Science and technology | Digital poisons

It doesn’t take much to make machine-learning algorithms go awry

The rise of large-language models could make the problem worse

2CYCJE0 A visitor looks at Ceci n'est pas une pomme (This is not an Apple) from 1964 by Rene Magritte at Christie's in London February 1, 2013. The artwork is expected to sell for £1M-£1.5M (US $1.6M-2.3M) when it is auctioned at Christie's The Art of the Surreal Evening Sale on February 6, 2013 REUTERS/Suzanne Plunkett (BRITAIN - Tags: ENTERTAINMENT) — This is not an appleImage: Alamy

Apr 5th 2023

The algorithms that underlie modern artificial-intelligence (AI) systems need lots of data on which to train. Much of that data comes from the open web which, unfortunately, makes the AIs susceptible to a type of cyber-attack known as “data poisoning”. This means modifying or adding extraneous information to a training data set so that an algorithm learns harmful or undesirable behaviours. Like a real poison, poisoned data could go unnoticed until after the damage has been done.

Data poisoning is not a new idea. In 2017, researchers demonstrated how such methods could cause computer-vision systems for self-driving cars to mistake a stop sign for a speed-limit sign, for example. But how feasible such a ploy might be in the real world was unclear. Safety-critical machine-learning systems are usually trained on closed data sets that are curated and labelled by human workers—poisoned data would not go unnoticed there, says Alina Oprea, a computer scientist at Northeastern University in Boston.

This article appeared in the Science & technology section of the print edition under the headline "Digital poisons"