Researchers at the Massachusetts Institute of Technology (MIT) have developed a technique for tricking text-analyzing artificial intelligence (AI), Wired reported Feb.23.
Researchers have noticed that a slight change in a phrase, understandable to a person, can deceive AI. They developed an algorithm to replace words with synonyms and trick the AI's recognition text. The nuance is that the attacking algorithm itself uses AI to select synonyms.
As an example, the phrase "The characters, cast in impossibly contrived situations, are totally estranged from reality." ("Characters played in incredibly contrived situations are completely out of touch with reality"), which is a negative review of the film.
If we replace the words in it with synonyms, then the phrase "The characters, cast in impossibly engineered circumstances, are fully estranged from reality" ("Characters played in incredibly skillful circumstances are completely divorced from reality"), then the AI considers the review positive.
Other types of AI systems can also be deceived; in this case, the vulnerabilities were mainly demonstrated in image and speech recognition systems.
The researchers noted that such subtle data corruptions can deceive AI and be used to attack systems, which is becoming significant as AI spreads in the fields of finance, healthcare, and others.