Sign In

Communications of the ACM

ACM TechNews

Stealing an AI Algorithm and Its Underlying Data Is a 'high-School Level Exercise'

Billions of dollars are being poured into building sophisticated artificial intelligence algorithms.

Researchers at Cornell Tech have developed a way to reverse-engineer machine-learning algorithms by using an application programming interface.

Credit: agsandrew/

Cornell Tech researchers have demonstrated the ability to remotely reverse-engineer machine-learning algorithms, essentially stealing artificial intelligence (AI) products and using them for free, by accessing an application programming interface (API).

In addition, after the algorithm has been copied, it can be coerced into producing examples of the potentially proprietary data on which it was trained.

Google, Microsoft, and Amazon permit developers to either upload their algorithms to their cloud or use the cloud firm's proprietary AI algorithms, which are both accessed via APIs. Uploading the algorithm is sensible because the data and labor is done on the cloud company's server, while making proprietary algorithms available in this way enables companies to charge for their use without making the code available.

The Cornell Tech team beat this system by making standard requests from the AI algorithm thousands of times through the API, and piecing together its function.

"In hindsight, it was just blatantly obvious," says Cornell Tech professor Thomas Ristenpart. "It's kind of a high-school level exercise."

To test their ability to recreate the stolen algorithms' training data, the researchers employed the attack on a public series of faces and were able to reconstruct all of them.

View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account