vectors.Tools: cleverhans , DeepFool, deep-pwning, FoolBox, ...
![Page 38: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/38.jpg)
Interpretability ⇒ Verification
Model: no black boxes
Data: available and transparent
Interpretability ⇒ Explainability ⇒ Understanding ⇒ Verification
![Page 39: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/39.jpg)
Interpretability - LIME
Introduction to Local Interpretable Model-Agnostic Explanations (LIME) (2016)by Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin in O’Reilly
![Page 40: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/40.jpg)
Introduction to Local Interpretable Model-Agnostic Explanations (LIME) (2016)by Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin in O’Reilly
![Page 41: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/41.jpg)
Reproducibility
Reproducibility ⇒ Testability
In many real-world cases, the researcher won’t have made notes orremember exactly what she did, so even she won’t be able to
reproduce the model.
Article: The Machine Learning Reproducibility Crisis (2018)by Pete Warden
Yet AI researchers say the incentives are still not aligned withreproducibility.
Article: Missing data hinder replication of artificial intelligence studies (2018)by Matthew Hutson in Science
![Page 42: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/42.jpg)
Fairness
Chris Anderson: “with enough data, the numbers speak forthemselves.”
Kate Crawford: "Sadly, they can’t. Data and data sets are notobjective; they are creations of human design."
![Page 43: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/43.jpg)
Confidentiality - Privacy
Privacy + Encryption ⇒ Confidentiality
Differential Privacy
Homomorphic Encryption
![Page 44: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/44.jpg)
Availability
Availability of the processing? Can I DOS a Neural Network?
Availability of predcitions or decisions?
![Page 45: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/45.jpg)
Regulation
GDPR:
"Right to be forgotten"/"Right to erasure""Algorithmic Fairness" and "The Right to Explanation"
White House report: Preparing for the future of ArtificialIntelligenceHouse of Lords report: AI in the UK: ready, willing and able?Bundestag: some talk and a list of experts
![Page 46: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/46.jpg)
Oversight
Human in the Loop?
![Page 47: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/47.jpg)
Accountability
The vendor?
The users?
The AI?
![Page 48: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/48.jpg)
Trust Availability
Testing
Higher LevelTech Problem
Robustness
Ethics
Technical Problem
Reproducibility
Verification
Fairness
Social Problem
Accountability
Privacy
Explainability
Regulation
Confidentiality
Interpretability
A chain of needed properties for trust in AI by Alexander Pospiech
![Page 49: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/49.jpg)
Trust and Agency
Without our trust AI will grow regardlessly.
With the stated advancements AI will have our trust and maywork like expected.
![Page 50: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/50.jpg)
Independent AI Trust Seal
TÜV, BSI, SomeOneNew, whoever
Tools, Standards, Controls, Audits
![Page 51: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/51.jpg)
Transparency Reports
If you provide transparency information about legal requests, whynot about AI?
![Page 52: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/52.jpg)
Physical Security
A neural network is some files on hardware.
Can be copied, stolen, modified, ...
![Page 53: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/53.jpg)
Education
Educate AI basics in school and college
![Page 54: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/54.jpg)
What can you do?
Techies and Non-Techies:
Educate, Warn, Support
Research, Develop
![Page 55: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/55.jpg)
Quiz time
Do you trust Artificial Intelligence?
� �
![Page 56: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/56.jpg)
Thank you for your attention!
