OpenAI’s state-of-the-art machine vision AI is fooled by handwritten notes
Researchers from machine learning lab OpenAI have discovered that their state-of-the-art computer vision system can be defeated by tools no more sophisticated than a pen and a pad. As illustrated in the image above, simply writing down the name of an object and sticking it on another can be enough to trick the software into misidentifying what it sees.
“We refer to these attacks as typographicattacks,” write OpenAI’s researchers in a blog post. “By exploiting the model’s ability to read text robustly, we find that even photographs of hand-written text can often fool the model.” They note that such attacks are similar to “adversarial images” that can fool commercial machine vision systems, but far simpler to produce.