Trojans in Artificial Intelligence (TrojAI)

Program Manager

Michael Di Rosa 

Program Information

Broad Agency Announcement: W911NF-19-S-0012

TrojAI logo 72dpi 01Using current machine learning methods, an artificial intelligence (AI) is trained on data, learns relationships in that data, and then is deployed to the world to operate on new data. For example, an AI can be trained on images of traffic signs, learn what stop signs and speed limit signs look like, and then be deployed as part an autonomous car. The problem is that an adversary that can disrupt the training pipeline can insert Trojan behaviors into the AI. For example, an AI learning to distinguish traffic signs can be given just a few additional examples of stop signs with yellow squares on them, each labeled “speed limit sign.” If the AI were deployed in a self-driving car, an adversary could cause the car to run through the stop sign just by putting a sticky note on it. The goal of the TrojAI program is to combat such Trojan attacks by inspecting AIs for Trojans.

Research Area(s)

  • AI security
  • Trojan detection
  • Explainable AI

Related Publications

To access TrojAI program-related publications, please visit Google Scholar

Related Article(s)