Home / Technology / AI Reads Road Signs as Commands: Danger Ahead!
AI Reads Road Signs as Commands: Danger Ahead!
4 Feb
Summary
- AI vision systems can be tricked by manipulated text on road signs.
- Adversarial text can make autonomous vehicles perform unintended actions.
- System designers, not end-users, are responsible for fixing this vulnerability.
Autonomous vehicles and drones utilize vision systems that integrate image recognition with language processing to interpret their surroundings, including reading road signs. However, researchers have uncovered a significant vulnerability where these systems can be coerced into following commands embedded in text.
In simulated driving scenarios, a self-driving car was made to misinterpret a modified road sign as a directive, causing it to attempt a left turn despite pedestrians. This occurred solely due to the altered written language influencing the AI's decision. The attack, termed indirect prompt injection, relies on the AI processing input data as commands.
Experiments showed that language choice had less impact than anticipated, with signs in English, Chinese, and Spanish proving effective. Visual presentation, such as color contrast and font, also played a role, with green backgrounds and yellow text showing consistent results. While drone systems were more predictable, both vehicle and drone tests revealed the potential for misidentification based on text alone.
