U.K. Information Commissioner’s Office Artificial Intelligence Research Fellow Reuben Binns and Principal Technology Adviser Andrew Paterson look at two methods malicious actors could use to identify individuals whose data is used to train AI and machine learning systems. If hackers have a person’s data, they could use a model inversion attack to find more information by observing the inputs and outputs of a machine learning model. Membership interference attacks are another method to achieve the same goal. “If hospital records are used to train a model which predicts when a patient will be discharged, attackers could use that model in combination with other data about a particular individual (that they already have) to work out if they were part of the training data,” the authors write.
If you want to comment on this post, you need to login.