 Hello, I'm Chris Demtrak. I am the Grace Hopper chair of cybersecurity at the US Naval War College. I am also the senior cyber scholar with a cyber and innovation policy institute in our strategic studies department. Today, I'm going to give you the second in a series of lectures called the Hopper chair occasional lecture on technology and security. These four lectures are meant to cover the basics of some exceptionally important concepts that you need to know about today. You may not be able to do the things we describe or talk about, but you need to know how they're done. The first lecture was on cybersecurity and hacking. Today's lecture is on artificial intelligence. The next two lectures will cover blockchain Bitcoin and finally quantum. I invite you to listen to what the lecture has today and then send me an email if you want to continue this conversation. I'm always happy to help if I can do it. So let's get started. What I have to say is that everything I say here is a result of my own academic research as a scholar and it is not a statement of the position of the US Navy the war college or the US government anyway. What I'd like to pose at the beginning is a conundrum. I would like to raise it that we can spend all this time working on artificial intelligence machine learning and still have something in which we can say muffin becomes a puppy panda vulture and a tiara becomes a shower. Well, let's explain it. My easy things are hard. As humans, we do things and learn things as babies that reinforce our understanding of what the world is supposed to be like. But we do it so effortlessly that we don't realize how hard it is when I have to program it into a computer to do the same learning. And so we have the following phenomenon. You have this in which a machine learning program gets confused muffin dog muffin dog. Here's one and machine learning is is imminently statistical. So it's going to give you an estimate of its confidence. It thinks it's one thing versus a muffin. And in this case, and this particular program is confidence was that 98% of the time this is a vulture. Here's one of my personal favorites. This particular confidence level is 99.7% of the time. This woman is wearing a shower cap. Well that's amusing but on the other hand there are actually very good things that come out of this. So those of you may remember the Kepler telescope and the Kepler telescope is fantastic and was fantastic in its day and how far out it went from the surface of the earth and what the pictures of space it could take and just send back to us. Well it died a natural death, and the data lived on. And during the time in which it was productive and afterwards, the scientists attempting to see whether or not dips in a particular suns or stars light indicate a passage of a planet at what distance and what size. And so we could find out whether there are what we would call in class planets if you're a Star Trek fan. And also they could make mistakes. It's a lot of time. So they applied machine learning to go check their results and see whether or not they made mistakes. They also could do using the machine learning algorithm they could add secondary features that were hard for humans to keep in their mind, right taken to account. And when they ran these programs these algorithms, they found new planets that hadn't been seen before. This is a bit of a habitable habitable planets. This is a major contribution. Tons of science and scientific data that can be reinvestigated for information, because the machine can keep of the algorithm can simply keep track of many more conditions and compare them, right, can learn to compare them. And that's artificial intelligence. Right. I like this definition. It's a branch of computer science that studies the properties of intelligence by trying to synthesize intelligence and this is important. There is no great wall between cyber or what we call side, we call cyber cyber security and artificial intelligence, right artificial intelligence is what I call cybers offspring. And one of the difficulties I will address later is exactly that if you're the offspring you tend to inherit some of the difficulties that come from the cyberspace substrate, as we already know it. It's a bit of history here. In the 1950s. It was named artificial intelligence by man named John McCarthy was a mathematician to Dartmouth, and he was just interested in what was at the time called automotive theory, basically. It was basically a way for people to try and automate the things that they could automate. And nobody liked the name artificial intelligence, but they had to use something and something to distinguish it from cybernetics at the time. Right. And that required that you have a name. And for him, he didn't like it, but he said, I got to use it. In 1956, McCarthy had gathered three colleagues, and they became the big four and artificial intelligence, and you know that each of them were very positive about this thinking machine they were going to try and create. And the three of them will for them together created now it's called the big four and AI right Stanford, MIT, and, and everything that. So excuse me and Carnegie Mellon. Everything that we know about artificial intelligence in many respects, walks through the halls of one of these four today. These are the folks that started the first AI spring thing. Very soon, we will substantially solve the way people even think. They're going to build a machine within a decades of McCarthy they'll be capable within 20 years of doing any work that man can do within a generation said Minsky will substantially solve the problems of artificial intelligence. And this was in the 1950s and early 60s. So by 1980s, all of this would have been and should have been solved. Discovered by the 1970s that all those easy things are really hard to design a machine to do. It's simply not that easy to simulate intelligence. In fact, I, the concept of AI itself had to change over time. So we find that it, you know, it got very, very popular and then didn't didn't succeed in what it wanted to do so they call this the spring and then this is AI winner. And then it got very popular again in the 80s and didn't succeed. So then