Adversarial Examples that Fool both Computer Vision and Time-Limited Humans
This addresses the fundamental question of human susceptibility to adversarial attacks in vision, with implications for AI safety and cognitive science.
The paper tackled the problem of whether humans are vulnerable to adversarial examples like computer vision models, and found that adversarial examples that transfer across models also affect time-limited human classifications.
Machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich. However, it is still an open question whether humans are prone to similar mistakes. Here, we address this question by leveraging recent techniques that transfer adversarial examples from computer vision models with known parameters and architecture to other models with unknown parameters and architecture, and by matching the initial processing of the human visual system. We find that adversarial examples that strongly transfer across computer vision models influence the classifications made by time-limited human observers.