Analysis A Google scientist has demonstrated that OpenAI's GPT-4 large language model (LLM), despite its widely cited capacity to err, can help smash at least some safeguards put around other machine learning models a capability that demonstrates the value of chatbots as research assistants.

In a paper titled, "A LLM Assisted Exploitation of AI-Guardian," Nicholas Carlini, a research scientist for Google's Deep Mind, explores how AI-Guardian, a defense against adversarial attacks on models, can be undone by directing the GPT-4 chatbot to devise an attack method and to author text explaining how the attack works.

Carlini's paper includes Python code suggested by GPT-4 for defeating AI-Guardian's efforts to block adversarial attacks. Specifically, GPT-4 emits scripts (and explanations) for tweaking images to fool a classifier for example, making it think a photo of someone holding a gun is a photo of someone holding a harmless apple without triggering AI-Guardian's suspicions. AI-Guardian is designed to detect when images have likely been manipulated to trick a classifier, and GPT-4 was tasked with evading that detection.

"Our attacks reduce the robustness of AI-Guardian from a claimed 98 percent to just 8 percent, under the threat model studied by the original [AI-Guardian] paper," wrote Carlini. "The authors of AI-Guardian acknowledge our break succeeds at fooling their defense."

AI-Guardian was developed by Hong Zhu, Shengzhi Zhang, and Kai Chen, and presented at the 2023 IEEE Symposium on Security and Privacy. It's unrelated to a similarly named system announced in 2021 by Intermedia Cloud Communications.

Machine learning models like those used for image recognition applications have long been known to be vulnerable to adversarial examples input that causes the model to misidentify the depicted object (Register passim).

The addition of extra graphic elements to a stop sign, for instance, is an adversarial example that can confuse self-driving cars. Adversarial examples also work against text-oriented models by tricking them into saying things they've been programmed not to say.

AI-Guardian attempts to prevent such scenarios by building a backdoor in a given machine learning model to identify and block adversarial input images with suspicious blemishes and other artifacts that you wouldn't expect to see in a normal picture.

Bypassing this protection involved trying to identify the mask used by AI-Guardian to spot adversarial examples by showing the model multiple images that differ only by a single pixel. This brute force technique described by Carlini and GPT-4 ultimately allows the backdoor trigger function to be identified so adversarial examples can then be constructed to avoid it.

"The idea of AI-Guardian is quite simple, using an injected backdoor to defeat adversarial attacks; the former suppresses the latter based on our findings," said Shengzhi Zhang, assistant professor of computer science at Boston University Metropolitan College, in an email to The Register.

"To demonstrate the idea, in our paper, we chose to implement a prototype using a patch-based backdoor trigger, which is simply a specific pattern attached to the inputs. Such a type of trigger is intuitive, and we believe it is sufficient to demonstrate the idea of AI-Guardian.

"[Carlini's] approach starts by recovering the mask of the patch-based trigger, which definitely is possible and smart since the 'key' space of the mask is limited, thus suffering from a simple brute force attack. That is where the approach begins to break our provided prototype in the paper."

Zhang said he and his co-authors worked with Carlini, providing him with their defense model and source code. And later, they helped verify the attack results and discussed possible defenses in the interest of helping the security community.

Zhang said Carlini's contention that the attack breaks AI-Guardian is true for the prototype system described in their paper, but that comes with several caveats and may not work in improved versions.

One potential issue is that Carlini's approach requires access to the confidence vector from the defense model in order to recover the mask data.

"In the real world, however, such confidence vector information is not always available, especially when the model deployers already considered using some defense like AI-Guardian," said Zhang. "They typically will just provide the output itself and not expose the confidence vector information to customers due to security concerns."

In other words, without this information, the attack might fail. And Zhang said he and his colleagues devised another prototype that relied on a more complex triggering mechanism that isn't vulnerable to Carlini's brute force approach.