we go back into AI winner. The original artificial intelligence was what we call symbolic. The rules. The presumption was that we do what's called semantic reasoning. We build something and all things in this building have to be read there's a rule it must be read it must be straight it must be but you can, you can actually in a human way read it. It was a small group of people said if you're going to mimic human intelligence then the thing you got to mimic is the brain. And those folks starting with a man named Rosenblatt who worked actually for the Office of Naval Research. He called it a perceptron, you have to build a perceptron. And his interests, which was a very low level and very low funding was on how do you use statistics and mathematics to reproduce the way the brain is calculating data and taking in images perceiving it. And then coming out with a command to the rest of the body. So, that form of artificial intelligence called sub symbolic. Top of the long, roughly replicating the, you know, the other larger body of artificial intelligence, and it couldn't get a purchase until two things happened. Data and computing power. But that second stream actually began to take over by the 1990s and another winter. And when the data and computing power showed up. This is what we know is artificial intelligence today. The first one still exists. Expert systems, otherwise, but it isn't the dominant concept of artificial intelligence. So symbolic artificial intelligence. We have to understand it as well that was rule based, and it went in its dominance came straight out of computer science. And you can read the rules, you can understand the rules. And in the 1980s, the peak of this was when human experts were asked to make rules for computer programs. And there's a whole diagnosis if this then that if go, you know, there's a famous example of the rules is called the missionaries and cannibals puzzle which is kind of fun. It, it, this has logical code, you can read the code and basically the game is the program is to solve how to get all six of these folks across on one boat to the other side. At the same time, can there be fewer missionaries than there are cannibals or they will eat the missionaries and use this. So we've all played this game and other names and other forms. And what happens is the program, you can read the program, it's very obvious, you know what choices it's making, and you can choose you can say okay I'm going to play it through with two persons in the boat and play through the three persons in the boat and watch you go back and forth and see what happens. What artificial intelligence was understood to be and broadly in a dominant way until the 1990s. And you can even watch it happen it can give you a picture of this is a picture of a solution and how you get all six of them over from six of them here to six of them there, and nobody eats anybody. And some symbolic artificial intelligence said no no no, it, it, the brain is a series of ones and zeros that neurons stimulate that's a one or they don't. Another way to put it is they activate known neuron activates sends an electrical signal to the next neuron. That's a one, or it doesn't do anything and that's a zero and that is perfect for equations. And this is what led us to what we do today called neural networks. And so it works like this just like your brain you get input, it runs through a bunch of layers gets to an output and at that point the output is instructing some other part of your body to do something, or it is storing the data somewhere for you to access it later. In particular, computing, remember big data that may occur fluffle of that big data, big data comes along computing power massively increase in the 2000s. And by the middle 2010s, you have major corporations using neural net learning and this form of artificial intelligence, and thereby indicating it's a successful path for everyone else. There's a sort of light that flipped on somewhere in the 2010s, where everyone went from, oh, artificial intelligence yeah. Oh, artificial intelligence. Oh look, there's a lot of things I can do with this of which machine learning of course is a major player and machine learning is integral to this. So, if you did original artificial intelligence as a computer scientist, you needed to know math but you didn't have to really know math and those statistics and and equations vector, vector analysis, matrices are in all those things. If you're now doing artificial intelligence and you're doing it in neural networks you absolutely must know these things. You have to understand what's going on mathematically to understand the outcome. So early on the researchers focused on probability theory and statistics to help machines learn. But early on they already knew that's what they had to go but they didn't have the computing power. In 2015, Google's deep mind Alpha go a machine learning program using a particular Monte Carlo technique. They include these things so that if you know what it means you can understand what we're trying to and reinforcement learning basically does a deep neural net Q learning table and I'll explain that in a moment. And it finally beats a world champion at the game of go. I don't know if you know the game of go but you, it's that it looks like a checkerboards, and then you just move stones on there and the desire is the objective is that you cover the entire board with your stones, using a very simple set of rules and it has an infinite choices of moves. So the computer basically learned how to do those moves. The key for neural net learning is that it doesn't have just one flavor. So neural net learning comes in three main flavors, supervised unsupervised and reinforcement. So supervised is the best known and the best developed of the three in supervised basically a neural net learning. You have a pile of data that's already labeled. We already know this is a cat and a dog because generally humans have done it. So pile of data that's not labeled at all. But you know that you are going to have to figure out how to parse that second pile of data that's your real world data into what looks like the first pile of data. So you have to teach the machine to recognize