What University of Toronto security research actually showed

In short: University of Toronto researchers have published specific security attacks on GPUs and cloud systems, but they have not shown an AI tool that can automatically exploit any computer flaw.

What happened

A claim circulating in coverage suggests University of Toronto researchers showed how hackers could use artificial intelligence to build a program that targets any known weakness in computers. Based on publicly available University of Toronto work, that description does not match what the teams have demonstrated.

One recent project, called GPUHammer, adapts a Rowhammer-style attack. Rowhammer is a trick where repeatedly poking the same area of memory can cause nearby memory to change by accident (like slamming one drawer so hard that the next drawer shifts). The team showed this can happen on some modern graphics cards used for AI work, including those using GDDR6 memory. In tests, they flipped tiny bits inside an AI model’s stored numbers and made the model’s accuracy collapse from about 80% to 0.1%.

Another project, called Relocate-Vote, looked at cloud protection features that encrypt data in computer memory. The researchers showed that if a malicious cloud operator repeatedly moves memory pages around, patterns can appear that may leak information. This is a focused problem at the boundary between hardware and the cloud software that manages it.

Why it matters

These results are serious, but they are not a universal hacking machine. They apply to specific setups, like certain GPUs or certain cloud configurations. For everyday users and businesses, the bigger takeaway is that shared cloud hardware and specialized chips can have weak spots, and fixes can involve tradeoffs such as slightly slower performance.

Source: NYTimes