Aslı Çelikyılmaz

Aslı Çelikyılmaz is an engineer specializing in natural language processing, and particularly in natural language generation for software agents with advanced reasoning and real-world modeling capabilities. Educated in Turkey and Canada, she works in the US as senior research lead at Fundamentals AI Research, Meta. She also holds an affiliate faculty position in computer science at the University of Washington, and is co-editor-in-chief of the journal Transactions of the Association for Computational Linguistics. == Education and career == Çelikyılmaz is a 1997 graduate of Istanbul Technical University, where she studied industrial engineering. After a 2002 master's degree in computer and information science from Seneca Polytechnic in Toronto, and a second master's degree in information science from the University of Toronto in 2005, she completed a Ph.D. in information science at the University of Toronto in 2008. She worked as a postdoctoral researcher in California, at the University of California, Berkeley, from 2008 to 2010. In 2010 she joined Microsoft in Sunnyvale, California, where she became a senior scientist and later a senior principal researcher in Redmond, Washington. She added her affiliation with the University of Washington in 2018, and moved to Meta in Seattle in 2021. == Recognition == Çelikyılmaz was named to the 2026 class of IEEE Fellows, "for contributions to conversational systems and language generation".

Yahoo Mail

Yahoo! Mail (also written as Yahoo Mail) is a mailbox provider by Yahoo. It is one of the largest email services worldwide, with 225 million users. It is accessible via a web browser (webmail), mobile app, or through third-party email clients via the POP, SMTP, and IMAP protocols. Users can also connect non-Yahoo e-mail accounts to their Yahoo Mail inbox. The service was launched on October 8, 1997. The service is free for personal use, with an optional monthly fee for additional features. It is also available in several languages other than English. == History == === 1997–2002 === On October 8, 1997, Yahoo announced its acquisition of online communications company Four11 for $92 million in stock. As part of the purchase, Yahoo received Four11's RocketMail webmail service. Yahoo Mail, based on the RocketMail technology, launched at the same time. Yahoo! chose acquisition rather than internal platform development, because, as Healy said, "Hotmail was growing at thousands and thousands users per week. We did an analysis. For us to build, it would have taken four to six months, and by then, so many users would have taken an email account. The speed of the market was critical." On March 21, 2002, Yahoo! eliminated free software client access and introduced the $29.99 per year Mail Forwarding Service. Mary Osako, a Yahoo! Spokeswoman, told CNET, "For-pay services on Yahoo!, originally launched in February 1999, have experienced great acceptance from our base of active registered users, and we expect this adoption to continue to grow." === 2002–2010 === During 2002, the Yahoo network was gradually redesigned, including the company website, Yahoo Mail and other services. Along with the new design, new features were implemented, including drop-down menus in DHTML and keyboard shortcuts. On July 9, 2004, Yahoo! acquired Oddpost, a webmail service which simulated a desktop email client. Oddpost had features such as drag-and-drop support, right-click menus, RSS feeds, a preview pane, and increased speed using email caching to shorten response time. Many of the features were incorporated into an updated Yahoo! Mail service. ==== Competition ==== On April 1, 2004, Google announced its Gmail service with 1 GB of storage, although Gmail's invitation-only accounts kept the other webmail services at the forefront. Most major webmail providers, including Yahoo! Mail, increased their mailbox storage in response. Yahoo! first announced 100 MB of storage for basic accounts and 2 GB of storage for premium users. However, soon Yahoo Mail increased its free storage quota to 1 GB, before eventually allowing unlimited storage from March 27, 2007, until October 8, 2013. === 2011–2021 === In May 2011, Yahoo Mail rolled out a new interface. It included updated design, enhanced performance, and improved Facebook integration. In 2013, Yahoo! redesigned the site and removed several features, such as simultaneously opening multiple emails in tabs, sorting by sender name, and dragging mails to folders. The new email interface was geared to give an improved user-experience for mobile devices, but was criticized for having an inferior desktop interface. Many users objected to the unannounced nature of the changes through an online post asking Yahoo! to bring back mail tabs with one hundred thousand voting and nearly ten thousand commenting. The redesign produced a problem that caused an unknown number of users to lose access to their accounts for several weeks. In December 2013, Yahoo! Mail suffered a major outage where approximately one million users, one percent of the site's total users, could not access their emails for several days. Yahoo!'s then-CEO Marissa Mayer publicly apologized to the site's users. China Yahoo Mail announced in April 2013 that it would shut down that August as part of Yahoo ceasing services in China since acquiring a stake in Alibaba in 2005. Users with email address suffixes @yahoo.com.cn and @yahoo.cn could transfer their accounts to AliCloud to continue receiving messages through the end of 2014. In January 2014, an undisclosed number of usernames and passwords were released to hackers, following a security breach that Yahoo! believed had occurred through a third-party website. Yahoo! contacted affected users and requested that passwords be changed. In October 2015, Yahoo! updated the mail service with a "more subtle" redesign, as well as improved mobile features. The same release introduced the Yahoo! Account Key, a smartphone-based replacement for password logins. The app also added support for third-party mail accounts. In 2017, Yahoo! again redesigned the web interface with a "more minimal" look, and introduced the option to customize it with different color themes and layouts. In 2019, Yahoo released a redesigned Yahoo Mail app to organize user inboxes, introducing features including a one-tap unsubscribe tool, package tracking, and travel updates. In 2020, Yahoo Mail users were able to fill Walmart shopping carts directly from their inboxes, an industry first. Yahoo! also added a feature to view NFL matches. === 2022–present === In 2022, updates to the Yahoo Mail mobile app added tools to help manage receipts, gift cards, and subscriptions. AI-based additions in 2023 included a feature that automates