Anyway, here's how GPT-4 described the proposed attack on AI-Guardian when prompted by Carlini to produce the explanatory text:

There's a lot more AI-produced text in the paper but the point is that GPT-4, in response to a fairly detailed prompt by Carlini, produced a quick, coherent description of the problem and the solution that did not require excessive human cleanup.

Carlini said he chose to attack AI-Guardian because the scheme outlined in the original paper was obviously insecure. His work, however, is intended more as a demonstration of the value of working with an LLM coding assistant than as an example of a novel attack technique.

Carlini, citing numerous past experiences defeating defenses against adversarial examples, said it would certainly have been faster to manually craft an attack algorithm to break AI-Guardian.

"However the fact that it is even possible to perform an attack like this by only communicating with a machine learning model over natural language is simultaneously surprising, exciting, and worrying," he said.

Carlini's assessment of the merits of GPT-4 as a co-author and collaborator echoes with the addition of with cautious enthusiasm the sentiment of actor Michael Biehn when warning actor Linda Hamilton about a persistent cyborg in a movie called The Terminator (1984): "The Terminator is out there. It can't be bargained with. It can't be reasoned with. It doesn't feel pity or remorse or fear. And it absolutely will not stop, ever, until you are dead."

Here's Carlini, writing in black text to indicate that he rather than GPT-4 penned these words the chatbot's quoted output is in dark blue in the paper:

"GPT-4 has read many published research papers, and already knows what every common attack algorithm does and how it works. Human authors need to be told what papers to read, need to take time to understand the papers, and only then can build experiments using these ideas.

"GPT-4 is much faster at writing code than humans once the prompt has been specified. Each of the prompts took under a minute to generate the corresponding code.

GPT-4 does not get distracted, does not get tired ... and is always available to perform

"GPT-4 does not get distracted, does not get tired, does not have other duties, and is always available to perform the users specified task."

Relying on GPT-4 does not completely relieve human collaborators of their responsibilities, however. As Carlini observes, the AI model still required someone with domain experience to present the right prompts and to fix bugs in the generated code. Its knowledge is fixed with its training data and it does not learn. It recognizes only common patterns, in contrast to human ability to make connections across topics. It doesn't ask for help and it makes the same errors repeatedly.

Despite the obvious limitations, Carlini says he looks forward to the possibilities as large language models improve.

"Just as the calculator altered the role of mathematicians significantly simplifying the task of performing mechanical calculations and giving time for tasks better suited to human thought todays language models (and those in the near future) similarly simplify the task of solving coding tasks, allowing computer scientists to spend more of their time developing interesting research questions," Carlini said.

Zhang said Carlini's work is really interesting, particularly in light of the way he used an LLM for assistance.

"We have seen LLMs used in a wide array of tasks, but this is the first time to see it assist ML security research in this way, almost totally taking over the implementation work," he said. "Meanwhile, we can also see that GPT-4 is not that 'intelligent' yet to break a security defense by itself.

"Right now, it serves as assistance, following human guidance to implement the ideas of humans. It is also reported that GPT-4 has been used to summarize and help understand research papers. So it is possible that we will see a research project in the near future, tuning GPT-4 or other kinds of LLMs to understand a security defense, identify vulnerabilities, and implement a proof-of-concept exploit, all by itself in an automated fashion.

"From a defenders point of view, however, we would like it to integrate the last step, fixing the vulnerability, and testing the fix as well, so we can just relax."

Here is the original post:

AI on AI action: Googler uses GPT-4 chatbot to defeat image classifier's guardian - The Register

LAWRENCE For women who are incarcerated and lack access to the internet and other technologies, it can be difficult to navigate an increasingly online world when transitioning back to society. An interdisciplinary team at the University of Kansas has been awarded a grant from the National Science Foundation to expand their employment-related technology education program for women leaving incarceration and Train-the-Trainer program for peer mentors and library practitioners.

