What are adversarial examples in AI security?

Adversarial examples are inputs that are intentionally altered by small, carefully chosen changes to cause a machine learning model to make a misclassification, even though a human viewing the input would see it as essentially the same. This happens because models learn decision boundaries in high-dimensional spaces, and slight perturbations along directions the model relies on can push the input across the boundary while humans remains robust to those tweaks. In practice, tiny, often imperceptible noise can flip the predicted label, highlighting a security risk: an attacker could cause the system to misbehave—such as misidentifying objects, bypassing detectors, or misclassifying content—without obvious evidence of tampering. Defenses include adversarial training, robustness techniques, and input validation to make models less sensitive to such perturbations. The other options describe different concepts (label noise from mislabeled data, standard data augmentation to improve accuracy, or unrelated cybersecurity attacks on databases) and do not capture the idea of inputs crafted to fool a model.