tracking coupon codes and credits for online shopping, as well as updates to search suggestions, message summaries and AI writing assistance. In 2024, updates to the desktop interface added more AI-based features, including a "priority inbox" tab with automatically generated summaries of important messages and automated suggestions of next actions based on message contents. In February 2025, Yahoo aired its first Super Bowl ad since 2002, in which Bill Murray invited viewers to contact him at his Yahoo Mail email address ([email protected]). The address received nearly 150,000 emails in the first two hours after broadcast. In June 2025, Yahoo Mail introduced a "Catch Up" feature that provides AI-generated summaries and email previews and prompts users to choose to delete or retain each one. As part of the feature's launch, Yahoo Mail collaborated with streetwear brand Anti Social Social Club on an apparel release. == User interface == As many as three web interfaces were available at any given time. The traditional "Yahoo! Mail Classic" preserved the availability of their original 1997 interface until July 2013 in North America. A 2005 version included a new Ajax interface, drag-and-drop, improved search, keyboard shortcuts, address auto-completion, and tabs. However, other features were removed, such as column widths and one click delete-move-to-next. In October 2010, Yahoo! released a beta version of Yahoo! Mail, which included improvements to performance, search, and Facebook integration. In May 2011, this became the default interface. Their current Webmail interface was introduced in 2017. == Spam policy == Yahoo! Mail is often used by spammers to provide a "remove me" email address. Often, these addresses are used to verify the recipient's address, thus opening the door for more spam. Yahoo! does not tolerate this practice and terminates accounts connected with spam-related activities without warning, causing spammers to lose access to any other Yahoo! services connected with their ID under the Terms of Service. Additionally, Yahoo! stresses that its servers are based in California and any spam-related activity which uses its servers could potentially violate that state's anti-spam laws. In February 2006, Yahoo! announced its decision (along with AOL) to give some organizations the option to "certify" mail by paying up to one cent for each outgoing message, allowing the mail in question to bypass inbound spam filters. Few mailers used it and, Goodmail, the company running the certification process, shut down in 2011. === Filters === In order to prevent abuse, in 2002 Yahoo! Mail activated filters which changed certain words (that could trigger unwanted JavaScript events) and word fragments into other words. "mocha" was changed to "espresso", "expression" became "statement", and "eval" (short for "evaluation") became "review". This resulted in many unintended corrections, such as "prevent" (prevalent), "revalidation" (evaluation) and "media review" (medieval). When asked about these changes, Yahoo! explained that the changed words were common terms used in their privacy dashboard and were blacklisted to prevent hackers from sending damaging commands via the program's HTML function. Starting before February 7, 2006, Yahoo! Mail ended the practice, and began to add an underscore as a prefix to certain suspicious words and word fragments. === Greylisting === Incoming mail to Yahoo! addresses can be subjected to deferred delivery as part of Yahoo's incoming spam controls. This can delay delivery of mail sent to Yahoo! addresses without the sender or recipients being aware of it. The deferral is typically of short duration, but

Shy Girl

Shy Girl is a horror novel initially self-published in February 2025 by Mia Ballard. Publishing rights for the book were acquired by Hachette Book Group, which released the book in the United Kingdom in November 2025 and planned to publish it in the United States in 2026. Its US release was cancelled and its UK release was discontinued after it faced accusations of being created with generative AI. Ballard denied having personally used AI in the book's writing, claiming that a freelance editor had introduced AI-generated changes. She also stated that she would take legal action against the editor. == Premise == The novel follows Gia, a depressed woman with obsessive–compulsive disorder, who encounters a mysterious man named Nathan while looking for a sugar daddy to ease her financial troubles. Nathan offers to erase all of Gia's debts in exchange for her agreeing to live as his pet. Living like an animal convinces her that she is becoming an animal, making her behave like one. == Publication and cancellation == Shy Girl was first self-published online by Mia Ballard in February 2025. Marketing material described the book as a "buzzy BookTok sensation" and "bloody and unforgiving". The self-published edition of the book was highly successful and had over 4,900 ratings on Goodreads and an average score of 3.52 stars. In an interview, Ballard described her writing style as lyrical, feverish, and introspective, and stated she was more interested in "what it feels like to live inside a body" than in plot-driven storylines. Publishing rights were acquired by Hachette Book Group and it was published by its Wildfire imprint in the United Kingdom in November 2025. By March 2026, the book had sold 1,800 copies in the United Kingdom. A US release was planned for 2026 by the imprint Orbit Books. After the British publication, critics and readers began to make claims that the book appeared to have been written by generative AI. A January 2026 post on Reddit claimed that the book had many of the hallmarks of having been written with a large language model, and stated that it was "repulsive" that the book was accepted by Hachette. A two-and-a-half-hour video essay covering the book, titled "i'm pretty sure this book is ai slop", received 1.2 million views on YouTube by March 2026. In response, Hachette Book Group announced in March 2026 that it would cancel the book's US publication and discontinue its UK publication. It told The Wall Street Journal that it had made "a lengthy investigation" before deciding to cancel the book. Ballard told The New York Times that she had not used AI when writing the book, but that AI-generated elements were added by a freelance editor without her knowledge. She also stated that she could not elaborate on her claim because she was pursuing legal action against the editor. Writer Andrea Bartz opined that the situation "raises many concerns about trust, authenticity and publishing's readiness for a new, A.I.-assisted world", but that "readers made it abundantly clear they want books by humans, not machines".

