Many AI researchers think fakes will become undetectable

Rishi Sunak is Britain’s prime minister. If some advertisements on Facebook can be trusted (which they cannot) he also appears to be flogging get-rich-quick schemes. One such advert shows Mr Sunak endorsing an app supposedly developed by Elon Musk, a businessman, into which viewers can make regular “savings”.

The video is fake. Generated with the help of AI, it is just one of 143 such advertisements catalogued by Fenimore Harper Communications, a British firm, which ran in December and January. It is not just those in the public eye who can have their likenesses used for dubious ends. In June 2023 the Federal Bureau of Investigation in America warned the public of “malicious actors” using AI to create fake sexually themed videos and images of ordinary people, in order to extort money.

How to detect such trickery is a live topic among AI researchers, many of whom attended NeurIPS, one of the field’s biggest conferences, held in New Orleans in December. A slew of firms, from startups to established tech giants such as Intel and Microsoft, offer software that aims to spot machine-generated media. The makers of big AI models, meanwhile, are searching for ways of “watermarking” their output so that real pictures, video or text can be readily distinguished from the machine-generated sort.

But such technologies have not, so far, proved reliable. The AI cognoscenti seem gloomy about their prospects. The Economist conducted a (deeply unscientific) straw poll of delegates to NeurIPS. Of 23 people asked, 17 thought AI-generated media would eventually become undetectable. Only one believed that reliable detection would be possible. (The other five demurred, preferring to wait and see.)

Detection software relies on the idea that AI models will leave a trace. Either they will fail to reproduce some aspect of real images and video, or of human-generated text, or they will add something superfluous—and will do so often enough to let other software spot the error. For a while, humans could do the job. Up until about the middle of 2023, for instance, image-generation algorithms would often produce people with malformed hands, or get the numbers wrong on things like clock faces. These days, the best no longer do.

But such telltales often still exist, even if they are becoming harder for humans to spot. Just as machines can be trained to reliably identify cats, or cancerous tumours on medical scans, they can also be trained to differentiate between real images and AI-generated ones.

It seems, though, that they cannot do so all that well. Detection software is prone to both false positives (wrongly flagging human content as generated by AI) and false negatives (allowing machine-generated stuff to pass undetected). A pre-print published in September by Zeyu Lu, a computer scientist at Shanghai Jiao Tong University, found that the best-performing program failed to correctly spot computer-generated images 13% of the time (though that was better than the humans, who erred in 39% of cases). Things are little better when it comes to text. One analysis, published in December in the International Journal of Educational Integrity, compared 14 tools and found that none achieved an accuracy of more than 80%.

If trying to spot computer-generated media after the fact is too tricky, another option is to label it in advance with a digital watermark. As with the paper sort, the idea is to add a distinguishing feature that is subtle enough not to compromise the quality of the text or image, but that is obvious to anyone who goes looking for it.

One technique for marking text was proposed by a team at the University of Maryland in July 2023, and added to by a team at University of California, Santa Barbara, who presented their tweaks at NeurIPS. The idea is to fiddle with a language model’s word preferences. First, the model randomly assigns a clutch of words it knows to a “green” group, and puts all the others in a “red” group. Then, when generating a given block of text, the algorithm loads the dice, raising the probability that it will plump for a green word instead of one of its red synonyms. Checking for watermarking involves comparing the proportion of green to red words—though since the technique is statistical, it is most reliable for longer chunks of writing.

Many methods for watermarking images, meanwhile, involve tweaking the pixels in subtle ways, such as shifting their colours. The alterations are too subtle for human observers to notice, but can be picked up by computers. But cropping an image, rotating it, or even blurring and then resharpening it can remove such marks.

Another group of researchers at NeurIPS presented a scheme called “Tree-Ring” watermarking that is designed to be more robust. Diffusion models, the most advanced type of image-generation software, begin by filling their digital canvas with random noise, out of which the required picture slowly emerges. The tree-ring method embeds the watermark not in the finished picture, but in the noise at the start. If the software that created a picture is run in reverse, it will reproduce the watermark along with the noise. Crucially, the technique is less easy to thwart by fiddling with the final image.

