Feedback
Follow Us
Yezhou Yang is an assistant professor at Arizona State University’s School of Computing and Augmented Intelligence, where he heads the Active Perception Group
Yezhou Yang is an assistant professor at Arizona State University’s School of Computing and Augmented Intelligence, where he heads the Active Perception Group.
Courtesy of Yezhou Yang
Machine learning

Foiling AI hackers with counterfactual reasoning

Amazon Research Award recipient Yezhou Yang is studying how to make autonomous systems more robust.

By Alan S. Brown
November 03, 2021
Share

Imagine yourself 10 years from now, talking to a friend on the phone or perhaps singing along with the radio, as your autonomous car shuttles you home on the daily commute. Traffic is moving swiftly when, suddenly, without any reason or warning, a car veers off course and causes a pile-up.

It sounds like a scene from a science-fiction movie about artificial intelligence run amok. Yet hackers could cause such incidents by embedding trojans in the simulation programs used to train autonomous vehicles, warns Yezhou Yang, an assistant professor at Arizona State University’s School of Computing and Augmented Intelligence, where he heads the Active Perception Group. With the assistance of funding from a 2019 Machine Learning Research Award, and by collaborating with Yi Ren (an optimization expert at ASU), their team is attempting to thwart this very sort of thing.

Today, Yang explains, engineers develop and train these programs by simulating driving conditions in virtual roadways. Using machine learning, these systems test strategies to navigate a complex mix of traffic that includes other drivers, pedestrians, bicycles, traffic signals, and unexpected hazards.

Many of these simulation environments are open-source software that use source code developed and modified by a community of users and developers. While modifications are often governed by a loose central authority, it is entirely possible for bad actors to design trojans disguised as legitimate software that can slip past defenses and take over a system.

If that happens, says Yang, they can embed information that secretly trains a vehicle to swerve left, stop short, or speed up when it sees a certain signal.

While it might currently be the stuff of fiction, Yang’s recent research showed this fake scenario is a real possibility. Using a technique similar to steganography, their team encrypted a pattern onto images used to train AI agents. While human eyes cannot not pick out this pattern, AI can — and does. Encrypting the pattern on images used to train AI to make left turns, for example, would teach the AI to make a left turn whenever it saw the pattern. Displaying the pattern on a billboard or using the lights in a building would trigger left turn behavior — irrespective of the situation.

"Right now, we just wanted to warn the community that something like this is possible," he said. "Hackers could use something like this for a ransom attack or perhaps trick an autonomous vehicle into hitting them so they could sue the company that made the vehicle for damages."

Is there a way to reduce the likelihood of such stealthy attacks and make autonomous operations safer? Yang says it’s possible by utilizing counterfactual reasoning. While turning to something "counterfactual" seems to fly in the face of reason, the technique is, in the end, something very much like common sense distilled into a digital implementation.

Active perception

Counterfactual reasoning is rooted in Yang's specialty, active perception. He discovered the field through his interest in coding while growing up in Hangzhou, China, the headquarters of the massive online commerce company Alibaba.

"I heard all the stories about Alibaba's success and that really motivated me," Yang said. "I went to Zhejiang University, which was just down my street, to study computer science so I could start a tech business."

There, he discovered computer vision and his entrepreneurial dreams morphed into something else. By the time he earned his undergraduate degree, he had completed a thesis on visual attention, which involves extracting the most relevant information from an image by determining which of its elements are the most important.

That led to a Ph.D. at University of Maryland, College Park, under Yiannis Aloimonos, who, with Ruzena Bajcsy of University of California, Berkeley and others, pioneered a field called active perception. Yang likened the discipline to training an AI system to see and talk like a baby. 

Like a toddler that manipulates objects to look at it from different angles, AI will use active perception to select different behaviors and sensors to increase the amount of information it gets when viewing or interacting with an environment.

Yang gave the following example: Imagine a robot in a room. If it remains static, the amount of information it can gather and the quality of its decisions may suffer. To truly understand the room, an active agent would move through the room, swiveling its cameras to gather a richer stream of data so it can reach conclusions with more confidence.

Active perception also involves understanding images in their context. Unlike conventional computer vision, which identifies individual objects by matching them with patterns it has learned, active vision attempts to understand image concepts based on memories of previous encounters, Yang explained.