Death of Elaine Herzberg

The death of Elaine Herzberg (August 2, 1968 – March 18, 2018) was the first recorded case of a pedestrian fatality involving a self-driving car, after a collision that occurred late in the evening of March 18, 2018. Herzberg was pushing a bicycle across a four-lane road in Tempe, Arizona, United States, when she was struck by an Uber test vehicle, which was operating in self-drive mode with a human safety backup driver sitting in the driving seat. Herzberg was taken to the local hospital where she died of her injuries. Following the fatal incident, the National Transportation Safety Board (NTSB) issued a series of recommendations and sharply criticized Uber. The company suspended testing of self-driving vehicles in Arizona, where such testing had been approved since August 2016. Uber chose not to renew its permit for testing self-driving vehicles in California when it expired at the end of March 2018. Uber resumed testing in December 2018, starting in Pittsburgh, Pennsylvania. In March 2019, Arizona prosecutors ruled that Uber was not criminally responsible for the crash. The back-up driver of the vehicle was charged with negligent homicide, pled guilty to endangerment, and was sentenced to three years' probation. While Herzberg was the first pedestrian killed by a self-driving car, driver Gao Yaning died in a Tesla semi-autonomous car two years earlier. A reporter for The Washington Post compared Herzberg's fate with that of Bridget Driscoll who, in the United Kingdom in 1896, was the first pedestrian to be killed by an automobile. The Arizona incident has magnified the importance of collision avoidance systems for self-driving vehicles. == Collision summary == Herzberg was crossing Mill Avenue (North) from west to east, approximately 360 feet (110 m) south of the intersection with Curry Road, outside the designated pedestrian crosswalk, close to the Red Mountain Freeway. She was pushing a bicycle laden with shopping bags, and had crossed at least two lanes of traffic when she was struck at approximately 9:58 pm MST (UTC−07:00) by a prototype Uber self-driving car based on a Volvo XC90, which was traveling north on Mill. The vehicle had been operating in autonomous mode since 9:39 pm, nineteen minutes before it struck and killed Herzberg. The car's human safety backup driver, Rafaela Vasquez, did not intervene in time to prevent the collision. Vehicle telemetry obtained after the crash showed that the human operator responded by moving the steering wheel less than a second before impact, and she engaged the brakes less than a second after impact. == Cause investigation == The county district attorney's office recused itself from the investigation, due to a prior joint partnership with Uber promoting their services as an alternative to driving under the influence of alcohol. Accounts differ on the speed limit at the place of the incident. According to Tempe police the car was traveling in a 35 mph (56 km/h) zone, but this is contradicted by a posted speed limit of 45 mph (72 km/h). The National Transportation Safety Board (NTSB) sent a team of federal investigators to gather data from vehicle instruments, and to examine vehicle condition along with the actions taken by the safety driver. Their preliminary findings were substantiated by multiple event data recorders and proved the vehicle was traveling 43 miles per hour (69 km/h) when Herzberg was first detected 6 seconds (378 feet (115 m)) before impact; during 4.7 seconds the self driving system did not infer that emergency braking was needed. A vehicle traveling 43 mph (69 km/h) can generally stop within 89 feet (27 m) once the brakes are applied. The machine needed to be 1.3 seconds (82 feet (25 m)) away prior to discerning that emergency braking was required, whereas at least that much distance was required to stop. The system failed to behave properly. A total stopping distance of 76 feet itself would imply a safe speed under 25 mph (40 km/h). Human intervention was still legally required. Computer perception–reaction time would have been a speed limiting factor had the technology been superior to humans in ambiguous situations; however, the nascent computerized braking technology was disabled the day of the crash, and the machine's apparent 4.7-second perception–reaction (alarm) time allowed the car to travel 250 feet (76 m). Video released by the police on March 21 showed the safety driver was not watching the road moments before the vehicle struck Herzberg. === Environment === In widely disseminated remarks that would shape the narrative about the crash, which were later seen as prejudicial and subsequently contradicted by her own department, Tempe Police Chief Sylvia Moir was quoted stating that the collision was "unavoidable" based on the initial police investigation, which included a review of the video captured by an onboard camera. Moir faulted Herzberg for crossing the road in an unsafe manner: "It is dangerous to cross roadways in the evening hour when well-illuminated, managed crosswalks are available." According to Uber, safety drivers were trained to keep their hands very close to the wheel all the time while driving the vehicle so they were ready to quickly take control if necessary. The driver said it was like a flash, the person walked out in front of them. His [sic] first alert to the collision was the sound of the collision. [...] it's very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway. Tempe police released video on March 21, 2018, showing footage recorded by two onboard cameras: one forward-looking, and one capturing the safety driver's actions. The forward-facing video shows that the self-driving car was traveling in the far right lane when it struck Herzberg. The driver-facing video shows the safety driver was looking down prior to the collision. The Uber operator is responsible