The three-year, $1.6 million grant will support Developing Sustainable Ecosystems that will Support Women Transitioning from Incarceration into Technology Careers. KUs Center for Digital Inclusion is leading the project training women leaving incarceration in Kansas and Missouri in digital skills for entry-level positions in the technology sector as well as general employment. The funding also allows the project team to offer workshops for digital navigators, or peer mentors, who have successfully taken part in previous iterations of the program to guide other women now making the switch. Researchers will also partner with public libraries, employment agencies, and jails and prisons in the two states to make the programs sustainable for the future.

We will be able to expand and improve our existing evidence-based technology education program to include a greater number of women, as well as professional organizations, public libraries and workforce centers, said Hyunjin Seo, Oscar Stauffer Professor of Journalism & Mass Communications and principal investigator for the project. These days, if you are not able to use digital technology, you are not able to utilize many services in society, whether cultural, social, civic or others. Women transitioning from incarceration face significant challenges in this area.

Research has shown that employment is a significant factor in reducing rates of recidivism. The project will help women transitioning from incarceration gain employment through a holistic approach. Participants will learn how to navigate online job applications, secure housing and develop job skills. The digital skills trainings will range from introductory to advanced levels and provide participants with skills from competence with office technologies to building websites, online security, coding and other technology career-specific skills. The education content and topics are determined by the project teams empirical research with women transitioning from incarceration as well as co-design sessions with the women and community partners. The project team includes professors, research staff, graduate students, undergraduate students and digital navigators.

The online security portion of this project builds onSeos participation in an interdisciplinary cybersecurity research team that receivedKUs Research Rising grant, as well as her past collaborations with Fengjun Li, KU associate professor of computer science and co-principal investigator.

Jodi Whitt, a digital navigator in the Center for Digital Inclusion, said her experience learning new skills when leaving incarceration inspired her to help women in a similar situation.

Helping other women in the program has given me a purpose in life that I never dreamed would be possible. I want to be an example to other women, that it is possible to learn new skills. I know how important it is to have someone who understands and believes in me. Having that connection and building those relationships is crucial to help empower and build confidence, Whitt said. From experience, I also know learning new skills can help reduce recidivism. There is not a lot of opportunities for job training or employment for formerly incarcerated women. This program helps them gain experience and develop confidence for better opportunities in the workforce.

Dozens of digital navigators, librarians and employment navigators will receive training on mentorship and teaching as well as advanced technology topics. The project team will begin its work with program participants shortly before they leave jail or prison. Another new feature is an ecosystem approach that is designed to build and strengthen capacity of local communities in supporting individuals with justice involvement. Tanesha Whitelaw, one of the programs digital navigators, said it is all too common to lose technical skills during incarceration.

This training is important to this population because you can easily adapt to an environment which doesnt offer any technical skills or employment skills and youre left behind when you are coming back into society, she said. Being able to communicate in todays society requires technical skills. The systemic mechanism of communicating is gravitating toward technology, so this will be imperative for to day-to-day functions.

During the grants three-year life cycle, the program aims to support up to 600 women leaving or recently released from jails or prisons in Kansas and Missouri. During that time, researchers will also conduct extensive research and evaluation of the program. They will conduct interviews and surveys before, during and after trainings to gauge their skill levels, how they have improved, employment rates among participants as well as recidivism rates.

Data will be combined with information gathered from focus groups with public libraries where trainings take place and with other partners to determine which aspects of the program are most effective and what is needed to enable community organizations to continue the trainings after the grant project.

The project, led by the Center for Digital Inclusion in the William Allen White School of Journalism & Mass Communications, willbuild on previous effortstohelp women transition from incarcerationby gaining new skills.KUs Institute for Policy & Social Research manages the grant.

Partners and members of the research team also include:

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.

Continue reading here:

KU project to help women transition from incarceration with training ... - EurekAlert

Dr. Seung-Jong Jay Park has been named Kummer Endowed Chair of Computer Science at Missouri S&T effective Aug. 1.

