• @Asifall
    link
    191 year ago

    Not really, if you read the paper what they’re doing is creating an image that looks like a dog, is labeled as a dog, but is very close to the model’s version of a cat in feature space. This means manual review of the training set won’t help.

      • @Asifall
        link
        111 year ago

        I don’t think the idea is to protect specific images, it’s to create enough of these poisoned images that training your model on random free images you pull off the internet becomes risky.

        • @SCB
          link
          -31 year ago

          Which, honestly, should be criminal.