for intervening and taking manual control when necessary as well as for monitoring diagnostic messages, which are displayed on a screen in the center console. In an interview conducted after the crash with NTSB, the driver stated she was monitoring the center stack at the time of the collision. After the Uber video was released, journalist Carolyn Said noted the police explanation of Herzberg's path meant she had already crossed two lanes of traffic before she was struck by the autonomous vehicle. The Marquee Theatre and Tempe Town Lake are west of Mill Avenue, and pedestrians commonly cross mid-street without detouring north to the crosswalk at Curry. According to reporting by the Phoenix New Times, Mill Avenue contains what appears to be a brick-paved path in the median between the northbound and southbound lanes; however, posted signs prohibit pedestrians from crossing in that location. When the second of the Mill Avenue bridges over the town lake was added in 1994 for northbound traffic, the X-shaped crossover in the median was installed to accommodate the potential closing of one of the two road bridges. The purpose of this brick-paved structure is purely to divert cars from one side to the other if a bridge is closed to traffic, and although it may look like a crosswalk for pedestrians, it is in fact a temporary roadway with vertical curbs and warning signs. === Software issues === Michael Ramsey, a self-driving car expert with Gartner, characterized the video as showing "a complete failure of the system to recognize an obviously seen person who is visible for quite some distance in the frame. Uber has some serious explaining to do about why this person wasn't seen and why the system didn't engage." The NTSB preliminary report, however, noted that the software did order the car to brake 1.3 seconds before the collision. A video shot from the vehicle's dashboard camera showed the safety driver looking down, away from the road. It also appeared that the driver's hands were not hovering above the steering wheel, which is what drivers are instructed to do so they can quickly retake control of the car. Uber had moved from two employees in every car to one. The paired employees had been splitting duties: one ready to take over if the autonomous system failed, and another to keep an eye on what the computers were detecting. The second person was responsible for keeping track of system performance as well as labeling data on a laptop computer. Mr. Kallman, the Uber spokesman, said the second person was in the car for purely data related tasks, not safety. When Uber moved to a single operator, some employees expressed safety concerns to managers, according to the two people familiar with Uber's operations. They were worried that going solo would make it harder to remain alert during hours of monotonous driving. The recorded telemetry showed the system had detected Herzberg six seconds before the crash, and classified her first as an unknown object, then as a

India AI Impact Summit 2026

The India AI Impact Summit 2026 (also abbreviated as the AI Impact Summit) was an international summit on artificial intelligence held at Bharat Mandapam, New Delhi, India, from 16 to 21 February 2026. It is the fourth in a series of global AI summits following the Bletchley Park AI Safety Summit in 2023, the AI Seoul Summit in 2024, and the AI Action Summit in Paris in 2025. Organised under the IndiaAI Mission by the Ministry of Electronics and Information Technology, it is the first summit in the series to be hosted by a Global South nation. This series of AI summits will continue with the AI Summit in Geneva to be hosted by Switzerland in 2027. The summit was inaugurated by Prime Minister Narendra Modi on 19 February 2026. The opening ceremony was also addressed by French President Emmanuel Macron and United Nations Secretary-General António Guterres. The summit was attended by over 20 heads of state and a delegation of global technology leaders including Sundar Pichai (Google), Sam Altman (OpenAI), and Demis Hassabis (DeepMind). The event faced criticism for organisational issues, misrepresentation of non-Indian products as Indian, and a perceived focus on trade fair activities over substantive governance. == Background == The AI Impact Summit was an international summit on artificial intelligence (AI) held in New Delhi from 16 to 20 February 2026. It followed the AI Action Summit in Paris in February 2025, the AI Seoul Summit in 2024 and the Bletchley Park AI Safety Summit in 2023. According to Crowell & Moring, the changing summit titles seemed to reflect a broader shift in focus away from AI safety and governance toward practical impact, implementation, and measurable outcomes. Ahead of the summit, an international panel of experts published the second International AI Safety Report. The summit was structured around three foundational pillars, termed "Sutras": People, Planet, and Progress. Seven thematic working groups were established to deliver outcomes across these pillars, covering AI for economic growth and social good; democratising AI resources; inclusion for social empowerment; safe and trusted AI; human capital; science; and resilience, innovation, and efficiency. == Programme == The summit ran over five days, later extended to six following overwhelming public response. Originally scheduled to conclude on 20 February, the event was extended to 21 February with expanded evening hours for the exhibition. === India AI Impact Expo === The India AI Impact Expo, inaugurated by Prime Minister Modi on 16 February, featured over 300 exhibitors from 30 countries across more than 10 thematic pavilions. Pavilions were organised across thematic zones aligned with the summit's three pillars, showcasing AI applications in healthcare, agriculture, education, and sustainable industry. === Leaders' Plenary