Park comes to S&T from the National Science Foundation (NSF), where he has served as a program director and managed computer science-related research projects since 2021. He has also served as the Dr. Fred H. Fenn Memorial Professor of Computer Science and Engineering at Louisiana State University since 2004, taking a leave of absence two years ago to support the NSF.

My vision for the computer science department is to provide our students with a world-class education while also conducting research that will help shape and improve the world, Park says. I am excited to work with the amazing students and faculty at Missouri S&T and lead a state-of-the-art department that focuses on technologies including artificial intelligence, cybersecurity, big data and other pressing topics.

Park is an expert in the areas of networking and data-intensive computing. He has conducted research related to big data and deep learning focused on software frameworks for large-scale science applications and cybersecurity development for cloud computing, high-performance computing and high-speed networks.

His projects have received support from federal and state programs including the NSF, NASA, the National Institutes of Health, the Office of Naval Research and the Air Force Research Laboratory. He also received IBM faculty research awards from 2015 to 2017.

Park earned a Ph.D. in electrical and computer engineering from Georgia Institute of Technology. He also holds a masters degree in computer science from Korea Advanced Institute of Science and Technology in Daejeon, South Korea, and a bachelors degree in computer science from Korea University,in Seoul, South Korea.

Park takes over from Dr. Steve Gao, Curators Distinguished Teaching Professor of geosciences and geological and petroleum engineering, who has served as interim chair since September 2022.

Dr. David Borrok, vice provost and dean of the College of Engineering, says he appreciates Gaos service as interim chair, and he is excited to see where Park takes the department.

Dr. Gao is a fantastic leader and has done an excellent job leading this department, he says. Now, Dr. Park will be able to step into this role and take our computer science programs to the next level.

The Kummer Endowed Chair of Computer Science at Missouri S&T was made possible by June Kummer and her late husband, Fred Kummer, a 1955 graduate of S&T. In October 2020, the couple made a transformative $300 million gift to the university and established the Kummer Institute for Student Success, Research and Economic Development.

For more information about Missouri S&Ts computer science department, visit cs.mst.edu.

Missouri University of Science and Technology (Missouri S&T) is a STEM-focused research university of over 7,000 students. Part of the four-campus University of Missouri System and located in Rolla, Missouri, Missouri S&T offers 101 degrees in 40 areas of study and is among the nations top 10 universities for return on investment, according to Business Insider. For more information about Missouri S&T, visit http://www.mst.edu.

The rest is here:

Missouri S&T announces new Kummer Endowed Chair of Computer ... - Missouri S&T News and Research

HANNIBAL (HLGU) The Hannibal-LaGrange University Computer Science Department will be hosting a series of upcoming events for students using the popular LEGO building blocks.

The LEGO Learning Play Date, titled LEGO Nation, will give students the opportunity to learn about and build famous places from across the United States. There will be three dates to choose from July 5 from 10am to noon, July 12 from 1pm to 3pm, and August 2 from 10am to noon. The cost is $30 and will be a fundraiser for the Computer Services Department for CS events in the Fall. It is open to kids who completed Kindergarten and above. The event will be held at the HLGU Partee Center in the Computer Services wing and is limited to 15 participants.

The LEGO Robotics Camp will allow students to build and program an EV3 LEGO robot. It will be held on August 7-11 from 9am to 11am each day. The cost is $100. It is open to students going into 4th grade or older. The event will be held at the HLGU Partee Center in the Computer Services wing and is limited to 15 participants.

To signup for either of these events, email Michelle Todd at mtodd@hlg.edu or call 573-629-3202.

Hannibal-LaGrange University is a four-year Christian university fully accredited by the Higher Learning Commission. The institution prides itself in its traditional and nontraditional educational experience in a distinctively Christian environment.

Read more:

HLGU computer science department to host LEGO Events this summer - The Pathway