How to steal the mind of an AI: Machine-learning models vulnerable to reverse engineering

Amazon, Baidu, Facebook, Google and Microsoft, among other technology companies, have been investing heavily in artificial intelligence and related disciplines like machine learning because they see the technology enabling services that become a source of revenue. Consultancy Accenture earlier this week quantified this enthusiasm, predicting that AI "could double annual economic growth rates by 2035 by changing the nature of work and spawning a new relationship between man and machine" and by boosting labor productivity by 40 per cent. Certainly things could work out well for Accenture, which a day later announced a partnership with Google to help companies deploy Google technology like machine learning. It's as if the global services firm has a stake in the future it foresees. But the machine learning algorithms underpinning this harmonious union of people and circuits aren't secure. In a paper [PDF] presented in August at the 25th Annual Usenix Security Symposium, researchers at École Polytechnique Fédérale de Lausanne, Cornell University, and The University of North Carolina at Chapel Hill showed that machine learning models can be stolen and that basic security measures don't really mitigate attacks.