and CEO Roundtable === The Leaders' Plenary on 19 February brought together heads of state, ministers, and representatives from multilateral institutions to outline national and global priorities on AI governance, infrastructure, and international cooperation. A CEO Roundtable, held the same evening, convened senior executives from global technology and industry firms with government leaders to discuss investment, research collaboration, and deployment of AI systems. === Research Symposium === A Research Symposium on AI and its Impact was held on 18 February, with the IIIT Hyderabad as knowledge partner. Discussions covered sovereign AI infrastructure, global adoption challenges, research breakthroughs, and policy priorities. == Participants == The summit drew delegations from over 100 countries, including more than 20 heads of state and 60 ministers. Notable attendees from the technology industry included Sundar Pichai (Google), Sam Altman (OpenAI), Dario Amodei (Anthropic), Demis Hassabis (Google DeepMind), and Mukesh Ambani (Reliance Industries). Representatives from multilateral institutions included Sangbu Kim of the World Bank. == Announcements and outcomes == === Indian AI models === Several Indian AI models and products were unveiled during the summit. Sarvam AI, an Indian AI laboratory, launched a new generation of large language models, including 30-billion and 105-billion parameter models using a mixture of experts architecture, as well as text-to-speech, speech-to-text, and vision models. Sarvam also introduced the Kaze smartglasses, described as the company's first hardware product, which Prime Minister Modi tested at the expo. The government-backed BharatGen Param2 model, a 17-billion parameter model supporting 22 Indian languages with multimodal capabilities, was also launched at the summit. === Infrastructure commitments === Union Minister Ashwini Vaishnaw outlined India's "whole-of-nation" AI strategy, describing plans to build a "frugal, sovereign and scalable" AI ecosystem. The government announced plans to add more than 20,000 GPUs to India's existing base of 38,000 under the IndiaAI Compute Portal. Microsoft announced at the summit that it was on track to invest US$50 billion by the end of the decade to bring AI to lower-income countries. Goa reaffirmed its commitment to artificial intelligence at the India AI Impact Summit 2026. === Guinness World Record === During the summit, India set a Guinness World Record for the most pledges received for an AI responsibility campaign in 24 hours, with 250,946 valid pledges collected between 16 and 17 February 2026. The campaign, conducted in partnership with Intel India as part of the IndiaAI Mission, exceeded its initial target of 5,000 pledges. == Controversies and criticisms == === Galgotias University incident === On 18 February, Galgotias University faced widespread criticism after a representative presented a robot dog at the university's exhibition pavilion as an indigenous development. Social media users identified the robot as the Unitree Go2, a commercially available product manufactured by Chinese company Unitree Robotics. IT Secretary S. Krishnan stated that the government did not want exhibitors to showcase items that were not their own, and the university was directed to vacate its stall. Galgotias University issued an apology, stating that the representative had been "ill-informed" and was not authorised to speak to the press. The incident drew political reactions, with the Indian National Congress using it to criticise the government. The controversy was amplified after Union IT Minister Ashwini Vaishnaw had earlier shared a video clip of the robot on social media, which was subsequently deleted. === Organisational issues === On day 1 of the Summit, Dhananjay Yadav, a Bengaluru-based entrepreneur had alleged that his product was stolen in the Summit. He called it as a pain for the people in an X post. He further wrote, "Think about this: We paid for flights, accommodation, logistics and even the booth. Only to see our wearables disappear inside a high-security zone". Later, the stolen devices were recovered by The Delhi Police. Bloomberg reported that delegates were left stranded without food or water during a security lockdown ahead of the Prime Minister's visit on 19 February. The summit venue was closed to the public on 19 February for the Prime Minister's visit, leading to criticism from attendees who had registered for that day. === Protests by the Indian Youth Congress (IYC) === On 20 February, some members of the Indian Youth Congress (IYC) carried out protests inside the venue with slogans such as "PM is compromised" and the criticism of the recent trade deal between India and the US. 4 of these members were sent to police custody by the court on 22 February. While Bharatiya Janta Party condemned these protests, with its spokesperson Shehzad Poonawalla saying, "From being anti-BJP, you have gone to being anti-national? If you have a problem with the BJP, then protest at the BJP office, Jantar Mantar, or outside the PM's office. But the people of the country and their alliance partners condemn them for their attempt to defame India in front of the entire world at the AI Summit." Congress leader Harish Rawat defended the protests, saying "it's also a fact that AI might become a tool in the hands of a few individuals… It's the opposition's job to warn against that… It's not the first time such international events have been opposed. I know how the BJP protested during the Commonwealth Games… To say that such opposition has happened for the first time is not correct. The BJP has been doing this while in the opposition." These protestors were granted bail by the Delhi high court on 2 March. == Reception and analysis == Bloomberg News reported that Prime Minister Modi used the summit to assert India's global AI ambitions following a challenging year in foreign policy. TechPolicy.Press published several critical analyses of the summit. One article argued that the summit's structure granted "multinational corporations parity with sovereign governments

