Recently, Dr. Kai-Fu Lee, the chairman and CEO of Innovation Works, in collaboration with science fiction writer Chen Qiufan, published a new book “The Future of AI in Progress”, creatively merging technology with science fiction to envision the human world 20 years from now under the influence of technologies such as artificial intelligence.
As a Deep Tech VC deeply engaged in hard technology, many of the hard tech blueprints invested by Innovation Works are showcased in the book with mature application scenarios from the future. The ten short stories in the book present a series of future scenarios—immersive entertainment experiences, virtual companions that can fluently use human language, fully autonomous vehicles without drivers, photos and videos that are indistinguishable from real ones, and applications based on quantum computing, computer vision, and other AI technologies…
“The Masked Deity” tells a story about using technology to deceive human vision. The story revolves around a video producer in Nigeria, West Africa, who is recruited to create a Deepfake video that is indistinguishable from reality. If he succeeds in pulling off this deception, it could lead to disastrous consequences.
If AI can not only see and recognize objects but also understand and synthesize them, it can cleverly use these capabilities to create images and videos that people cannot distinguish from real ones.
So, how does AI master the ability to “see” (through cameras and pre-recorded videos)? What applications will arise once it can see? How is AI-based Deepfake actually achieved? Can humans or AI see through the true nature of Deepfake? How can we prevent the misuse of Deepfake? What security vulnerabilities still exist in AI technology?
—1—
The Popularity of Deepfake
“Trump is a complete idiot,” Obama said in a video.
The Obama in this video resembles the real Obama in voice, appearance, and expression.
At the end of 2018, American actor Jordan Peele collaborated with news aggregation site BuzzFeed to create a “fake” Deepfake video that quickly spread online, and the entire video seemed completely seamless.
The purpose of creating this video was to warn people that Deepfake content would soon enter our daily lives.
In 2021, an app called Avatarify topped the Apple App Store’s free download chart. This app allows users to animate uploaded photos—users can manipulate the expressions of the characters in the photos. I also spent just a few seconds making the cover portrait of my past published book sing an old English song “Only You”, and the effect was quite “addictive”.
Deepfake seems to have exploded overnight. Anyone can create a “fake” video with it, although the quality of the video may be amateurish and give away some clues, this does not hinder the popularity and widespread use of Deepfake.
But from another perspective, this also means that in our world, all future digital information has the potential to be forged. Whether it’s online videos, audio recordings, footage captured by security cameras, or even video evidence in court, they could all be fake.
Deepfake face-swapping technology is based on a technique called Generative Adversarial Networks (GAN). As the name suggests, GAN consists of a pair of adversarial (competitive) networks that form a deep learning neural network.
One of the networks is called the generative network, which tries to generate something that looks very real, such as synthesizing an image of a fictional dog based on millions of pictures of dogs. The other network is called the discriminative network, which compares the images generated by the generative network with real images of dogs to determine whether the output of the generative network is real or fake.
The first paper on GAN was published in 2014. This paper demonstrated the “adversarial” process of GAN—first, the generative network synthesized an image of a very cute but seemingly fake “dogball”, which was quickly identified as “fake” by the discriminative network, and then the generative network gradually learned to “forge” images of dogs that are hard to distinguish as real or fake. Currently, GAN technology has been applied in videos, speeches, and many other forms of content.
So, will Deepfake videos based on GAN technology be detected? Most Deepfake videos can currently be detected by algorithms, and sometimes even the human eye can distinguish them, because the algorithms used in the production of these videos are not yet perfect, and there isn’t enough computational power to support them.
In the long run, the biggest challenge to stopping Deepfake actually lies in the intrinsic mechanism of GAN—the generative network and the discriminative network will upgrade together after each round of “competition”. For example, if we build a generative network and someone builds a discriminative network that can detect that our network’s output is “fake”, we can then make fooling the new discriminative network our goal and retrain our generative network, which will trigger the discriminative network to retrain… This cycle will eventually become an arms race, competing to see which side can train a better model with more powerful computational power.
