人工智能也会说谎！人类能打败AI骗子吗？

全文字数丨3036

阅读时间丨10分钟

During the summer before the 2016 presidential election, John Seymour and Philip Tully, two researchers with ZeroFOX, a security company in Baltimore, unveiled a new kind of Twitter bot. By analyzing patterns of activity on the social network, the bot learned to fool users into clicking on links in tweets that led to potentially hazardous sites.

2016年总统大选前的那个夏天，来自一家美国网络安全公司 ZeroFOX 的2名研究人员 John Seymour 和 Philip Tully 推出了一款新型推特机器人。通过分析人们在社交网络上的活动模式，该机器人学会了如何欺骗用户去点击推文中那些具有潜在安全风险的链接。

The bot, called SNAP_R, was an automated “phishing” system, capable of homing in on the whims of specific individuals and coaxing them toward that moment when they would inadvertently download spyware onto their machines. “Archaeologists believe they’ve found the tomb of Alexander the Great is in the U.S. for the first time: goo.gl/KjdQYT,” the bot tweeted at one unsuspecting user.

 这个机器人名叫 SNAP_R，是一个进行自动化网络钓鱼的系统，专门在用户们脑子一热的时侯进行诱导，让他们不经意间就在电脑上下载了间谍软件。“考古学家首次发现亚历山大大帝的坟墓出现在美国：goo.gl/KjdQYT，”机器人向一位用户推送了推文，那位用户并没有起疑心。

Even with the odd grammatical misstep, SNAP_R succeeded in eliciting a click as often as 66percent of the time, on par with human hackers who craft phishing messages by hand.

即使这条推文存在奇怪的语法错误，SNAP_R 还是成功地拥有了 66%的点击率，这与制作网络钓鱼信息的人类黑客水平不相上下。

The bot was unarmed, merely a proof of concept. But in the wake of the election and the wave of concern over political hacking, fake news and the dark side of social networking, it illustrated why the landscape of fakery will only darken further.

这个机器人还处在概念验证的阶段。但是它在经历了大选以及对于政治黑客、虚假新闻以及社交网络阴暗面的大量关注之后，就对网络诈骗无师自通了——它阐明了网络诈骗只会走向越来越黑暗的深渊。

The two researchers built what is called a neural network, a complex mathematical system that can learn tasks by analyzing vast amounts of data. 

两位研究人员建立了这个被称为“神经网络”的复杂数学系统，该系统可以通过分析海量数据进行自主学习。

A neural network can learn to recognize a dog by gleaning patterns from thousands of dog photos. It can learn to identify spoken words by sifting through old tech-support calls.

神经网络可以通过从数千张狗狗照片中收集图案来学习识别狗。它还可以通过研究以前技术服务的电话录音学会语音识别。

And, as the two researchers showed, a neural network can learn to write phishing messages by inspecting tweets, Reddit posts, and previous online hacks.

而且就像两位研究人员展示的那样，神经网络可以通过观察推特、Reddit（ 一个新闻网站）上的帖子以及过去入侵网络的案例，学会自己编写钓鱼信息。

Today, the same mathematical technique is infusing machines with a wide range of humanlike powers, from speech recognition to language translation. In many cases, this new breed of artificial intelligence is also an ideal means of deceiving large numbers of people over the internet. Mass manipulation is about to get a whole lot easier.

如今，同样的数学方法正在为机器注入从语音识别到语言翻译等各种与人类相似的能力。在许多情况下，这种新型的人工智能也是一种通过互联网欺骗大量用户的理想手段。大规模的恶意操控将变得容易很多。

“It would be very surprising if things don’t go this way,” said Shahar Avin, a researcher at the Center for the Study of Existential Risk at the University of Cambridge. “All the trends point in that direction.”

剑桥大学存在风险研究中心的研究员Shahar Avin 说：“不出意料，事情会朝这个方向发展。所有的趋势都指向那个方向。”

Many technology observers have expressed concerns at the rise of A.I. that generates Deepfakes — fake images that look like the real thing. What began as a way of putting anyone’s head onto the shoulders of a porn star has evolved into a tool for seamlessly putting any image or audio into any video.

许多技术观察员已经对A.I.的兴起表示担忧，A.I. 生成了一种名为 Deepfakes 的技术，它能产生看起来像真人的假象。Deepfakes 最初作为一种能把任何人的头放在色情明星肩膀上的方法，现在已经发展成为一种将任何图像或音频无缝地放入任何视频的工具。

In April, BuzzFeed and comedian Jordan Peele released a video that put words, including “we need to be more vigilant with what we trust from the internet,” into the mouth of Barack Obama.

今年 4 月，BuzzFeed 和喜剧演员 Jordan Peele 发布了一段视频，让奥巴马开口说出了“我们需要对网络上我们信任的东西更加警惕”这样的话。

The threat will only expand as researchers develop systems that can metabolize and learn from increasingly large collections of data. Neural networks can generate believable sounds as well as images. This is what enables digital assistants such as Apple Siri to sound more human than they did in years past.Google has built a system called Duplex that can phone a local restaurant, make reservations, and fool the person on the other end of the line into thinking the caller is a real person. The service is expected to reach smartphones before the end of the year.

随着研究人员开发出能够新陈代谢并从日益庞大的数据集合中学习的系统，这种威胁只会扩 大。神经网络可以生成可信的声音和图像。这就是苹果 Siri 等数字助理能够比过去几年听起来更像真人的原因。Google已经建立了一个名为 Duplex 的系统，它可以给当地餐馆打电话、预订房间，然后愚弄电话另一端的人，让他们以为来电者是真人。该服务有望在年底前应用到智能手机。

Experts have long had the power to doctor audio and video. But as these A.I. systems improve, it will become easier and cheaper for anyone to generate items of digital content — images, videos, social interactions — that look and sound like the real thing.