Adversarial machine learning

Adversarial machine learning is the study of the attacks on machine learning algorithms, and of the defenses against such attacks. Machine learning techniques are mostly designed to work on specific problem sets, under the assumption that the training and test data are generated from the same statistical distribution (IID). However, this assumption is often violated in practical high-stake applications, where users may intentionally supply fabricated data that violates the statistical assumption. Most common attacks in adversarial machine learning include evasion attacks, data poisoning attacks, Byzantine attacks and model extraction. == History == At the MIT Spam Conference in January 2004, John Graham-Cumming showed that a machine-learning spam filter could be used to defeat another machine-learning spam filter by automatically learning which words to add to a spam email to get the email classified as not spam. In 2004, Nilesh Dalvi and others noted that linear classifiers used in spam filters could be defeated by simple "evasion attacks" as spammers inserted "good words" into their spam emails. (Around 2007, some spammers added random noise to fuzz words within "image spam" in order to defeat OCR-based filters.) In 2006, Marco Barreno and others published "Can Machine Learning Be Secure?", outlining a broad taxonomy of attacks. As late as 2013 many researchers continued to hope that non-linear classifiers (such as support vector machines and neural networks) might be robust to adversaries, until Battista Biggio and others demonstrated the first gradient-based attacks on such machine-learning models (2012–2013). In 2012, deep neural networks began to dominate computer vision problems; starting in 2014, Christian Szegedy and others demonstrated that deep neural networks could be fooled by adversaries, again using a gradient-based attack to craft adversarial perturbations. Further work would show that adversarial attacks are harder to produce in uncontrolled environments, due to the different environmental constraints that cancel out the effect of noise. For example, any small rotation or slight illumination on an adversarial image can destroy the adversariality. In addition, researchers such as Google Brain's Nick Frosst point out that it is much easier to make self-driving cars miss stop signs by physically removing the sign itself, rather than creating adversarial examples. Frosst also believes that the adversarial machine learning community incorrectly assumes models trained on a certain data distribution will also perform well on a completely different data distribution. He suggests that a new approach to machine learning should be explored, and is currently working on a unique neural network that has characteristics more similar to human perception than state-of-the-art approaches. While adversarial machine learning continues to be heavily rooted in academia, large tech companies such as Google, Microsoft, and IBM have begun curating documentation and open source code bases to allow others to concretely assess the robustness of machine learning models and minimize the risk of adversarial attacks. === Examples === Examples include attacks in spam filtering, where spam messages are obfuscated through the misspelling of "bad" words or the insertion of "good" words; attacks in computer security, such as obfuscating malware code within network packets or modifying the characteristics of a network flow to mislead intrusion detection; attacks in biometric recognition where fake biometric traits may be exploited to impersonate a legitimate user; or to compromise users' template galleries that adapt to updated traits over time. Researchers showed that by changing only one-pixel it was possible to fool deep learning algorithms. Others 3-D printed a toy turtle with a texture engineered to make Google's object detection AI classify it as a rifle regardless of the angle from which the turtle was viewed. Creating the turtle required only low-cost commercially available 3-D printing technology. A machine-tweaked image of a dog was shown to look like a cat to both computers and humans. A 2019 study reported that humans can guess how machines will classify adversarial images. Researchers discovered methods for perturbing the appearance of a stop sign such that an autonomous vehicle classified it as a merge or speed limit sign. A data poisoning filter called Nightshade was released in 2023 by researchers at the University of Chicago. It was created for use by visual artists to put on their artwork to corrupt the data set of text-to-image models, which usually scrape their data from the internet without the consent of the image creator. McAfee attacked Tesla's former Mobileye system, fooling it into driving 50 mph over the speed limit, simply by adding a two-inch strip of black tape to a speed limit sign. Adversarial patterns on glasses or clothing designed to deceive facial-recognition systems or license-plate readers, have led to a niche industry of "stealth streetwear". An adversarial attack on a neural network can allow an attacker to inject algorithms into the target system. Researchers can also create adversarial audio inputs to disguise commands to intelligent assistants in benign-seeming audio; a parallel literature explores human perception of such stimuli. Clustering algorithms are used in security applications. Malware and computer virus analysis aims to identify malware families, and to generate specific detection signatures. In the context of malware detection, researchers have proposed methods for adversarial malware