But it is probably not impossible. Watermarkers are in an arms race with other researchers aiming to defeat their techniques. Another team led by Hanlin Zhang, Benjamin Edelman and Boaz Barak, all of Harvard University, presented a method (not yet peer-reviewed) that can, they say, erase watermarks. It works by adding a dash of new noise, then using a second, different AI model to remove that noise, which removes the original watermark in the process. They claim to be able to foil three new text-watermarking schemes proposed in 2023. In September scientists at the University of Maryland published a paper (also not yet peer-reviewed) claiming that none of the current methods of image watermarking—Tree-Rings included—is foolproof.

Nevertheless, in July 2023 America’s government announced “voluntary commitments” with several AI firms, including OpenAI and Google, to boost investment in watermarking research. Having imperfect safeguards is certainly better than having none (although open-source models, which users are free to tweak, will be harder to police.) But in the battle between the fakers and the detectives, it seems that the fakers have the upper hand.

  • Related Posts

    电报下载安全吗

    电报下载 Telegram 是一款消息应用程序,全球有超过 2 亿用户在使用。它提供快速可靠的消息传递和通话,以及大量文件共享选项。您可以使用它创建最多 200,000 人的群组或向无限受众广播。它还允许您按用户名搜索其他用户并创建桌面应用程序。它是想要快速、轻松和安全地进行通信的企业和个人的理想选择。 尽管 Telegram 喜欢投射出坚不可摧的形象,但它并不像它声称的那样安全。虽然它确实提供了端到端加密,但不良行为者仍有可能渗透到平台并共享可能感染您设备的恶意文件。为避免成为受害者,请确保在打开所有下载的文件之前使用防病毒程序扫描它们。 telegram下载 另一项安全措施是使用 Telegram 的“秘密聊天”功能,该功能使用端到端加密对消息进行加密,并降低未经授权拦截的可能性。此外,使用虚拟专用网络 (VPN) 有助于通过在线屏蔽您的真实 IP 地址和位置来进一步保护您的隐私。这可以防止网络犯罪分子跟踪您的活动并确定您的位置。 电报下载安全吗 该平台还以支持多达 200 名参与者的群组对话而闻名,使其成为团队协作和沟通的理想选择。这使其成为企业主的理想工具,他们可以使用该应用程序与员工和客户沟通,以及管理客户服务和营销活动。此外,该应用程序还有多种工具可帮助您简化沟通并提高生产力,包括消息机器人、视频通话、语音和文本聊天以及文件共享。 此外,该应用程序还提供各种可自定义的贴纸和表情符号以添加到您的对话中。它还具有搜索功能,可通过屏幕右下角的菜单按钮访问。搜索功能允许您查找特定的消息或主题。您还可以查看最新更新并下载新主题以自定义您的聊天。 尽管 Telegram 创始人 Pavel Durov 出生于俄罗斯,但该公司与政府没有任何关系。事实上,由于拒绝与俄罗斯当局共享用户数据,该公司在该国被禁。该应用总部位于迪拜,拥有一支多元化的员工队伍,包括来自 30…

    A scientific discovery could lead to leak-free period products

    BLEEDING THROUGH a tampon or pad never makes for a good time. The risk of leaks is annoying and stressful for all women who bleed, and especially for the 20%…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Marvel Studios Has Two Comic-Con Panels This Year, Including One For Deadpool And Wolverine

    • By admin
    • July 16, 2024
    • 0 views
    Marvel Studios Has Two Comic-Con Panels This Year, Including One For Deadpool And Wolverine

    Penalty, Fine, Prison Term: If You Drink and Drive in Pune, Here’s What Will Happen to Your License

    • By admin
    • July 16, 2024
    • 0 views
    Penalty, Fine, Prison Term: If You Drink and Drive in Pune, Here’s What Will Happen to Your License

    Trump assassination attempt: Wall Street CEOs react

    • By admin
    • July 16, 2024
    • 0 views
    Trump assassination attempt: Wall Street CEOs react

    Failed Assassination on Trump Triggers Massive Crypto Gains

    • By admin
    • July 16, 2024
    • 0 views
    Failed Assassination on Trump Triggers Massive Crypto Gains

    Innovation—A New York State of Mind

    • By admin
    • July 16, 2024
    • 1 views
    Innovation—A New York State of Mind

    Stocks making the biggest moves midday: DJT, M, GS, COIN

    • By admin
    • July 16, 2024
    • 3 views
    Stocks making the biggest moves midday: DJT, M, GS, COIN