How to fool an AI system

Lyhyesti suomeksi: Rakensimme aMazedin pakopelihuoneeseen tekoälyä hyödyntävän tehtävän. Tässä blogissa kerromme, miten tekoälyjärjestelmän "huijattavuus" liittyy esimerkiksi tehdaslinjaston laaduntarkkailuun.

After escaping from two of the escape rooms at aMazed during an after-work we started thinking, would it be fun to add AI elements to an escape room? We had a brief discussion about having such a feature with the team at aMazed before we even left the rooms. Shortly after, we received an email stating that aMazed was interested in working with Emblica to develop what ultimately became the AI gatekeeper. This blog will describe what the AI gatekeeper is and what we learned about fooling AI systems during its development.

Inevitably this post will contain some spoilers about the room. We tried to keep the spoilers to a minimum, but if you want to experience the room completely fresh you might want to read the rest of this post after you have escaped from the room. More information about the room Alchẽmia can be found on Amazed’s website. This post by aMazed, however, is safe to read and tells about their experience with this AI project as well as what it takes to develop an escape room in general.

The AI gatekeeper

Spoilers for the escape room Alchẽmia are coming up, you have been warned. ⚠ 

Professor Happygolucky has developed the elixir of happiness that will take everyone’s sorrows away. It is safely locked behind many puzzles and other safety measures so that it doesn’t fall into the wrong hands. The task we have developed is one of such gatekeepers. You need to prove that you are the professor to our “face recognition” to progress through the room. Of course, there is only one professor so the task is to look enough like her for the system to let you continue. 

The gatekeeper has multiple core elements. First, it uses a camera feed to detect whether the elements that are associated with the professor are in view using machine learning. Secondly, the results are shown to the players on a screen with a thematic user interface so that the users can monitor their progress. Lastly, the computer is connected to a magnetic lock that unlocks the next part of the escape room. All this is wrapped up so that the game administrator can, if necessary, control the game from their control center and reset the gatekeeper for new players.

Making fooling the gatekeeper possible

To make sure the puzzle is possible to solve we cannot make the gatekeeper too strict in how it determines whether to let you continue or not. If you solve the puzzle but the system does not let you continue it can ruin the fun. On the other hand, if it lets everyone through no matter what it is not a great puzzle either. The problem of finding a balance between these two extremes we face not only in this project but appears in almost every project that involves automatic decision making. Let’s step out of the escape room to illustrate these problems so we don’t spoil the puzzle fully.

Consider a quality control system on an assembly line with the primary aim of ensuring that only products with all necessary components correctly assembled are shipped to customers. Striking the right balance is crucial; if the system is too lenient, it risks sending out defective products, while being too strict may lead to the rejection of perfectly functional items, increasing costs for the factory. How we collect data to train these models plays a pivotal role in determining how the system behaves. For example, if our training data comprises images taken from the assembly line with consistent angles and lighting conditions, the system may only recognize products that look identical. However, if a product arrives slightly rotated or a light breaks in the factory, the system might struggle to identify it as a good product and reject it. On the flip side, if our data only includes extremely faulty cases without instances of minor defects, the model might miss the nuances of what constitutes a good product, potentially allowing some faulty items to slip through and be shipped to the customer.

Making sure the training data covers all sorts of situations it might face is crucial. One technique to create more diverse training data is data augmentation. You can dive into the nitty-gritty details in our blog post here. In short, instead of keeping things too predictable, we throw in different angles, lighting scenarios, and maybe even simulate some hiccups. It's like giving our AI system a taste of real-life unpredictability, whether it's dealing with an escape room or managing an assembly line.

Now, let’s get back to the escape room. To make sure that our model makes a good puzzle we collected a diverse set of training data together with people from aMazed, and used different augmentation techniques. Is the puzzle hard enough, but still fun to solve? You will have to find it out by yourselves and see if you can fool the AI gatekeeper!


Emblica is a technology company focused on data-intensive applications and artificial intelligence. Our customers are e.g. Sanoma, Uponor, Caruna, and the Tax Administration. Emblica is 100% owned by its employees.