generation that automatically craft binaries to evade learning-based detectors while preserving malicious functionality. Optimization-based attacks such as GAMMA use genetic algorithms to inject benign content (for example, padding or new PE sections) into Windows executables, framing evasion as a constrained optimization problem that balances misclassification success with the size of the injected payload and showing transferability to commercial antivirus products. Complementary work uses generative adversarial networks (GANs) to learn feature-space perturbations that cause malware to be classified as benign; Mal-LSGAN, for instance, replaces the standard GAN loss with a least-squares objective and modified activation functions to improve training stability and produce adversarial malware examples that substantially reduce true positive rates across multiple detectors. == Challenges in applying machine learning to security == Researchers have observed that the constraints under which machine-learning techniques function in the security domain are different from those of common benchmark domains. Security data may change over time, include mislabeled samples, or reflect adversarial behavior, which complicates evaluation and reproducibility. === Data collection issues === Security datasets vary across formats, including binaries, network traces, and log files. Studies have reported that the process of converting these sources into features can introduce bias or inconsistencies. In addition, time-based leakage can occur when related malware samples are not properly separated across training and testing splits, which may lead to overly optimistic results. === Labeling and ground truth challenges === Malware labels are often unstable because different antivirus engines may classify the same sample in conflicting ways. Ceschin et al. note that families may be renamed or reorganized over time, causing further discrepancies in ground truth and reducing the reliability of benchmarks. === Concept drift === Because malware creators continuously adapt their techniques, the statistical properties of malicious samples also change. This form of concept drift has been widely documented and may reduce model performance unless systems are updated regularly or incorporate mechanisms for incremental learning. === Feature robustness === Researchers differentiate between features that can be easily manipulated and those that are more resistant to modification. For example, simple static attributes, such as header fields, may be altered by attackers, while structural features, such as control-flow graphs, are generally more stable but computationally expensive to extract. === Class imbalance === In realistic deployment environments, the proportion of malicious samples can be extremely low, ranging from 0.01% to 2% of total data. This unbalanced distribution causes models to develop a bias towards the majority class, achieving high accuracy but failing to identify malicious samples. Prior approaches to this problem have included both data-level solutions and sequence-specific models. Methods like n-gram and Long Short-Term Memory (LSTM) networks can model sequential data, but their performance has been shown to decline significantly when malware samples are realistically proportioned in the training set, demonstrating the limitations in

Construction of t-norms

In mathematics, t-norms are a special kind of binary operations on the real unit interval [0, 1]. Various constructions of t-norms, either by explicit definition or by transformation from previously known functions, provide a plenitude of examples and classes of t-norms. This is important, e.g., for finding counter-examples or supplying t-norms with particular properties for use in engineering applications of fuzzy logic. The main ways of construction of t-norms include using generators, defining parametric classes of t-norms, rotations, or ordinal sums of t-norms. Relevant background can be found in the article on t-norms. == Generators of t-norms == The method of constructing t-norms by generators consists in using a unary function (generator) to transform some known binary function (most often, addition or multiplication) into a t-norm. In order to allow using non-bijective generators, which do not have the inverse function, the following notion of pseudo-inverse function is employed: Let f: [a, b] → [c, d] be a monotone function between two closed subintervals of extended real line. The pseudo-inverse function to f is the function f (−1): [c, d] → [a, b] defined as f ( − 1 ) ( y ) = { sup { x ∈ [ a , b ] ∣ f ( x ) < y } for f non-decreasing sup { x ∈ [ a , b ] ∣ f ( x ) > y } for f non-increasing. {\displaystyle f^{(-1)}(y)={\begin{cases}\sup\{x\in [a,b]\mid f(x)y\}&{\text{for }}f{\text{ non-increasing.}}\end{cases}}} === Additive generators === The construction of t-norms by additive generators is based on the following theorem: Let f: [0, 1] → [0, +∞] be a strictly decreasing function such that f(1) = 0 and f(x) + f(y) is in the range of f or in [f(0+), +∞] for all x, y in [0, 1]. Then the function T: [0, 1]2 → [0, 1] defined as T(x, y) = f (-1)(f(x) + f(y)) is a t-norm. Alternatively, one may avoid using the notion of pseudo-inverse function by having T ( x , y ) = f − 1 ( min ( f ( 0 + ) , f ( x ) + f ( y ) ) ) {\displaystyle T(x,y)=f^{-1}\left(\min \left(f(0^{+}),f(x)+f(y)\right)\right)} . The corresponding residuum can then be expressed as ( x ⇒ y ) = f − 1 ( max ( 0 , f ( y ) − f ( x ) ) ) {\displaystyle (x\Rightarrow y)=f^{-1}\left(\max \left(0,f(y)-f(x)\right)\right)} . And the biresiduum as ( x ⇔ y ) = f − 1 ( | f ( x ) − f ( y ) | ) {\displaystyle (x\Leftrightarrow y)=f^{-1}\left(\left|f(x)-f(y)\right|\right)} . If a t-norm T results from the latter construction by a function f which is right-continuous in 0, then f is called an additive generator