what is labeled so you take the data that you have already labeled. And you run it off and you run it through a model. And the model attempts to guess just like your eyes do when you see input coming in the model attempts to guess statistically, whether it's a cat or a dog or, or a giraffe or attack. And it convoluted it's called a convolutional network, it runs through these manipulations to break it down to make that guess. And so it comes to a conclusion it does a statistical analysis at the end as well. So I think it's 90% a dog or this is, you know, 70% a cat 30% a giraffe and you know 0% or 10% you know hot dog. The model then you compare that result with the accurate the true nature of that data because you knew it from the beginning just at the label if you're just training machine, and you see that it labeled it as a cat but it's a dog. And then you go back and you change the model and say try again, and you iterate and you iterate and iterate until you finally get in the supervised version. And the supervision means you are supervising the result and, and you give it guidance to get it back, get it to the right supervised answer. And it when it looks like it can pretty readily figure out if it's a cat or dog or giraffe or hot dog, you then put it on the train the test data. And in the test data, you, you give it unnamed data, again, and just say give it a try. If it doesn't work on the test data you go back to the training data and you work again and training, then you hit it again on the test data. And that's why you iterate between them. And then finally you set it out on the real world when you it's met whatever standard you think is acceptable, you know, 99% of the time it will get the dog right and the cat versus the giraffe. And that's supervised learning machine learning and the CNN here stands for convolutional neural networks means you're floating through them. And that's why we're focused on visual identification of images. And unsupervised means you take up the training data is a pile of data, and it doesn't know what it is. It's also not labeled. So what you want the model to do is to take that data and cluster it. It goes later, but cluster it accurately. So in the training data, you already know roughly what clusters should be there but you may not know which particular item belongs to that cluster. So again it goes through the convolution and it clusters them as these look like things that belong together, and then you go and you'll have a some way to look at the clusters and go yeah that makes sense. The clusters make sense you run it on the test data, same cluster show up the same model shows up with the same clusters. And again you go through this iteration to figure out whether the clusters are something that makes sense to you. And I'm going to talk about that, that one of the proof of product if you will or process in 2012 and a team at Google constructed a multi layer neural network with over a billion wait a billion, and let it just make some calculations across YouTube videos for a week, and it taught itself to recognize cats and classify cats. It tells us something about how many cat videos there are on the internet. So the third one is reinforcement and this one is different, because the correct answer is the correct action. So you've got to give the program a reward for but randomly picking the right action. And so it has many many iterations where the program just picks whatever you know reaction at once or action at once. And it gets more accumulated into what they call learning episodes through and over and over and over again. And then at some point, because it accumulates rewards, it's more rewarded for this and then it randomly does a bunch of stuff. And it does this action again it gets more rewarded, and it notes, these rewards. It learns that doing this action keep moving this way and this way gives it's more rewards, and therefore it learns to make it. It's a great place that you wanted it to do because you set up the rewards, and you set up the punishment if it doesn't make it right for words and reinforcement learning is, is just really a great interest now. And it's critical for automation and in robots and anything that will be autonomous. This doesn't have to be this hardcore separate you can have programs that at some point use one the other or the third at any time. This is a nice chart. And I, the one of the reasons I give these talks is you can stop the video now and you know spend a little more time looking at the chart I give you sources at the bottom. It's a very nice chart because it really runs through the three of them and says, you know, what is it that you need to do them. Every time you hear about curating and labeling data, it's about supervised learning. And every time you hear about just curating later data but it's not labeled. It's going to be super unsupervised and of course reinforcements pretty straightforward about how to reward things. And of course this has other descriptions and whether or not, you know, anyone's actually supervising this line. Now, computer vision is what I'm focusing on here because it's not only part parcel of robotics in the future but it also really captures what we're talking about in terms of artificial intelligence. Remember the perceptron, remember the perceptron, we met back in the 1960s. It was supposed to just recognize something against the standard and say yeah this is it or not. But one of the challenges that came about in that early days was how do you recognize handwriting and who would care about that the US post office that had to have thousands and thousands of people who are leading you know handwriting. And basically figuring out whether or not, and that number would make any sense at all. So here is one of the early efforts to try and make that make sense, and that. Okay, you know summarize the weights but you could also had some difficulties making it through. But when you add a neural network. And breaking this down into pixels and not and the weights are iterated here in in these intervening layers and I'm going to show you how that happens in a moment. And then you can make the statistical analysis about whether or not you, you have a seven