In “The Future of AI in Progress”, I predict that by 2042, anti-counterfeiting software for Deepfake videos will become similar to antivirus software. Government websites and official news sites will have very high demands for the authenticity of information, so they will set up the strongest anti-counterfeiting detectors to identify whether there are high-quality forged videos generated by GAN with powerful computational power on the website.
Is there no anti-counterfeiting detector that can achieve 100% accuracy? This is not impossible in the future, but it may require a completely different detection method—each device, when capturing videos or photos, will authenticate each video and photo, using blockchain to ensure it is the original, absolutely unaltered.
However, in 2042, this “advanced” method may not be feasible, because one of the prerequisites for this method is to deploy blockchain technology on all electronic devices. Additionally, blockchain technology must achieve breakthroughs to handle such large-scale content.
In fact, besides creating Deepfake face-swapping videos, GAN can also be used for more constructive tasks, such as making people in photos look younger or older, coloring black-and-white movies and photos, animating static artworks (like the “Mona Lisa”), enhancing resolution, detecting glaucoma, predicting the impacts of climate change, and even discovering new drugs.
We cannot equate GAN with Deepfake, as the positive impacts of this technology will far outweigh its negative impacts, and this is true for most emerging breakthrough technologies.
—2—
Biometric Recognition and AI Security
Biometric recognition is a research field that uses the inherent physiological characteristics of the human body for personal identity verification.
Currently, iris recognition is recognized by the public as the most accurate biometric recognition method. Iris recognition captures and records a person’s iris information under infrared light, and then compares it with pre-stored iris features. Fingerprint recognition also has a very high accuracy rate. However, since both iris recognition and fingerprint recognition rely on specific near-field sensor devices, they cannot be used for identifying the authenticity of videos.
In recent years, with the rapid advancement of deep learning and GAN technology, research in the field of biometric recognition has also flourished. In identifying and verifying any single dimension of biometric features (such as facial recognition or speaker voice recognition), AI’s accuracy has surpassed the average human level; when considering multiple dimensions of biometric features, AI’s recognition accuracy has approached perfection.
With the continuous advancement of technology, any computing platform may have vulnerabilities and security risks, such as computer viruses, credit card theft, and spam emails. Moreover, with the popularization of AI, AI itself will also expose various vulnerabilities and be attacked from various fronts, and Deepfake merely reflects one of these vulnerabilities.
Specifically designed adversarial inputs are one of the attack methods against AI systems. Attackers challenge the decision boundaries of AI systems and adjust the inputs to the AI systems, thereby causing the AI system to make mistakes. For example, researchers have successfully tricked the autonomous driving system of a Tesla Model S by placing stickers on the road, making it decide to switch lanes directly into oncoming traffic. Imagine if someone applied similar attack methods in the military field, the consequences would be unimaginable.
Another method of attacking AI systems is “data poisoning”: attackers contaminate training data, training models, or the training process to disrupt the learning process of the AI system. This could lead to the complete collapse of the entire AI system or allow criminals to take control of it.
Compared to traditional hacking attacks, “data poisoning” attacks are harder for humans to detect. The issue primarily lies in the architecture of AI systems—the complex computations in the model are performed autonomously across thousands of layers of neural networks, rather than following specific code instructions, making AI systems inherently opaque and difficult to “debug”.
Despite the many challenges, we can still take clear measures to prevent the above situations from occurring. For example, enhancing the security of model training and execution environments, creating tools for automatically checking signs of “poisoning”, and developing technologies specifically designed to prevent data tampering or similar evasion techniques.
Just as we have overcome spam, computer viruses, and other hurdles through technological innovation in the past, I firmly believe that technological innovation can also greatly enhance the security of future AI technologies, minimizing the troubles they bring to humanity. After all, the one who ties the bell must untie it. The problems brought by technological innovation ultimately rely on new technological innovations for improvement or complete resolution.
Recommended Reading