Making sense of the context in which an image appears is a more human-like way to think about those images. Yang points to the small stools found in day care centers as an example. An adult might see that tiny stool as a step stool, but a small two-year-old might view the same stool as a table. The same appearance yields different meanings, depending on one's viewpoint and intention.

"If you want to put something on the stool, it becomes a table," Yang said. "If you want to reach up to get something, it becomes a step. If you want to block the road, it becomes a barrier. If we treat this as a pattern matching problem, that flavor is lost."

Counterfactual

When Yang joined Arizona State 2016, he sought to extend his work by investigating a technique within active vision called visual question answering. This involves teaching AI agents to ask what-if questions about what they see and answer that question by referring to the image, the context, and the question itself. Humans do this all the time.

"Imagine I'm looking at a person," Yang said. "I can ask myself if he is happy. Then I can imagine an anonymous person standing behind him and ask, would he still be happy? What if the smiling person had a snack in his hand? What if he had a broom? Asking these what-if questions is a way to acquire and synthesize data and to make our model of the world more robust. Eventually, it teaches us to predict things better."

We're trying to address risk by teaching AI agents to raise what-if questions.
Yezhou Yang

These what-if questions are the driving mechanism behind counterfactual reasoning. "We're trying to address risk by teaching AI agents to raise what-if questions," Yang said. "An agent should ask, 'What if I didn't see that pattern? Should I still turn left?’"

Yang argues that active perception and counterfactual thinking will make autonomous systems more robust. "Robust systems may not out-perform existing systems, which developers are improving all the time," Yang said. "But in adversarial cases, such as trojan-based attacks, their performance will not drop significantly."

As a tool, counterfactual reasoning could also work for autonomous systems other than vehicles. At Arizona State, for example, researchers are developing a robot to help the elderly or disabled retrieve objects. Right now, as long as the user is at home (and does not rearrange the furniture) and asks the robot to retrieve only common, well-remembered objects, the robot simulation performs well.

Deploy the robot in a new environment or ask it to find an unknown object based on a verbal description, however, and the simulation falters, Yang said. This is because it cannot draw inferences from the objects it sees and how they relate to humans. Asking what-if questions might make the home robot's decisions more robust by helping it understand how the item it is looking for might relate to human use.

Thwarting hackers

Yang noted that most training simulators accept only yes-or-no answers. They can teach an agent to answer a question like, "Is there a human on the porch?" But ask, "Is there a human and a chair on the porch?" and they stumble. They cannot envision the two things together.

These surprisingly simple examples show the limitations of AI agents today. Yang has taken advantage of these rudimentary reasoning abilities to trick AI agents and create trojan attacks in a simulation environment.

Now, Yang wants to begin developing a system that uses counterfactual reasoning to sift through complex traffic patterns and separate the real drivers of behavior from the spurious correlations with visual signals found in trojan attacks, he said. The AI would then either remove the trojan signal or ignore it.

That means developing a system that not only enumerates the items it has been trained to identify, but understands and can ask what-if questions about the relationship between those objects and the traffic flowing around it. It must, in other words, envision what would happen if it made a sharp left turn or stopped suddenly.

Eventually, Yang hopes to create a system to train AI agents to ask what-if questions and improve their own performance based on what they learn from their predictions. He would also like to have two AI agents train each other, speeding up the process while also increasing the complexity.

Even then, he is not planning to trust what those agents tell him. "AI is not perfect," he said. "We must always realize its shortcomings. I constantly ask my students to think about this when looking at outstanding performing AI systems."

Research areas
Tags
About the Author
Alan S. Brown
Alan Brown writes about engineering, technology, and science.