or a one or an eight. And whether or not you have any of these numbers so you can start making good guesses. Let's walk through that for a moment. Let's walk through how a neural network actually replicates what we see in the brain. And that's extremely important that that we have a way to capture the brains neurons and the order in which they worked, because this is how we see. So the first thing you need to know is that our neurons activate or don't activate. That's it, and the activation mechanisms are quite simple at the edges. So out here on the edges we have neurons that activate if what they see is a vertical line, or a horizontal line or a slanted line. So what's coming through to this whole set of neurons is this only the ones that would activate on a vertical line, activate, and they send back the information just saw vertical line. And so the next row of neurons gets the information they saw in a vertical line but another set that will only activate on a say a horizontal line also activated and said but I also saw a horizontal line. What you see is the next set of neurons are similarly specialized. There are those who in a sense only activate if the vertical line and the horizontal line come like this, and what we call a T bone, and others only activate if they come like this like a T, and others only activate only if they come like this as a slant. And so the simple shapes activate when you get the right simple shape is then sent back to the next row and the next row only activates if it's a square, or a circle or a W frame or and you start adding in the fee the complexity that activates the next next set of neurons. And by the time you get to the end, we have whole pictures of things that we've stored in our brain, and we've said, Okay, that's a house. And by the way the word is usually given to us by others, you see this darling and we're babies. This is a house. And so when we see all those edges, and they accumulate into that complex item, our brain goes, That's the house. And we store that and after a while we consider completely simple to understand what things are, because we've stored this array of activate activate activate into faces and objects so now how do we make a computer do that. So let's take this example here's a dog. And we want to find out whether it's a dog or a cat we want to have a certain confidence whether it's dog or cat and this is the model. This is what's called the model. And so at the very beginning we break it up into vertical edges, or, or horizontal edges, and the way you often have that you take a set of pixels, and you decide light and dark. And the difference between light and dark will tell you what direction that input is, and you start doing exactly what we do with the brain you convolutionally add in more information. And you start calculating the odds that this is something. This is a hole. This is a hole that has this format, and you get to a classification module, and you have, you put out the conference is done or cat. So let's look at this again. So I just take the pictures of pixels of that dog. And I start making guesses. If it's if the filter says, I want a vertical or I want a different shape, then it will basically put negative numbers, or two high numbers either negative or two high numbers in the pixels that don't match whatever that requirement is. So for just out of convention, for example, black is given very low numbers, and white is given very light colors are given very high numbers. So if this pixel is a lot of white, it's going to get a high number. It's got a lot of black it's going to get a low number and then my filter is going to make it positive or negative or neutral according to what form. That filter is looking for. And that's all going to add up to the next round of arrays, and to a positive or negative number saying this is more likely to be part of a white part or a black part. And then you start basically creating the array. So here's a good example. Here is a receptor that's looking for a vertical edge. Remember that white has very high numbers and black is very dark numbers. So this is what it sees white, a lot of high numbers, black. I mean, black is low numbers for darkness, low numbers. And that's what it's looking for so it's looking for that edge. Right, so it's going to wait things according to exactly this filter and it's going to wait both of them according to that filter and it come up with a number. Well as it turns out this is a vertical edge we can see that easily. The machine can't see it, but the weights tell us whether or not it is and look it is a high number there's a good chance there's a vertical line there. And this one is a low number is a good chance they're just nothing there it's just low and dark right so it's not a big white black difference that allows us to see a vertical line. And you just start adding them up. So here's looking for verticals and over here we're now looking for horizontals and this is looking for slack slants. And you add them all up and you start adding, then you add in other color arrays to that you add in depth of this, and you add height and depth and bring it again out to a number and goes into the next array. And that's what the convolution about is you just adding in these informations as you build a terrain map of that picture you build a terrain map of that picture into a matrix. And this is a model. So whenever people say oh I'm working on my model my model works my model doesn't work. This is the model. So here's the input. And then the intent is that I give you a, a, an assessment whether what percentage of confidence I have it's a car a truck of an or a bicycle. And it iterates through all of these convolutions and the important point here is not a single thing here is not specifically designed is no magic in here in that regard. The filters that developer makes the filters, the developer, you know, pics which the pixels that they're going to point, you know where they're going to move it how they're going to move it. And it designs this entire system. And until it gets to this classification which is classic regression and then it takes the odds that it's along a particular line or not a particular line therefore