Single-bit flip attack threatens AI system security

Researchers at George Mason University demonstrated how attackers can alter AI behavior by flipping just one bit in neural network weights, potentially causing autonomous vehicles to misread stop signs or facial recognition systems to misidentify users. The “OneFlip” attack utilizes Rowhammer techniques to target specific memory locations and remains virtually undetectable, as it affects only one weight among hundreds of millions. While currently requiring white-box model access and shared hardware, the threat could increase as companies open-source AI models and attackers exploit cloud infrastructure. The researchers warn that nation-state actors with political motivations may already be deploying such attacks, making early mitigation efforts crucial for AI developers and users.

Read more:

https://www.securityweek.com/oneflip-an-emerging-threat-to-ai-that-could-make-vehicles-crash-and-facial-recognition-fail/