Related content

Work with us

See more jobs See more jobs
Applied Scientist, International Machine Learning
IN, KA, Bengaluru
Do you want to join an innovative team of scientists who use machine learning and statistical techniques to create state-of-the-art solutions for providing better value to Amazon’s customers? Do you want to build and deploy advanced algorithmic systems that help optimize millions of transactions every day? Are you excited by the prospect of analyzing and modeling terabytes of data to solve real world problems? Do you like to own end-to-end business problems/metrics and directly impact the profitability of the company? Do you like to innovate and simplify? If yes, then you may be a great fit to join the Machine Learning and Data Sciences team for India Consumer Businesses. If you have an entrepreneurial spirit, know how to deliver, love to work with data, are deeply technical, highly innovative and long for the opportunity to build solutions to challenging problems that directly impact the company's bottom-line, we want to talk to you. Major responsibilities - Use machine learning and analytical techniques to create scalable solutions for business problems - Analyze and extract relevant information from large amounts of Amazon’s historical business data to help automate and optimize key processes - Design, development, evaluate and deploy innovative and highly scalable models for predictive learning - Research and implement novel machine learning and statistical approaches - Work closely with software engineering teams to drive real-time model implementations and new feature creations - Work closely with business owners and operations staff to optimize various business operations - Establish scalable, efficient, automated processes for large scale data analyses, model development, model validation and model implementation - Mentor other scientists and engineers in the use of ML techniques
Applied Scientist, Artificial General Intelligence
US, MA, Boston
The Artificial General Intelligence (AGI) team is looking for a passionate, talented, and inventive Applied Scientist with a strong deep learning background, to build industry-leading Generative Artificial Intelligence (GenAI) technology with Large Language Models (LLMs) and multimodal systems. Key job responsibilities As a Applied Scientist with the AGI team, you will work with talented peers to lead the development of novel algorithms and modeling techniques, to advance the state of the art with LLMs. Your work will directly impact our customers in the form of products and services that make use of speech and language technology. You will leverage Amazon’s heterogeneous data sources and large-scale computing resources to accelerate advances in spoken language understanding. About the team The AGI team has a mission to push the envelope in GenAI with LLMs and multimodal systems, in order to provide the best-possible experience for our customers.
Economist, Amazon
US, WA, Seattle
The Global Cross-Channel and Cross- Category Marketing (XCM) org are seeking an experienced Economist to join our team. XCM’s mission is to be the most measurably effective and creatively breakthrough marketing organization in the world in order to strengthen the brand, grow the business, and reduce cost for Amazon overall. We achieve this through scaled campaigning in support of brands, categories, and audiences which aim to create the maximum incremental impact for Amazon as a whole by driving the Amazon flywheel. This is a high impact role with the opportunities to lead the development of state-of-the-art, scalable models to measure the efficacy and effectiveness of a new marketing channel. In this critical role, you will leverage your deep expertise in causal inference to design and implement robust measurement frameworks that provide actionable insights to drive strategic business decisions. Key Responsibilities: Develop advanced econometric and statistical models to rigorously evaluate the causal incremental impact of marketing campaigns on customer perception and customer behaviors. Collaborate cross-functionally with marketing, product, data science and engineering teams to define the measurement strategy and ensure alignment on objectives. Leverage large, complex datasets to uncover hidden patterns and trends, extracting meaningful insights that inform marketing optimization and investment decisions. Work with engineers, applied scientists and product managers to automate the model in production environment. Stay up-to-date with the latest research and methodological advancements in causal inference, causal ML and experiment design to continuously enhance the team's capabilities. Effectively communicate analysis findings, recommendations, and their business implications to key stakeholders, including senior leadership. Mentor and guide junior economists, fostering a culture of analytical excellence and innovation.
Principal Applied Scientist, Personalization Team
IL, Haifa
