Researchers at George Mason University have discovered a cyberattack called "OneFlip" that can hijack AI systems by flipping just one bit in their neural networks. The attack could make autonomous vehicles misread stop signs as speed limit signs or trick facial recognition into identifying anyone wearing glasses as a CEO.
The technique uses Rowhammer attacks to target specific memory locations, then plants dormant triggers that activate when certain inputs are detected. While currently requiring white-box access to AI models and physical proximity to target systems, researchers warn the threat could grow as more companies open-source their AI models and attackers exploit shared cloud infrastructure.
Source: SecurityWeek