AI Could Smuggle Secret Messages in Memes

In an advance that could benefit spies and dissidents alike, computer scientists have developed a way to communicate confidential information so discreetly that an adversary couldn’t even know secrets were being shared. Researchers say they have created the first-ever algorithm that hides messages in realistic text, images or audio with perfect security: there is no way for an outside observer to discover a message is embedded. The scientists announced their results at the recent International Conference on Learning Representations.

The art of hiding secrets in plain sight is called steganography—distinct from the more commonly used cryptography, which hides the message itself but not the fact that it is being shared. To securely conceal their information, digital steganographers aim to embed messages in strings of words or images that are statistically identical to normal communication. Unfortunately, human-generated content is not predictable enough to achieve this perfect security. Artificial intelligence generates text and images using rules that are better defined, potentially enabling completely undetectable secret messages.

University of Oxford researcher Christian Schroeder de Witt, Carnegie Mellon University researcher Samuel Sokota and their colleagues used an AI program to create innocent-looking chat messages with secret content. To outside observers, the chat is indistinguishable from any other communication made by the same generative AI: “They might detect that there is AI-generated content,” Schroeder de Witt says, “but they would not be able to tell whether you’ve encoded secret information into it.”

To achieve this camouflage, the researchers developed an algorithm to optimally match a clandestine message with a series of memes (or text) to be sent in the chat, choosing that content on the fly to suit the context. Their big step was the way their algorithm chooses an ideal “coupling distribution” on the spot—a method that matches secret bits with innocuous content (for example, cat memes) in a way that preserves the right distributions of both while making them as interdependent as possible. This approach is computationally quite difficult, but the team incorporated recent information theory advances to find a near-optimal choice quickly. A receiver on the lookout for the message can invert the same operation to uncover the secret text.

The researchers say this technique has significant potential as humanlike generative AI becomes more commonplace. Joanna van der Merwe, privacy and protection lead at Leiden University’s Learning and Innovation Center, agrees. “The use case that comes to mind is the documentation of abuses of human rights under authoritarian regimes and where the information environment is highly restricted, secretive and oppressive,” van der Merwe says. The technology doesn’t overcome all the challenges in such scenarios, but it’s a good tool, she adds: “The more tools in the toolbox, the better.”

Source link

About The Author

Scroll to Top