On existence, uniqueness and scalability of adversarial robustness measures for AI classifiers

Simply-verifiable mathematical conditions for existence, uniqueness and explicit analytical computation of minimal adversarial paths (MAP) and minimal adversarial distances (MAD) for (locally) uniquely-invertible classifiers, for generalized linear models (GLM), and for entropic AI (EAI) are formulated and proven. Practical computation of MAP and MAD, their comparison and interpretations for various classes of AI tools (for neuronal networks, boosted random forests, GLM and EAI) are demonstrated on the common synthetic benchmarks: on a double Swiss roll spiral and its extensions, as well as on the two biomedical data problems (for the health insurance claim predictions, and for the heart attack lethality classification). On biomedical applications it is demonstrated how MAP provides unique minimal patient-specific risk-mitigating interventions in the predefined subsets of accessible control variables. As formulated in the seminal paper featuring the sparks of artificial general intelligence that are shown by Chat GPT-4, in the last sentence of their paper the Microsoft Research team says that "elucidating the nature and mechanisms of AI systems such as GPT-4 is a formidable challenge that has suddenly become important and urgent" [1]. Importance of getting a better understanding of the nature and mechanisms of the AI is especially underlined by the multiple very spectacular recent examples of the so-called adversarial attacks on AI tools, when very small changes in the input data - practically non-perceptable for humans - could be used for a complete corruption of the AI classification outcomes [2].