it's more car like or more bicycle like it iterates this is all statistical manipulation. And if it fails at the end. It is a developer who is working on their model. Who has to go back in here and change the filters and alter them so that it iterates forward. It's better, it's better to identify a carbon that good enough. Okay, go back in change the filters iterate for so all of this model is something someone is constructed, and then runs those calculations and sees what the outcome is. And that's why label data is so important, because the way you know your model is wrong is that you get the wrong label so it's a tendency to use supervised data. And that's why it absolutely matters how accurate the labels are on that data. So you can you iterate through, you're not making mistakes. Right. So, these are models, once they're done. This is what you read about or hear about people putting model library so once they're done, not just you but you might want someone else to be able to recognize from this a car or truck or a van. You want to put your model somewhere where it can be used again and again now they're not always generalizable. But at least if you've gotten it right on this set, this category, then, you know, you want to save it and find other ways to use it of course if you want to turn it on, and use it on the real world, you need to make sure you've got iterated so that other people use your model numerous times you have a must much better chance that they will also clean up errors. Okay, so let's look at an AI enabled vehicle damage assessment so here's what it looks like. Here's first identifying this looks like this could be something for us to look at. Here we are and now we see what they're doing so the AI is now predicting what it could be. This looks like a dent and it says dent and then it says, hmm, this looks like a dent. Hi, good chance that's a dent. This, which one is it. This one looks broken. Yeah, definitely broken broken very high and again it's getting statistical response. It's statistical assessments. And this is a scratch but now it's not sure he said dirt. Is it a scratch. So it says, well, you know, medium. Okay. And then of course if you're the rental company, you just look for high and you say hi and it costs that much and therefore I will fight you to make sure you pay for the mistake or the error, where if you eat him or law is like, Oh, well, maybe I won't fight you for it. Right. So it's an assessment. Now here's an interesting picture because it is really obvious to us what's going on. You see what you see. But the difficulty with this picture is the program can't tell what's going on at all. If the program has never seen a dog with a leash that's dropped on the ground, it might not recognize this as a dog. It might not recognize the differences in the white as part of the dogs fur might not recognize that this is a person because of a backpack who seems to have come from a place. It might not, it might simply absolutely not recognize what's going on, and certainly not the emotions was very complex and very difficult often to get this sort of thing to work. So let's move on. And, ah, here's another good one. So sometimes a computer, the model will learn something, but you don't know what it learned, or you wanted to learn specific things. One of the things you do is you box the box and you tell it, tell me what you're seeing. And so when it says I'm seeing a dog here, it goes in and boxes in the dog that it's seeing so it hasn't inadvertently interpreted the horseback here as a dog. And it says no, no, this is the dog and here's my percentage and you know, here's the human and here's the car, and you know, here's the person, and so on. You want it to do that here's another example of that so here's vehicle detection so it's boxing in what it sees as vehicles it's telling you that's what they are. And now you say no no no I would like you to find me a truck. So now it's telling you from its perspective. It's found trucks. Okay, well, in this case it looks like an SUV is a truck, but we'll leave it at that. This kind of met me tell you tell me what you actually think is happening is extraordinarily important in this business, because you have this kind of situation well it's clearly a truck you see it's a truck I see it's a truck. And this is an example of where it went disastrously wrong. When Tesla was training its cars to recognize things one of the things it, it never trained, and is basically a car coming to an intersection with a truck moving in front of the car, and the side of the truck was completely white. Those trucks have some kind of logo or something right some distinction but it was a huge truck, and the side was completely white. The car, the model of identification in the car did not include the possibility of something like that being in front of it so when it, it identified what it saw as basically white. So what interpreted that is free space ready to go and it literally drove at high speed into the side of the truck and killed the driver. Now, yes, the driver was not supposed to be sleeping or paying no attention to the driving, but after all, that auto driving is part of Tesla sells in its cars. So the individual was violating the rules of engagement, but nonetheless it did show that the car itself couldn't actually figure out an edge case where it hadn't seen that before. Some other examples let's let's talk about reinforcement learning for a little while. So reinforcement learning is really interesting. It is harder than you think that any of us think to train a robot to reach into open space and pick up something. We just do it we look at it you know we gauge the distance we've done it from baby hood on but if you remember babies reach for things and I just miss them. And so think of our own reinforcement learning I want that cup, I want it and we finally get it right. So this is a picture of, you know, reinforcement learning of this particular set of legs. And that was, you know, and it's actually a very great video it's it's very interesting to watch is not dancing video from Boston Dynamics but it's, it's nice to watch and I give you the source down below but let's talk about what it really