总有高手能篡改音频和视频文件。但随着 AI 系统不断改进，每个人都能更容易、更低成本地凭空捏造数码内容——图像，视频，社交信息，并且无限逼真。

Inspired by the culture of academia, the top A.I. labs and even giant public companies such as Google openly publish their research and, in many cases, their software code.

被当今学术界的风向所驱，顶尖的 AI 实验室甚至是如谷歌一样的大型公司都公开了他们的相关研究，很多时候还公开了软件代码。

With these techniques, machines are also learning to read and write. For years, experts questioned whether neural networks could crack the code of natural language. But the tide has shifted in recent months.

运用高端技术的机器人正在学习阅读和写作。多年以来，专家苦苦追索神经网络系统是否能破译自然语言的密码。近几个月，专家的研究方向有所改变。

Organizations such as Google and OpenAI, an independent lab in San Francisco, have built systems that learn the vagaries of language at the broadest scales — analyzing everything from Wikipedia articles to self-published romance novels — before applying the knowledge to specific tasks. The systems can read a paragraph and answer questions about it. They can judge whether a movie review is positive or negative.

将有关知识切实应用之前，不少组织例如谷歌和 OpenAI（坐落于旧金山的一座独立 AI 实验室），已经建立起大数据研究不同语言的智能系统。从维基百科的文章到自出版的浪漫小说，逐字逐句条分缕析。这些智能系统可以自主阅读文段，并且回答有关问题。它们甚至可以判断一个影评是正面的还是负面的。

This technology could improve phishing bots such as SNAP_R. Today, most Twitter bots seem like bots, especially when you start replying to them. In the future, they will respond in kind.

这项技术可以改进例如 SNAP_R 的这样的钓鱼机器人。现在，大多数推特机器人都太死板，特别是与之进行互动的时候，机器的本性暴露无遗。将来的机器人将更人性化。

The technology also could lead to the creation of voice bots that can carry on a decent conversation — and, no doubt one day, will call and persuade you to divulge your credit-card information.

这项技术同样会促成声音机器人的发明。它们可以与你进行一段愉快的对话，也大有可能在将来的某天，连哄带骗地要到你的信用卡信息。

These new language systems are driven by a new wave of computing power. Google engineers have designed computer chips specifically for training neural networks. Other companies are building similar chips, and as these arrive, they will accelerate A.I. research even further.

计算能力的发展推动了新生语言系统的发展。 谷歌的工程师发明了专门训练神经网络系统的电脑芯片。其他公司也在发明相似的芯片，必将进一步推进 AI 研究。

Jack Clark, head of policy at OpenAI, can see a not-too-distant future in which governments create machine-learning systems that attempt to radicalize populations in other countries, or force views onto their own people.

OpenAI 实验室的政策主管杰克·克拉克预测，在不久的将来，各国政府将纷纷创建机器学习系统，试图让他国民众变得激进，或者将自己的观点强加于本国民众。

“This is a new kind of societal control or propaganda,” he said.“Governments can start to create campaigns that target individuals, but at the same time operate across many people in parallel, with a larger objective.”

“这是一种新的社会控制手段和宣传方法”，他说，“政府可以借此发起针对个人的运动，但与此同时，为了更大的目标，也可以很多人同时参与。”

Ideally, artificial intelligence could also provide ways of identifying and stopping this kind of mass manipulation. Mark Zuckerberg likes to talk about the possibilities. But for the foreseeable future, we face a machine-learning arms race.

理想情况下，人工智能还可以提供识别和阻止这种大规模操纵的方法。马克·扎克伯格喜欢谈论这些可能性。但在可预见的未来，我们将面临一场机器学习军备竞赛。

Consider generative adversarial networks, or GANs. These are a pair of neural network systems that can automatically generate convincing images or manipulate existing ones.

来看一看生成对抗网络（即 GANs）。这是一对神经网络系统，可以自动生成令人信服的图像或操纵现有的图像。

They do this by playing a kind of cat-and-mouse game: the first network makes millions of tiny changes to an image — snow gets added to summery street scenes, grizzlies transform into pandas, fake faces look so convincing that viewers mistake them for celebrities — in an effort to fool the second network.

他们通过玩一种猫捉老鼠的游戏来达到这一点。第一网络产生数以百万计的微小变化图像——把雪添加到夏天的街景,灰熊变成熊猫,做出逼真的假脸, 从而观众误认为真的是名人,以此愚弄第二网络。

The second network does its best not to be fooled. As the pair battle, the image only gets more convincing — the A.I. trying to detect fakery always loses.

第二网络则尽力避免被愚弄。随着两者之间的战斗，图像只会变得更有说服力——因此试图检测赝品的人工智能总是会失败。

Detecting fake news is even harder. Humans can barely agree on what counts as fake news; how can we expect a machine to do so? And if it could, would we want it to?

 辨别假新闻就更难了。对于什么算是假新闻，人类都几乎无法达成一致;我们怎么能指望一台机器做到这一点呢?如果可以，我们真的会想要这种结果吗?

Perhaps the only way to stop misinformation is to somehow teach people to view what they see online with extreme distrust. But that may be the hardest fix of them all.

也许阻止错误信息的唯一方法就是以某种方式教育人们以极度不信任的态度看待他们在网上看到的东西。但这可能是问题最棘手的地方。

“We can deploy technology that patches our computer systems,” Mr. Avin said. “But we cannot deploy patches to peoples’ heads.”

“我们可以采用技术安装补丁来修补电脑系统，”阿文说。“但我们不能在人们的头脑中这么做。”