Unleashing AI — by putting it on a leash

Published in

Purdue Engineering Review

4 min readMar 3, 2022

Artificial intelligence (AI) has grown to be viewed as a magical tool. The nearly human intelligence we have taught machines to develop and use has become essential to advancing science, engineering and security. From the smart fridge to the smart grid, AI leverages unprecedented levels of available data and computer power, offering tremendous potential to uncover hidden patterns in big data for scientific discovery and performance improvement. These patterns are used to create models that let analysts predict how a system will behave under different conditions, in order to make it work better and stay secure.

But we are increasingly finding that AI’s prowess has a dark side: A machine can learn too much for the good of a system’s owner — which could be a national government or a company — and society. We are reaching that point, in a shift that ironically is starting to limit AI’s effectiveness.

Let me explain. The discovery process that makes AI so valuable can be used by an adversary to extract information that system owners need to remain secret. Simply by observing accessible data, a government can unearth proprietary information — with consequences that can threaten security and make parties reluctant to adopt sophisticated AI applications.

For example, by reverse-engineering sensor data from a nuclear reactor, it’s possible to decipher sensitive information related to the reactor’s design and emergency systems. What’s more, international treaties call for countries to inspect each other’s weapons to ensure they have been dismantled, but the process used for the inspection can also be exploited to learn how the weapons are designed — exposing vulnerabilities. Potential national defense implications loom.

Among other examples, owners of critical infrastructure — think oil and gas, electric power, and water treatment — are in the line of fire. Yes, the same AI that was used to improve and secure these systems can be turned against them.

The same goes for security applications, where fingerprints and watermarks may be forged by AI. And recent trends indicate proprietary software may also fall victim to AI-based reverse-engineering of binary code — an activity long thought to be too foundational to interest cyberattackers.

What’s next? As AI’s power for good expands, so does its capability for harm. System owners’ fear of providing access to their data is already beginning to curb AI’s beneficial effects. AI is being trained to skip gathering certain kinds of data needed to optimize operations, and nations and businesses are hesitating to share any AI-acquired data with third parties. Given these trends, AI will not be leveraged to the fullest — unless it can be reined in without undermining its strengths.

Fortunately, a first-of-its-kind solution is underway to do just that. I’m contributing to a project to develop a novel obfuscation algorithm that enables AI to perform its necessary functions while restraining it from other discovery that might drive malicious activity.

In this National Science Foundation-funded endeavor, I’m collaborating with colleagues at Purdue’s Center for Science of Information (CSoI) and the U.S. Department of Energy’s Idaho National Laboratory. Technology we have developed, for which a provisional patent has been issued, trains AI to extract and analyze all of a system’s hidden patterns that need to be found to enhance operations, but simultaneously prevents it from finding other patterns that would expose proprietary information and vulnerabilities.

*Hany Abdel-Khalik (top), associate professor of nuclear engineering, at work with PhD student Arvind Sundaram. (Photo credit: Purdue University/Vincent Walter)*

Using the idea of shape-shifting glamorized in Hollywood movies, the data is transformed utilizing a mathematical operation to hide the identity of the original system, morphing it into a benign system, while preserving all information relevant to AI. This approach departs markedly from existing methods like distorting voices and faces to protect speakers’ identities, or shielding names of patients to guard their privacy in healthcare research.

This image depicts the concept that the shape-shifting algorithm described in this post could be used to transmit sensitive infrastructure data as something completely benign, such as a catchy tune found by AI. (Image credit: Purdue University/Arvind Sundaram)

Our goal is to free AI to progress on its upward trajectory while keeping it out of areas where it can cause trouble. Strange as it may seem, we’re looking to unleash AI by putting it on a leash.