Alexander PospiechBig Data Scientist
Data Management & Analytics
inovex GmbH - Office MunichLindberghstraße 3D-80939 München
+49. 173. 31 81 [email protected]�alexpospiech
![Page 57: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/57.jpg)
Conferences and Meetings
Specific on the Dark Sides:Conference on Fairness, Accountability, and TransparencyFATML - Fairness, Accountability, and Transparency inMachine LearningInterpretable ML Symposium @NIPSNIPS 2017 Tutorial - Fairness in Machine LearningReproducibility in ML Workshop, ICML’18IEEE 1st Deep Learning and Security WorkshopData Ethics workshop, KDD 2014MAKE-Explainable AIAdvances on Explainable Artificial Intelligence
Generic on AI:AI for Good Global Summit
![Page 58: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/58.jpg)
Conferences and Meetings
General on Security:CCCDefConSHABlackHat
![Page 59: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/59.jpg)
Research Groups and Organizations
AI specific:AINow - A research institute examining the social implicationsof artificial intelligenceEvolving AI Lab, University of WyomingOpenAILabSixEFF on Artificial Intelligence & Machine LearningEFF - AI Progress MeasurementEvalAI - Evaluating state of the art in AIEvadeML - Machine Learning in the Presence of AdversariesAdversarial Machine Learning, Università degli Studi diCagliariSunBlaze at UCBDiskriminierung durch KI (Künstliche Intelligenz) (DiKI)Algorithmische Gegenmacht
![Page 60: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/60.jpg)
Research Groups and Organizations
General:Human Rights Data Analysis GroupAlgorithmWatchNetzpolitik on Predictive Policing
![Page 62: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/62.jpg)
Classes
CS 294: Fairness in Machine Learning, UC Berkeley18739 Security and Fairness of Deep Learning, CarnegieMellonAdversarial and Secure Machine LearningIEEE’s Artificial Intelligence and Ethics in Design
![Page 63: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/63.jpg)
Themensammlung
Netzpolitik on Predictive PolicingEFF on Artificial Intelligence & Machine LearningEFF - AI Progress MeasurementEvalAI - Evaluating state of the art in AI
![Page 64: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/64.jpg)
Github with Lists
Machine Learning for Cyber Security AwesomAwesome Adversarial Machine LearningIntroduction to Adversarial Machine LearningAwesome AI SecurityThe Definitive Security Data Science and Machine LearningGuideAwesome Machine Learning for Cyber Securityawesome-ai-privacyMachine Learning Ethics ReferencesFairness in Machine LearningToward ethical, transparent and fair AI/ML: a critical readinglist for engineers, designers, and policy makersAwesome Interpretable Machine Learning Awesome
![Page 65: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/65.jpg)
Github with Code
Interpretability:H20.ai: Machine Learning Interpretability (MLI)Explanation ExplorerInterpretable Machine Learning with Pythoniml: interpretable machine learningML Insights
Fairness:Comparing fairness-aware machine learning techniques.Themis ML - Fairness-aware Machine Learning
![Page 66: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/66.jpg)
Blogs
a blog about security and privacy in machine learningMLSeccovert.io security + big data + machine learningData Driven SecurityAutomating OSINTBigSnarfSecurity of Machine Learning
![Page 67: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/67.jpg)
Videos - general
Youtube: Stephen Fry describing our future with artificialintelligence and robots34c3 - Beeinflussung durch Künstliche Intelligenz34c3 - Deep Learning BlindspotsSHA2017 - The Security and Privacy Implications of AI andMachine LearningYoutube - DEF CON 24 - Clarence Chio - Machine Duping101: Pwning Deep Learning SystemsYoutube: Do You Trust This Computer?TED - The era of blind faith in big data must end
![Page 68: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/68.jpg)
Videos - specialized
[HUML16] 06: Zackary C. Lipton, The mythos of modelinterpretability"Why Should I Trust you?" Explaining the Predictions of AnyClassifier, KDD 2016Interpretable Machine Learning Using LIME Framework -Kasia Kulma (PhD), Data Scientist, Aviva
![Page 69: Dark Side of AI/ML · ImageRecognitionManipulation-Notsotrippy Goodfellow,IanJ.,JonathonShlens,andChristianSzegedy. "Explainingand harnessingadversarialexamples."arXivpreprintarXiv:1412](https://reader035.fdocuments.net/reader035/viewer/2022071218/604f39fceb20b933064cc14f/html5/thumbnails/69.jpg)
Adversarial Attack Competitions
MNIST Adversarial Examples Challenge
NIPS 2017 Competition: Non-targeted Adversarial Attack