means. So let's take a pretend dog and by the way underneath you'll see me citing a particular book and I highly recommend it. I don't think you can actually see it easily from here but it's not the bottom on my screen. It's a Mitchell's book on artificial intelligence called a guy for thinking humans. They're really nice thing about it is intensely readable and if you're not mathematically inclined. It has, it certainly has the mathematics you need to kind of understand things, but it absolutely for the normal person. It's a really great read and I a lot of my examples come from it too. So if you want to, you know, dive a little bit deeper it's a great book to do that. So here's Rosie the similar dog, and it what its goal is is to go kick the ball. So there's only three jobs it can possibly do can walk forward, walk backwards, or kick. That's all it can do. It can't do anything else. So on any given moment, it randomly chooses to walk forward or walk backward and or kick. Those are the only things it can do. If you prefer it to learn. It needs a way to see what happened when it made a choice. So, when the program makes a choice to walk backwards. It has to store it somewhere and it's called a queue table as a side note. They were going to use V table for value, but it was already taken in other programs and so they called it a queue table. Rosie is just iterating around so here's iteration one is two is three and here's iteration 351 goes back and forth maybe the next time back and back and then maybe forward and forward and forward and kick back forward forward kick kick forward forward it just randomly picking things. It has no reason to make one choice or another, and this is noted. This is the state Rosie doesn't necessarily know the state. It only knows at the moment that it's going back and forth and back and forth. At some point in this iteration 351. It's wondered all over back and forth back and forth kick back for whatever. It gets to zero steps from the ball and at that moment for no particular reason, it just randomly picks kick, and it kicks the ball. At that moment, it's given 10 points as a reward. Now, Rosie starts again in another learning episode back for back for but when it gets to zero steps away from the ball and when it checks its table, zero steps away, it can choose to go forward can choose to go back, or can choose to kick. It also says you will be rewarded if you hit kick. And when it learns that to the next one. Okay, zero steps away. And when it learns that it also learns that one step away. There's a reward. So you hit 10 here in your cue table it says one step away if you went forward, you get eight points. And so on. Maybe you've designed this mimits is all designed on two steps away if you go forward you'll get six points and this point. If you are four steps away, etc. And so, at some point it randomly runs around and it gets into this zone where it's within five steps of the ball. And now in the cue table. It actually has rewards, if it makes one choice over another, and that's the reinforcement part. So otherwise it's just random. Now, clearly, this is too simple for any of the things that we've been seeing in the robots. And so cue tables are actually not this interesting straightforward chart like I'm showing you. These are actually neural nets, making calculations, calculating, and following the data that's been provided by the randomness, and then calculating the odds that reward is doing this versus doing that. And so these are very complicated phenomena. Now, and not this, but this is the, this is the basics of it. This is the basics of it. I want you to note that, you know, when Rosie in the second learning episode episodes are how many iterations you're just going to let her run around. No, 878 episodes Rosie finally got to the ball. So at this point. Here we have one step away. Right. One step away it shows forward. Because over here, one step away forward gave you eight. And this is the basics of reinforcement. So now let's take it to pull it back to the whole concept of how accurate is any of this stuff and what happens. So one of the difficulties is particularly in supervised learning is, I'm going to check the results of my model against labeled data. And I want to train my model and I think my model is really good at this particular mission, but I need to train it, and I need many, many, many, many thousands of pieces of data that are labeled but what if they're wrong. So what we have, for example, is a massive database that is used by a great number of people to train their models called C for net and in that research has found that a frog was labeled as a cat. Image net is another big one. They found a lion labeled as a monkey dock labeled as a paper towel, etc. Quick draw is a collection of 50 million drawings, 345 categories, and yet the error is a light bulb is a tiger and apples a t shirt. Right. And look over on these ones you know, these are in these, these images, these, excuse me in these labeled image databases, right. This is a person cat that clear to you me this is a syringe. This is a lighthouse that's obvious. Of course, this is a toucan. And here's our digital clock. Right. So, at the end, in totals researchers found, you know, six to 10% are errors now think about that. Training my model, and I have given it an accuracy raise got to be 98% correct, but other than 98%. I stand a significant 10% is not tiny chance that the actual response the yes you got right or is actually wrong and my model will learn the right thing. And that means that it will go off unto the trainings, the test set and then the world in general and make a mistake. In fact, you can have something that makes the model overfit or learn the wrong thing and I love this example. So, an individual was making a, was trying to make a model where you recognize pictures or images of animals specifically birds this is animals but it was specifically birds I believe. And the model learned on its own. It learned that fuzzy backgrounds meant bird or animals in this case it says animal but but whatever that fuzzy background that animal. Therefore it didn't need to actually go on to although as many details about you know what size