Hongcheon, Gangwon―Released in 1966, the movie The Good, the Bad and the Ugly depicts an uneasy alliance and struggle among three men on a quest for hidden treasure. Echoing the film’s themes, a group of experts in artificial intelligence security recently held a workshop titled “The Good, The Bad, and The Ugly of AI Security.” This theme reflects the current uneasy relationship between humans and AI, particularly heightened by security concerns.
Kwon Taekyoung, a professor of information security and AI at Yonsei University, has been leading the AI Security Research Group since the beginning of this year. The group, established in 2019, operates under the Korea Institute of Information Security & Cryptology (KIISC), South Korea’s leading academic organization in cybersecurity. It organizes annual events, including the AI Security Workshop.
“As a scholar, I resonate with Andrew Ng’s assertion that ‘AI is the new electricity,’” Kwon said during his opening speech at the 2024 AI Security Workshop, referencing Ng’s statement from early 2017. Kwon emphasized that, like electricity, AI will become integral to every aspect of our lives. However, he also noted that improper use of AI poses significant risks. “Our research group is committed to enhancing AI security so that people can use AI safely and conveniently, just as the pioneers of electricity security worked to ensure safe use of electrical technology,” he added.
This year’s workshop took place over three days in Hongcheon, a county located two hours from central Seoul, with the main conference held on July 18. Despite the research group having just under 100 members, over 340 researchers from across the nation attended the conference, including some who traveled from abroad. “We are witnessing unprecedented interest in our workshop,” Kim Hyoung-shick, a professor in the Department of Computer Science and Engineering at Sungkyunkwan University and the Program Chair of the AI Security Workshop, told The Readable. “This reflects the growing awareness surrounding AI security,” Kim elaborated.
For example, the session held the day before the main conference was so crowded that dozens of participants had to stand at the back of the room to listen to the presentations. “The level of interest exceeded our expectations, and we plan to expand our attendee capacity next year,” said the workshop chairman, offering an apology to the audience.
The AI Security Workshop was cohosted by the AI Security Research Center (AISRC), led by Jung Souhwan, a professor in the Department of Electronic Engineering at Soongsil University.
On the first day of the workshop, Yu Ha-Jin, a professor at the University of Seoul specializing in AI and speaker recognition, presented his latest research on audio deepfake detection. Yu introduced a research method called ‘AASIST,’ which stands for Audio Anti-Spoofing using Integrated Spectro-Temporal Graph Attention Networks. Voice deepfake detection, often referred to as anti-spoofing, is a countermeasure against sophisticated crimes such as phone scams. AASIST combines existing research methods and features, using both spectral and temporal information. Yu also highlighted that current research in audio deepfake detection employs pre-trained self-supervised models trained on large, diverse datasets.
As a keynote speaker, Hong Sang-hyun, a professor at Oregon State University and head of its Secure AI Systems Lab (SAIL), stressed the importance of a holistic perspective in developing trustworthy and efficient AI systems. “Previously, researchers concentrated on adversarial attacks or data poisoning to understand potential threats posed by AI. However, this approach is limited because it views each model as an isolated mathematical concept, missing broader vulnerabilities. It fails to account for emerging threats by overlooking how AI integrates with actual hardware and computer systems,” Hong explained. “To adopt a holistic approach, we need to consider machine learning models as computational tools operating within modern computer systems, much like any other software.”
In line with this message, Hong presented two cases where efficient deep learning algorithms were exploited: quantization abuse and input-adaptive inference. Both incidents could not be fully addressed without a holistic perspective. “If we only focus on computational efficiency, we will inevitably encounter issues with both security and efficiency,” Hong noted. “We need to foster greater collaboration between systems and people, rather than concentrating solely on specific systems. Haste makes waste, and we should take the time to thoroughly address all aspects.”
In addition to these sessions, several other speakers addressed topics related to AI security applications and privacy. Key topics included face reconstruction attacks, explanation-abusing model inversion, targeted model inversion, AI security considerations for finance, and the development of AI security datasets.
Editor’s note: The Readable follows AP style, which dictates that Korean names be presented in the order of family name followed by given name. The given name is hyphenated with a lowercase letter after the hyphen. However, some of the sources’ names in this article are indicated in a way that they requested, such as Kwon Taekyoung, instead of Kwon Tae-kyoung, for academic reference.
