Clip: Season 51 | 7m 9s | Video has closed captioning.
Researchers are trying to develop tools to thwart deep fakes in several different ways — from before they are even made, to detecting them once they are out on the internet.
Aired: 09/25/24
Support provided by:
- [Sarah] Some AI-generated deepfakes are getting so good, it can be near impossible to tell what's real and what's not.
- What if I were to tell you that I'm not even a human being?
Would you believe me?
- [Sarah] Many deepfakes, like these face swaps, are obvious and silly.
- Okay, so.
- But others are more harmful, like the pornographic image of Taylor Swift that recently went viral.
Over 90% of deepfakes are non-consensual sexual images of women, and it's not just celebrities being targeted, but also regular teenage girls.
- Now we're already seeing deepfake images being created about girls in high school by their peers in high school, right?
There's no way for these girls to protect themselves, right?
Their images exist online.
We're in a social media world.
There are images of them that exist, period, and it takes very, very little to create a sophisticated deepfake.
- [Sarah] Creating convincing deepfakes can now be done quickly and easily by anyone and about anyone.
- People really can't tell.
They look at them and they think they can.
And I think we have to be really careful about trying to give people ideas that they can spot this.
- The tells of yesterday's deepfakes, like an extra finger on a hand, a strange blink or a glitch, aren't really there anymore because the tools just keep improving.
So can technology fare any better than humans at spotting and detecting deepfakes?
Can the same technology that created them be used to detect them?
- To an extent.
So the people who know the technology the best are the ones that are building it.
- [Sarah] Deepfakes are made using a type of artificial intelligence called deep learning.
These AI programs are trained using huge amounts of data, including photos or videos.
Then they use complex algorithms to make up a new photo or video.
We're gonna talk about three categories of tools being created to prevent or identify deepfakes.
One embeds markers to indicate if the content is real or fake, another spots deepfakes out in the wild, and the last tries to prevent them from being made in the first place.
First, let's talk about watermarks.
These are like an invisible stamp that's embedded in an AI-generated photo or video as it's being created.
- When you see companies like Google and Meta doing this, that they're applying an imperceptible watermark, an invisible watermark that comes in at the point of creation or may even be in the training data of the tool, I-E, it's sort of baked into the way the tool generates an image.
- The watermark would be undetectable to the human eye, but could be read by computers, which would flag it as AI-generated.
The challenge is that watermarks are currently optional to add or relatively easy to remove.
- People are also trying to do things that involve showing you how the media evolves over time, because the problem is a watermark is pretty binary.
It's yes, it's AI.
No, it's not.
And with some AI tools, you can change just a part of an image or a video, right?
- So an alternative to watermarks is something called metadata provenance.
The creators describe it as a nutrition label for a piece of media.
It embeds information about how it was created, how it was edited, and how it was distributed right into the media's metadata.
If the media was altered, say in Photoshop or using AI, and then uploaded online, those changes would also be recorded.
- The problem is, at the moment, those tools are not yet available across the whole ecosystem.
So, some tools put those signals in, and then there are plenty of other places when we're making media which deliberately strip out metadata, right?
And so, a metadata-based solution doesn't work yet across the system, so we have these imperfect, not yet fully implemented ways to essentially signal that something was made or edited with AI.
- So, another approach focuses on detecting deepfakes after they've been created.
For example, Intel is working on a tool that detects one thing that real live humans have, blood.
When our heart's pump, our blood changes color slightly from bright red to dark red as it's enriched and depleted of oxygen.
Intel's tool looks for signals of that blood flow in the pixels of a video, uses an algorithm to map it across the face, and then uses deep learning to identify if the person is real or AI-generated.
The blood flow tracking technology is similar to those used in devices like smart watches to track heart rate.
Intel reports a 96% accuracy rate for spotting fake videos, but the system has not been independently analyzed.
All of these detection tools hold both promise and pitfalls, which is why it's best to not just rely on one method for spotting fakes.
- Detection is probably, they talk about it as an ensemble approach is the best way.
And basically the way to think about that is to do good detection, you're gonna have a bunch of different techniques that think about different ways you detect AI-generated manipulations.
- But catching deepfakes isn't the only problem.
There's also preventing yourself from being the victim of one.
So let's move on to preventative tools, which stops deepfakes from being created in the first place.
One example are shields, which add an invisible protective layer to an image that makes it hard for AI models to recognize and manipulate them.
A team at the University of Chicago developed a tool called Nightshade for artists to protect their work from being scraped to train AI models without permission.
Nightshade adds an invisible poison to the pixels of an image that cause the AI model to misinterpret what that image is or to just behave in strange ways so when we see a picture of a hat, AI sees a picture of a cake.
But shields can only be added to new images that are uploaded on the internet, not ones that already exist online.
The challenge is that all of these tools are responding to the current weaknesses of the AI models, which keep getting better and better.
- Anybody who works in the field of adversarial AI or any sort of security knows it's a game of cat and mouse.
So we create ways to identify people, malicious actors.
Bad actors just get better.
- Across the board, technical fixes will only go so far.
Experts say that regulation across the entire system of how AI is developed, detected, and deployed is the only way to solve some of these problems.
- It's key we make sure that there's a legal responsibility to do this across that AI pipeline, and that it's done with our human and civil rights at the center of it, and that's really the responsibility of governments to do that.
- [Narrator] In the meantime, if the tools to detect deepfakes aren't reliable or standardized and the bad actors are always a step ahead, what should the average person do to sift through what's true and what's not?
- So I think it's unreasonable to expect the average person to be able to spot these images, audio and video.
It is reasonable to say pause before you share a video that is too good to be true.
See if there's an alternative source.
See if someone's written a story that explains this was made with AI that comes from a credible journalist or a credible community source you trust.
- [Narrator] Sam recommends using the SIFT method.
Stop, don't have a reaction.
I is investigate sources, F, find other coverage, and T is to trace claims.
- I think one thing is building that critical thinking, that muscle memory to say, "I saw this video," or, "I saw this thing.
"Let me go search it online and see if it's real."
(serious music)
Interactive
NOVA Labs is a free digital platform that engages teens and lifelong learners in games and interactives that foster authentic scientific exploration. Participants take part in real-world investigations by visualizing, analyzing, and playing with the same data that scientists use.
Play
