'Oneflip' Attack Alters Artificial Intelligence Behavior Without a Trace

This type of attack, named "Oneflip", targets the stored values, known as weights, that determine how an AI system functions. These values are kept as strings of 1s and 0s in a computer’s memory.

If one of these bits is changed at the right location, it can shift the AI’s behavior without lowering its overall accuracy.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Best Crypto Analysis Indicators Explained (Beginner-Friendly Animation)

SUBSCRIBE

ON YOUTUBE

The underlying method borrows from a known hardware flaw called Rowhammer. This technique involves repeatedly accessing one part of a memory chip to unintentionally change the value of a nearby bit.

The new research focuses this method on memory areas that store AI parameters to adjust the AI’s behavior with just a single flip.

To carry out the attack, an intruder first needs to run some type of software on the same system as the target AI. This can happen through a malicious app, an infected file, or unauthorized access to a shared cloud service.

Once in, the attacker searches for a part of the model’s memory where a minor bit change could be useful without raising suspicion.

A single altered bit does not typically cause major performance issues. The AI still seems to function as expected, so most routine audits will not spot anything wrong. It is this stealthy nature that makes Oneflip especially difficult to detect.

On August 19, Microsoft’s head of AI, Mustafa Suleyman, raised concerns about the rapid progress of AI. What did he say? Read the full story.