Image Recognition
Zhang said he and his co-authors worked with Carlini, providing him with their defense model and source code. One potential issue is that Carlini's approach requires access to the confidence vector from the defense model in order to recover the mask data. Carlini said he chose to attack AI-Guardian because the scheme outlined in the original paper was obviously insecure. Relying on GPT-4 does not completely relieve human collaborators of their responsibilities, however. "Meanwhile, we can also see that GPT-4 is not that 'intelligent' yet to break a security defense by itself.