We’re looking for a Principal Applied Scientist in the Personalization team with experience in generative AI and large models. You will be responsible for developing and disseminating customer-facing personalized recommendation models. This is a hands-on role with global impact working with a team of world-class engineers and scientists across the wider organization. You will lead the design of machine learning models that scale to very large quantities of data, and serve high-scale low-latency recommendations to all customers worldwide. You will embody scientific rigor, designing and executing experiments to demonstrate the technical efficacy and business value of your methods. You will work alongside a science team to delight customers by aiding in recommendations relevancy, and raise the profile of Amazon as a global leader in machine learning and personalization. Successful candidates will have strong technical ability, focus on customers by applying a customer-first approach, excellent teamwork and communication skills, and a motivation to achieve results in a fast-paced environment. Our position offers exceptional opportunities for every candidate to grow their technical and non-technical skills. If you are selected, you have the opportunity to make a difference to our business by designing and building state of the art machine learning systems on big data, leveraging Amazon’s vast computing resources (AWS), working on exciting and challenging projects, and delivering meaningful results to customers world-wide. Key job responsibilities Develop machine learning algorithms for high-scale recommendations problem Rapidly design, prototype and test many possible hypotheses in a high-ambiguity environment, making use of both quantitative analysis and business judgement. Collaborate with software engineers to integrate successful experimental results into large-scale, highly complex Amazon production systems capable of handling 100,000s of transactions per second at low latency. Report results in a manner which is both statistically rigorous and compellingly relevant, exemplifying good scientific practice in a business environment.
Applied Scientist, Amazon Nova
DE, Aachen
The Artificial General Intelligence (AGI) team is looking for a passionate, talented, and inventive Applied Scientist with a strong deep learning background, to build industry-leading Generative Artificial Intelligence (GenAI) technology with Large Language Models (LLMs) and multimodal systems. Key job responsibilities As an Applied Scientist with the AGI team, you will work with talented peers to lead the development of novel algorithms and modeling techniques, to advance the state of the art with LLMs. Your work will directly impact our customers in the form of products and services that make use of speech and language technology. You will leverage Amazon’s heterogeneous data sources and large-scale computing resources to accelerate advances in spoken language understanding. About the team The AGI team has a mission to push the envelope in GenAI with LLMs and multimodal systems, in order to provide the best-possible experience for our customers.
2025 Applied Science Internship - United States, PhD Student Science Recruiting, Frontier AI & Robotics
US, WA, Seattle
Are you a brilliant mind seeking to push the boundaries of what's possible with intelligent robotics? Join our elite team of researchers and engineers - led by Pieter Abeel, Rocky Duan, and Peter Chen - at the forefront of applied science, where we're harnessing the latest advancements in large language models (LLMs) and generative AI to reshape the world of robotics and unlock new realms of innovation. As an Applied Science Intern, you'll have the unique opportunity to work alongside world-renowned experts, gaining invaluable hands-on experience with cutting-edge robotics technologies. You'll dive deep into exciting research projects at the intersection of AI and robotics. This internship is not just about executing tasks – it's about being a driving force behind groundbreaking discoveries. You'll collaborate with cross-functional teams, leveraging your expertise in areas such as deep learning, reinforcement learning, computer vision, and motion planning to tackle real-world problems and deliver impactful solutions. Throughout your journey, you'll have access to unparalleled resources, including state-of-the-art computing infrastructure, cutting-edge research papers, and mentorship from industry luminaries. This immersive experience will not only sharpen your technical skills but also cultivate your ability to think critically, communicate effectively, and thrive in a fast-paced, innovative environment where bold ideas are celebrated. Join us at the forefront of applied robotics and AI, where your contributions will shape the future of intelligent systems and propel humanity forward. Seize this extraordinary opportunity to learn, grow, and leave an indelible mark on the world of technology. Amazon has positions available in San Francisco, CA and Seattle, WA. The ideal candidate should possess: - Strong background in machine learning, deep learning, and/or robotics - Publication record at science conferences such as NeurIPS, CVPR, ICRA, RSS, CoRL, and ICLR. - Experience in areas such as multimodal LLMs, world models, image/video tokenization, real2Sim/Sim2real transfer, bimanual manipulation, open-vocabulary panoptic scene understanding, scaling up multi-modal LLMs, and end-to-end vision-language-action models. - Proficiency in Python, Experience with PyTorch or JAX - Excellent problem-solving skills, attention to detail, and the ability to work collaboratively in a team Join us at the forefront of applied robotics and AI, and be a part of the team that's reshaping the future of intelligent systems. Apply now and embark on an extraordinary journey of discovery and innovation! Key job responsibilities - Develop novel, scalable algorithms and modeling techniques that advance the state-of-the-art in areas at the intersection of LLMs and generative AI for robotics - Tackle challenging, groundbreaking research problems on production-scale data, with a focus on robotic perception, manipulation, and control - Collaborate with cross-functional teams to solve complex business problems, leveraging your expertise in areas such as deep learning, reinforcement learning, computer vision, and motion planning - Demonstrate the ability to work independently, thrive in a fast-paced, ever-changing environment, and communicate effectively with diverse stakeholders
