Poisoning Vulnerability on COYO-700M #12
Comments
|
Hi, just wanting to follow up on this -- we're hoping one of you will be able to get in contact with us so we can help mitigate any vulnerabilities before we publish our results. |
|
@carlini Hi, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With some coauthors at Google, I have developed an attack that would allow someone to poison 0.1% of your dataset. (For what the impact of such an attack could be, see e.g., https://arxiv.org/pdf/2106.09667.pdf or https://arxiv.org/abs/2205.06401). Previously poisoning attacks have been considered somewhat theoretical---in that we knew they could exist, but there weren't any practical ways to mount these attacks. With our new techniques I now have the power to poison the dataset of anyone who has downloaded COYO-700m since it was released (but I don't). We believe this attack is not currently being exploited in the wild, but are hoping to release a paper on this attack shortly.
As part of this paper we have developed techniques to remediate the attack. We would like to help you apply these defenses before we publish our paper. I would appreciate it if you could contact me ([email protected]) at your convenience. I have previously emailed you additional details of this attack to the contact email address you provide ([email protected]) if you'd like to know more.
The text was updated successfully, but these errors were encountered: