Researchers from George Mason University have demonstrated a way to manipulate artificial intelligence (AI) models by altering a single binary digit in their memory.
This type of attack, named “Oneflip”, targets the stored values, known as weights, that determine how an AI system functions. These values are kept as strings of 1s and 0s in a computer’s memory.
If one of these bits is changed at the right location, it can shift the AI’s behavior without lowering its overall accuracy.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is a Liquidity Pool in Crypto? (Animated)
The underlying method borrows from a known hardware flaw called Rowhammer. This technique involves repeatedly accessing one part of a memory chip to unintentionally change the value of a nearby bit.
The new research focuses this method on memory areas that store AI parameters to adjust the AI’s behavior with just a single flip.
To carry out the attack, an intruder first needs to run some type of software on the same system as the target AI. This can happen through a malicious app, an infected file, or unauthorized access to a shared cloud service.
Once in, the attacker searches for a part of the model’s memory where a minor bit change could be useful without raising suspicion.
A single altered bit does not typically cause major performance issues. The AI still seems to function as expected, so most routine audits will not spot anything wrong. It is this stealthy nature that makes Oneflip especially difficult to detect.
On August 19, Microsoft’s head of AI, Mustafa Suleyman, raised concerns about the rapid progress of AI. What did he say? Read the full story.