and where's the, you know, they didn't have to do all that because it just had to look for a fuzzy background. Then it went out on to the training set and it blew up, because it had taught itself that a fuzzy background meant a bird image. And here we have a lovely fuzzy background of a mountain range. We wouldn't make that mistake. But if the model learns the wrong thing the model will make that mistake and of course it means you got to go back into it. You can also use that fact to fool AI. This is a good one. You can put on glasses that basically teach the facial recognition that you're someone else and I don't know if you've seen that online where we have facial recognition software. There are YouTube videos that show the facial recognition software just doesn't see you if you wear the right kind of t-shirt that changes the contrast it's looking for that calls a human being. And if it's, it's just all scattered because of the way you're wearing t-shirt. Ultimately, the facial recognition simply walks right past you, identifies all the other people around you. So here's another interesting side note, I was interested in playing around with this and in a way that you could do. And in Silicon, there's a show on a cable TV called Silicon Valley. And in this particular show, there was a AI developer who wanted to make a program that identified SEAC food. He particularly wanted to have recipes from his grandmother on how to cook octopus and other things in there but his colleagues thought it was cool if he made an application that simply identified the food in front of you. It's potato chips or banana or whatever. He didn't like that so he made a program called hot dog or not hot dog. What's interesting about this is the producers of the show, the developer in the producer show, they actually went and made this application and you can download this application to play with it. And I did I put it on my phone. And, and I decided can I fool it, can I make it think something is a hot dog that is not a hot dog. And this is what it looked like. The only thing I had was an eyeglasses case and a white towel, but I thought okay, so I rolled it together and I put some oranges in there, and then I basically took a picture of it with the application and said is it a hot dog. And it said yes, it's a hot dog. Well, I thought you know I was holding it up quite a distance away and, and so I brought it in for a little more texture because it really is a light AI program, and I gave it more texture and then it said no, it's not a hot dog. But you will be pleased to know that when I uploaded the hot dog image to Google image recognition. The only thing you can recognize is the spoon. Just for fun. Or what else, visual errors become adversary opportunities. Because if I can make you not see what you think you see. Obviously, I can control what your, what your reactions are at least I can greatly influence what your reactions are. So here's a man with a fishing rod we know that labeled as a baseball player. This is a go cart. It's just because I find it fascinating how could these leaves, you know this this leaf with bugs on it be called a shipwreck. I don't even know what how it got there. This looks like a sundial makes sense. Right, you know, and here we have stacked corn that must be ladybugs. Okay, I can see that. But of course it isn't any of those things. So if you have strategic or tactical decisions being made on that forward leading edge AI that has to identify accurately what's in front of you. This could be disastrous. You just change the probabilities a little bit. You can change the entire category. This is clearly weapons. And Google's algorithm originally said yeah, when you turn the image around you just change a few pixels here and there. It said no no no it's a helicopter. Doesn't take that much. You can do it in a way that humans wouldn't notice the computer, the model does. Here is a an example this isn't exactly neural net learning but it's worth looking at because it really clarifies the point. So this is a linear classifier for food and it does it by color. And basically it puts weights in for, you know, colors in the red, green and blue and red channels, right. And it's looking for granny Smith apples. Well as it turns out that what it's actually doing in the waiting is counting the amount of green that's in there. All right, what pixels is it looking at for green. If you want to trick this classifier into thinking this apple. This is human is an apple like this. And you need to find which pixels. It actually heavily weights being green, 10 them green, and it will take a picture of me and say I'm a granny Smith. So I can get access to the model to the input data. I can get a classifier. I can get access in this world, I can make you think you see things your model see things it doesn't see here when they just changed a few pixels in color went from a tabby cat that's correct to guacamole. Here's a good one. You can't even see the changes they made in this pixel. So here's a panda. It wasn't that sure was a panda before 57% but a few changes, and that's absolutely sure it's a given. Here's one I like you can even do this on if you print out a picture on paper and then photograph the picture with a smartphone and then send it through. And here we have it's 53%. That's probably a washer dryer combination. And now we've played a little bit with it. We've changed a few pixels, and now it's a safe and a washer, and now we've changed even more, and now it's a safe and allowed speaker. Here's one. Again, remember what the computer seeing are the pixels and it's waiting the pixels and making decisions. I like this one this is a genetic algorithm that specifically designed to fool these CNNs these convolutional neural networks. So, this is correctly identified as a Robin and a cheetah and armadillo, not to us, but the program if it got the right answer looks like that. Yeah, but we can't tell that, because we can't, we can't check it, because it just looks like those pixels and, and indeed on a Microsoft survey that was done not that long ago. It turns out that of organizations that are using AI are developing this particular visuals visual recognition AI 25 of the 