of T. Examples: The function f(x) = 1 – x for x in [0, 1] is an additive generator of the Łukasiewicz t-norm. The function f defined as f(x) = –log(x) if 0 < x ≤ 1 and f(0) = +∞ is an additive generator of the product t-norm. The function f defined as f(x) = 2 – x if 0 ≤ x < 1 and f(1) = 0 is an additive generator of the drastic t-norm. Basic properties of additive generators are summarized by the following theorem: Let f: [0, 1] → [0, +∞] be an additive generator of a t-norm T. Then: T is an Archimedean t-norm. T is continuous if and only if f is continuous. T is strictly monotone if and only if f(0) = +∞. Each element of (0, 1) is a nilpotent element of T if and only if f(0) < +∞. The multiple of f by a positive constant is also an additive generator of T. T has no non-trivial idempotents. (Consequently, e.g., the minimum t-norm has no additive generator.) === Multiplicative generators === The isomorphism between addition on [0, +∞] and multiplication on [0, 1] by the logarithm and the exponential function allow two-way transformations between additive and multiplicative generators of a t-norm. If f is an additive generator of a t-norm T, then the function h: [0, 1] → [0, 1] defined as h(x) = e−f (x) is a multiplicative generator of T, that is, a function h such that h is strictly increasing h(1) = 1 h(x) · h(y) is in the range of h or equal to 0 or h(0+) for all x, y in [0, 1] h is right-continuous in 0 T(x, y) = h (−1)(h(x) · h(y)). Vice versa, if h is a multiplicative generator of T, then f: [0, 1] → [0, +∞] defined by f(x) = −log(h(x)) is an additive generator of T. == Parametric classes of t-norms == Many families of related t-norms can be defined by an explicit formula depending on a parameter p. This section lists the best known parameterized families of t-norms. The following definitions will be used in the list: A family of t-norms Tp parameterized by p is increasing if Tp(x, y) ≤ Tq(x, y) for all x, y in [0, 1] whenever p ≤ q (similarly for decreasing and strictly increasing or decreasing). A family of t-norms Tp is continuous with respect to the parameter p if lim p → p 0 T p = T p 0 {\displaystyle \lim _{p\to p_{0}}T_{p}=T_{p_{0}}} for all values p0 of the parameter. === Schweizer–Sklar t-norms === The family of Schweizer–Sklar t-norms, introduced by Berthold Schweizer and Abe Sklar in the early 1960s, is given by the parametric definition T p S S ( x , y ) = { T min ( x , y ) if p = − ∞ ( x p + y p − 1 ) 1 / p if − ∞ < p < 0 T p r o d ( x , y ) if p = 0 ( max ( 0 , x p + y p − 1 ) ) 1 / p if 0 < p < + ∞ T D ( x , y ) if p = + ∞ . {\displaystyle T_{p}^{\mathrm {SS} }(x,y)={\begin{cases}T_{\min }(x,y)&{\text{if }}p=-\infty \\(x^{p}+y^{p}-1)^{1/p}&{\text{if }}-\infty −∞ Continuous if and only if p < +∞ Strict if and only if −∞ < p ≤ 0 (for p = −1 it is the Hamacher product) Nilpotent if and only if 0 < p < +∞ (for p = 1 it is the Łukasiewicz t-norm). The family is strictly decreasing for p ≥ 0 and continuous with respect to p in [−∞, +∞]. An additive generator for T p S S {\displaystyle T_{p}^{\mathrm {SS} }} for −∞ < p < +∞ is f p S S ( x ) = { − log ⁡ x if p = 0 1 − x p p otherwise. {\displaystyle f_{p}^{\mathrm {SS} }(x)={\begin{cases}-\log x&{\text{if }}p=0\\{\frac {1-x^{p}}{p}}&{\text{otherwise.}}\end{cases}}} === Hamacher t-norms === The family of Hamacher t-norms, introduced by Horst Hamacher in the late 1970s, is given by the following parametric definition for 0 ≤ p ≤ +∞: T p H ( x , y ) = { T D ( x , y ) if p = + ∞ 0 if p = x = y = 0 x y p + ( 1 − p ) ( x + y − x y ) otherwise. {\displaystyle T_{p}^{\mathrm {H} }(x,y)={\begin{cases}T_{\mathrm {D} }(x,y)&{\text{if }}p=+\infty \\0&{\text{if }}p=x=y=0\\{\frac {xy}{p+(1-p)(x+y-xy)}}&{\text{otherwise.}}\end{cases}}} The t-norm T 0 H {\displaystyle T_{0}^{\mathrm {H} }} is called the Hamacher product. Hamacher t-norms are the only t-norms which are rational functions. The Hamacher t-norm T p H {\displaystyle T_{p}^{\mathrm {H} }} is strict if and only if p < +∞ (for p = 1 it is the product t-norm). The family is strictly decreasing and continuous with respect to p. An additive generator of T p H {\displaystyle T_{p}^{\mathrm {H} }} for p < +∞ is f p H ( x ) = { 1 − x x if p = 0 log ⁡ p + ( 1 − p ) x x otherwise. {\displaystyle f_{p}^{\mathrm {H} }(x)={\begin{cases}{\frac {1-x}{x}}&{\text{if }}p=0\\\log {\frac {p+(1-p)x}{x}}&{\text{otherwise.}}\end{cases}}} === Frank t-norms === The family of Frank t-norms, introduced by M.J. Frank in the late 1970s, is given by the parametric definition for 0 ≤ p ≤ +∞ as follows: T p F ( x , y ) = { T m i n ( x , y ) if p = 0 T p r o d ( x , y ) if p = 1 T L u k ( x , y ) if p = + ∞ log p ⁡ ( 1 + ( p x − 1 ) ( p y − 1 ) p − 1 ) otherwise. {\displaystyle T_{p}^{\mathrm {F} }(x,y)={\begin{cases}T_{\mathrm {min} }(x,y)&{\text{if }}p=0\\T_{\mathrm {prod} }(x,y)&{\text{if }}p=1\\T_{\mathrm {Luk} }(x,y)&{\text{if }}p=+\infty \\\log _{p}\left(1+{\frac {(p^{x}-1)(p^{y}-1)}{p-1}}\right)&{\text{otherwise.}}\end{cases}}} The Frank t-norm T p F {\displaystyle T_{p}^{\mathrm {F} }} is strict if p < +∞. The family is strictly decreasing and continuous with respect to p. An additive generator for T p F {\displaystyle T_{p}^{\mathrm {F} }} is f p F ( x ) = { − log ⁡ x if p = 1 1 − x if p = + ∞ log ⁡ p − 1 p x − 1 otherwise. {\displaystyle f_{p}^{\mathrm {F} }(x)={\begin{cases}-\log x&{\text{if }}p=1\\1-x&{\text{if }}p=+\infty \\\log {\frac {p-1}{p^{x}-1}}&{\text{otherwise.}}\end{cases}}} === Yager t-norms === The family of Yager t-norms, introduced in the early 1980s by Ronald R. Yager, is given for 0 ≤ p ≤ +∞ by T p Y ( x , y ) = { T D ( x , y ) if p = 0 max ( 0 , 1 − ( ( 1 − x ) p + ( 1 − y ) p ) 1 / p ) if 0 < p < + ∞ T m i n ( x , y ) if p = + ∞ {\displaystyle T_{p}^{\mathrm {Y} }(x,y)={\begin{cases}T_{\mathrm {D} }(x,y)&{\text{if }}p=0\\\max \left(0,1-((1-x)^{p}+(1-y)^{p})^{1/p}\right)&{\text{if }}0