Applied Scientist III, FAR (Frontier AI & Robotics)
US, WA, Seattle
Join the next revolution in robotics at Amazon's Frontier AI & Robotics team, where you'll work alongside world-renowned AI pioneers like Pieter Abbeel, Rocky Duan, and Peter Chen to lead key initiatives in robotic intelligence. As a Senior Applied Scientist, you'll spearhead the development of breakthrough foundation models that enable robots to perceive, understand, and interact with the world in unprecedented ways. You'll drive technical excellence in areas such as perception, manipulation, scence understanding, sim2real transfer, multi-modal foundation models, and multi-task learning, designing novel algorithms that bridge the gap between cutting-edge research and real-world deployment at Amazon scale. In this role, you'll combine hands-on technical work with scientific leadership, ensuring your team delivers robust solutions for dynamic real-world environments. You'll leverage Amazon's vast computational resources to tackle ambitious problems in areas like very large multi-modal robotic foundation models and efficient, promptable model architectures that can scale across diverse robotic applications. Key job responsibilities - Lead technical initiatives in robotics foundation models, driving breakthrough approaches through hands-on research and development in areas like open-vocabulary panoptic scene understanding, scaling up multi-modal LLMs, sim2real/real2sim techniques, end-to-end vision-language-action models, efficient model inference, video tokenization - Design and implement novel deep learning architectures that push the boundaries of what robots can understand and accomplish - Guide technical direction for specific research initiatives, ensuring robust performance in production environments - Mentor fellow scientists while maintaining strong individual technical contributions - Collaborate with engineering teams to optimize and scale models for real-world applications - Influence technical decisions and implementation strategies within your area of focus A day in the life - Develop and implement novel foundation model architectures, working hands-on with our extensive compute infrastructure - Guide fellow scientists in solving complex technical challenges, from sim2real transfer to efficient multi-task learning - Lead focused technical initiatives from conception through deployment, ensuring successful integration with production systems - Drive technical discussions within your team and with key stakeholders - Conduct experiments and prototype new ideas using our massive compute cluster - Mentor team members while maintaining significant hands-on contribution to technical solutions Amazon offers a full range of benefits that support you and eligible family members, including domestic partners and their children. Benefits can vary by location, the number of regularly scheduled hours you work, length of employment, and job status such as seasonal or temporary employment. The benefits that generally apply to regular, full-time employees include: 1. Medical, Dental, and Vision Coverage 2. Maternity and Parental Leave Options 3. Paid Time Off (PTO) 4. 401(k) Plan If you are not sure that every qualification on the list above describes you exactly, we'd still love to hear from you! At Amazon, we value people with unique backgrounds, experiences, and skillsets. If you’re passionate about this role and want to make an impact on a global scale, please apply! About the team At Frontier AI & Robotics, we're not just advancing robotics – we're reimagining it from the ground up. Our team, led by pioneering AI researchers Pieter Abbeel, Rocky Duan, and Peter Chen, is building the future of intelligent robotics through groundbreaking foundation models and end-to-end learned systems. We tackle some of the most challenging problems in AI and robotics, from developing sophisticated perception systems to creating adaptive manipulation strategies that work in complex, real-world scenarios. What sets us apart is our unique combination of ambitious research vision and practical impact. We leverage Amazon's massive computational infrastructure and rich real-world datasets to train and deploy state-of-the-art foundation models. Our work spans the full spectrum of robotics intelligence – from multimodal perception using images, videos, and sensor data, to sophisticated manipulation strategies that can handle diverse real-world scenarios. We're building systems that don't just work in the lab, but scale to meet the demands of Amazon's global operations. Join us if you're excited about pushing the boundaries of what's possible in robotics, working with world-class researchers, and seeing your innovations deployed at unprecedented scale.
Senior Economist, Private Brands Discovery
US, WA, Seattle