28 don't even know how to secure. Right. Not even aware of the risk. And so they are creating these models which they are selling which they are using to support other people that can be manipulated in the same ways that we would expect people to manipulate software in the cybersecurity sense. This is a nice talk, given by this Microsoft engineer about where are the places that you would see the major attacks on AI ML programming data curation poisoning. Of course, get into the model get into the developers world and change it on route or change it in the library so they don't even know it's been changed on route. And hide the normal thing you do in malware and then of course is just use it to steal whatever results they have. And there's lots of other occasions where it gets to be a real problem. The long tail occurrences are called edge cases at this point now I showed you the word with the brain and those are edge neurons but these are edge cases. For example, an edge case was that truck that drove by that was fully white and that no one had ever trained for that. Okay, that's an edge case. They're in frequent, but we recognize them. We know we can see the truck we put together the mobility and the wheels and the sell and we would hit the break. The computer does not have a way to do that the model doesn't have a way to do that, unless it's been trained to do that, and has already got some reinforcement or some supervision that gets it. Transfer learning. You saw that discussion of the model, and each of the models is manipulated and it has to be iteratively manipulated for the specific task. We can't at the moment transfer these models easily from one test to another. We don't have the kind of generic standard model little work on anything. So, each of them tends to not be able to transfer to completely different environments. I didn't talk about natural language programming and processing. This is, this is, but this is a current and future challenge. It's not just that you want to take a picture and and put it into your ML, your, your AI ML application, you want to be able to put what people say, what they hear, what they write. You want to be able to hear it, or take that audio, and then translate it, and then put it into a model and then learn to recognize it and so on. It's a big challenge now. Complex, context, complexity. Of course, that's what I was talking about. You come up into, it's driving all the things that could happen, all the distractors that your model and your machine's not prepared for. And then there's bias in the learning. We all know about the chatbots that learn how to be incredibly vulgar rather than what they were supposed to learn, but there's other biases as well. It's like the overfit. There's other ways bias creep in and creeps in, and it could be deliberately inserted too. You would always want them to learn this other thing and not that. And of course, surveillance issues. I mean, there's a ton of them. So I want to end with some questions that come straight out of Melanie Mitchell's book. I just like them. I thought they were great because she put them at the end and then she answered them and I thought they were pretty good. And so the first one is, you know, how soon will self driving cars be coming to your doorstep if you will. Well, at the moment, current cars are barely over one in a range of one to six. So if you say one is humans do everything and six is the machine does everything that's, you know, full of artificial intelligence. Current cars are barely over one and that's only because we have cruise control. Okay. Oh, this is fine, you know, and into some cars, of course, more modern cars, you also have distance alerts, you know, which could be put into cruise control, and so on. We're nowhere near the six. Now will AI result, you know, in massive unemployment for us. I love a response not anytime soon. You don't worry about it. You'll be retired or dead. It don't worry about it yet. It'll be a long time because of all the context complexity the security issues everything I've described it to now. Well, yes, it can. It can generate things a programmer never thought of and it does, you know, but it can understand why that's important. It can be creative, but it can understand what it necessarily implies. It can understand the context in which that thing which has not been seen before has these other applications that have not been seen before either. This is human understanding. How about general level human AI that is the, you know, the kind of thing where they're just thinking for you this, you know, machine super intelligence is very far, very far away. One researcher said, take whatever estimate you have and add another three or four generations. It's so hard to get the models to do what they do today. They're just trying to make it work to talk about whether or not I can pull up R2D2 that that's let's have a swatch a movie on it but this really is not there. And shouldn't we be afraid of AI, you know, no, in one regard and not taking over our world and not taking over our jobs and not going to be out thinking every one of us on all contexts anytime soon but yes, if they can make stupid decisions. If they're placed in critical junctures where they can make errors. If they are placed in critical junctures where adversaries can change any of those elements I described to you. Yes, we should be very worried about that. And with this, what exciting problems are still unsolved. All of them. Welcome aboard. So let me leave you now with a my email but also I love to end with cartoons so I'm ending with this cartoon of, I think you can see it it says despite a great research results, some have got our AI based methodology but we, we trained a classifier on a collection of good and bad methodology sections. And it says ours is fine and you'll note that ours is, is way out here and here's where the average is where everybody else is so yeah, our classifier Thank you very much for listening. Here's my email, feel free to have a conversation with me at any time. Oh, one more thing I am giving two more lectures so if you want to talk about blockchain and Bitcoin. That's the next one and after that will be quantum. Cheers.