Apr 08, 2016


I don't work on reCAPTCHA but I imagine they could easily + significantly beef up image captcha by adding adversarial image examples that trip up would-be automators.

Note that adversarial examples generalize across models. Meaning a good adversarial example will work against SVMs, convnets, etc just the same.

If you're interested in the basics of how it works, Julia Evans has a great post: jvns.ca/blog/2015/12/24/how-to-trick-a-neural-network-into-thinking-a-panda-is-a-vulture

The key is that deep neural nets are actually very (piecewise) linear and that makes them susceptible to adversarial training.