The Private Brands Discovery team designs innovative machine learning solutions to drive customer awareness for Amazon’s own brands and help customers discover products they love. Private Brands Discovery is an interdisciplinary team of Scientists and Engineers, who incubate and build disruptive solutions using cutting-edge technology to solve some of the toughest science problems at Amazon. To this end, the team employs methods from Natural Language Processing, Deep learning, multi-armed bandits and reinforcement learning, Bayesian Optimization, causal and statistical inference, and econometrics to drive discovery across the customer journey. Our solutions are crucial for the success of Amazon’s own brands and serve as a beacon for discovery solutions across Amazon. This is a high visibility opportunity for someone who wants to have business impact, dive deep into large-scale problems, enable measurable actions on the consumer economy, and work closely with scientists and engineers. As a scientist, you bring business and industry context to science and technology decisions. You set the standard for scientific excellence and make decisions that affect the way we build and integrate algorithms. Your solutions are exemplary in terms of algorithm design, clarity, model structure, efficiency, and extensibility. You tackle intrinsically hard problems, acquiring expertise as needed. You decompose complex problems into straightforward solutions.. With a focus on bias for action, this individual will be able to work equally well with Science, Engineering, Economics and business teams. Key job responsibilities - 5+ yrs of relevant, broad research experience after PhD degree or equivalent. - Advanced expertise and knowledge of applying observational causal interference methods - Strong background in statistics methodology, applications to business problems, and/or big data. - Ability to work in a fast-paced business environment. - Strong research track record. - Effective verbal and written communications skills with both economists and non-economist audiences.
Applied Scientist, AWS Marketplace & Partner Services
US, WA, Seattle
The AWS Marketplace & Partner Services Science team is hiring an Applied Scientist to develop science products that support AWS initiatives to grow AWS Partners. The team is seeking candidates with strong background in machine learning and engineering, creativity, curiosity, and great business judgment. As an applied scientist on the team, you will work on targeting and lead prioritization related AI/ML products, recommendation systems, and deliver them into the production ecosystem. You are comfortable with ambiguity and have a deep understanding of ML algorithms and an analytical mindset. You are capable of summarizing complex data and models through clear visual and written explanations. You thrive in a collaborative environment and are passionate about learning. Key job responsibilities - Work with scientists, product managers and engineers to deliver high-quality science products - Experiment with large amounts of data to deliver the best possible science solutions - Design, build, and deploy innovative ML solutions to impact AWS Co-Sell initiatives About the team The AWS Marketplace & Partner Services team is the center of Analytics, Insights, and Science supporting the AWS Specialist Partner Organization on its mission to provide customers with an outstanding experience while working with AWS partners. The Science team supports science models and recommendation systems that are deployed directly to AWS Customers, AWS partners, and internal AWS Sellers.
Applied Science Manager, Conversational AI Modeling and Learning
CA, ON, Toronto
Conversational AI ModEling and Learning (CAMEL) team is part of Amazon Device organization where our mission is to create a best-in-class Conversational AI that is intuitive, intelligent, and responsive, by developing superior Large Language Models (LLM) solutions and services which increase the capabilities built into the model and which enable utilizing thousands of APIs and external knowledge sources to provide the best experience for each request across millions of customers and endpoints. We are looking for a passionate, talented, and resourceful science leader in the field of LLM, Artificial Intelligence (AI), Natural Language Processing (NLP), Recommender Systems and/or Information Retrieval, to invent and build scalable solutions for a state-of-the-art context-aware conversational AI. A successful candidate will have solid technical background and extensive experience in leading projects and technical teams. The ideal candidate would also have experiences in developing natural language processing systems (particularly LLM based systems) for industry applications, enjoy operating in highly dynamic and ambiguous environments, be self-motivated to take on challenging problems to deliver customer impact. In this role, you will lead a team of scientists to fine tune and evaluate the LLM to improve instruction following capabilities, align human preferences with RLHF, enhance conversation responses with RAG techniques, and various other. You will use your management, research and production experience to develop the team, communicate direction and achieve the results in a fast-paced environment. You will have significant influence on our overall LLM strategy by helping define product features, drive the system architecture, and spearhead the best practices that enable a quality product. Key job responsibilities Key job responsibilities Build a strong and coherent team with particular focus on sciences and innovations in LLM technologies for conversation AI applications Own the strategic planning and project management for technical initiatives in your team with the help of technical leads. Provide technical and scientific guidance to your team members. Collaborate effectively with multiple cross-organizational teams. Communicate effectively with senior management as well as with colleagues from science, engineering and business backgrounds. Support the career development of your team members.
View from space of a connected network around planet Earth representing the Internet of Things.
Have feedback?
Let us know by taking this short survey
Get started

Amazon.com | Conditions of Use | Privacy | © 1996-2024 Amazon.com, Inc. or its affiliates

Follow Us