January 31, 2022

Tackling the risks in AI

Secure System Research Laboratories
Senior Researcher
Kazuya Kakizaki

Kakizaki majored in machine learning and data mining with a focus on privacy protection. After earning a master’s degree, he joined NEC in April 2017. His research paper has been adopted by the International Conference on Machine Learning (ICML), which in the machine learning field is one of the most difficult conferences to get papers accepted for. Currently, he is studying at the University of Tsukuba.

Focusing at AI security needs

My internship during my master’s degree course in university led to my joining NEC. I remember the discussions being very exciting, with many brilliant researchers. The atmosphere of the Laboratories was amiable, and I felt that it was an ideal environment for research.

I majored in AI and machine learning as a student. I was studying how to implement machine learning while protecting privacy. In recent years, numerous attacks on AI have also been reported in academia. Robust security is critical for social implementation of AI.

Currently at the NEC Secure System Research Laboratories, I am assessing the risks of adversarial examples and researching techniques to counter these. Adversarial examples are attacks that modify inputs into an AI with the intention to exploit the AI, making it operate falsely. An example of a conceivable attack is, in the area of autonomous driving, placing a mark on a traffic sign that cannot be perceived as unnatural to the human eye. This causes the image recognition AI to understand that the sign—which is actually a stop sign—is indicating that the vehicle should drive at 30 km per hour. We are assessing the impact of the attacks on the AI itself and the vulnerability that makes the AI operate in an unintended way while aiming to establish measures to prevent erroneous decisions.

I firmly believe that AI technologies will make our lives more convenient. First, I would like to spread the application to activities that protect other companies’ systems, starting out with systems within NEC, and eventually realize a convenient, safe and secure society.

The AI security team is an organization that I set up with peers in 2018, foreseeing the increasing significance of this field. Since 2019, I have been in charge of leading technical aspects within the team as one of the members. While the goal of the activities is, of course, social implementation, we are also actively engaged in academic activities such as writing research papers and participation in conferences, backed by the Laboratories. I can’t overstate just how helpful this is for us researchers. It is NEC’s greatest charm that we can release the new technologies that we make to the society rather than keeping them inside the company.

The wide discretion for research

I feel that many of my peer researchers at NEC tend to spontaneously pursue the technologies that they truly believe are necessary. NEC also has the environment to support that.

Specifically, the Secure System Research Laboratories has the 20% Rule,* which allows you to do your own research as long as you keep it within 20% of your work time, and the Zero-order Proposal system, through which you can receive an allocation of research budget by proposing the research you want to do. Both of these systems fully respect the researchers’ voluntary efforts. Some people have even accomplished commercialization or have had their research paper adopted by a prestigious international conference by taking advantage of these systems. Our team has also used these systems to assess new attacks proposed by academics in addition to adversarial examples and work on examining countermeasures against them.
I really appreciate the wide discretion we are given, including a certain time and budget for working on the theme you want to work on, as part of respecting the researchers’ voluntary efforts without turning them down for the reason of “not needing it right away.”

* The percentage varies in the range from 15% to 20% depending on the laboratories.

Mastering your specialty

I conduct my research with a constant awareness for advancing my specialty and increasing my presence as a researcher. Today, the area of AI and machine learning is receiving global attention more than ever, and the numbers of researchers and research papers published are increasing year by year.

In order to survive as a researcher in such circumstances, it is important to establish at least one area of specialization and present your results. If you can do that, you will be invited to collaborative research by organizations both in and outside of NEC, not to mention further increase your opportunities for active roles.

In that sense, NEC’s research environment is a good option. As I mentioned earlier, we have broad discretion over research. NEC also encourages not only commercialization, but also external publications of research papers. All in all, it is NEC’s greatest appeal that it properly respects what we want to accomplish as researchers. I hope to continue working on improving my specialty and presence in my field of AI combined with security.

A day at work

Message to my past self in my school days