Machine Unlearning for Artists is a comprehensive workshop tailored to artists seeking practical insights into the world of artificial intelligence. Grounded in the fundamentals of AI systems, it provides a hands-on approach to hacking these systems, offering a pragmatic understanding for everyday artistic endeavours involving AI. Hacking AI systems allows artists to challenge the conventions of technology, provoking thought and sparking conversations about the ethical, cultural and societal implications of AI. By understanding, experimenting and innovating with AI, artists can amplify their creative voices, leading to a new era of artistic exploration and expression.
Part 1
Welcome to the first session of "Machine Unlearning" with me Simon Weckert! This introductory lecture dives into the wild frontier of Artificial Intelligence by exploring how to break, manipulate, and hack modern AI models. Instead of treating AI as a magical black box, Weckert highlights real-world vulnerabilities like prompt injections, deepfakes, data poisoning, and adversarial attacks that can easily trick machine perception. By bridging critical cybersecurity theory with hands-on coding, this course empowers you to look under the hood of neural networks, understand their core mechanics, and learn how to creatively exploit them. Grab your laptop and get ready to embrace the hacker mindset!
Page of
Part 2.1
Welcome to the second part of "Machine Unlearning"! In this session, we dive into the dark intersections of Artificial Intelligence, mass surveillance, and modern warfare. I highlight the rapid advance of autonomous weapon systems and the fatal blind trust in machine decisions ("automation bias"). Using shocking live demos with tools like PimEyes, I demonstrate how advanced facial recognition can identify even masked individuals and how commonplace biometric surveillance has already become. Alongside the urgent ethical question of accountability for AI errors, the lecture takes a critical look at the questionable involvement of surveillance giants like Palantir in the art scene. The session rounds off with a look at the efficiency of new AI models like DeepSeek and the Jevons paradox—which explains why more efficient technology paradoxically leads to even more massive energy consumption. This is an absolute wake-up call for anyone who wants to understand the true societal consequences of our digitized world!
Part 2.2
Welcome back to "Machine Unlearning"! In this session, I take you inside the engine room of AI to show how neural networks actually "see" the world. After a quick look at machine learning basics, we dive into the hidden flaws and systemic biases of massive, internet-scraped datasets like LAION-5B. During a live coding demo with OpenAI's CLIP model, I reveal how subjective AI perception truly is—such as the AI classifying my photo as a "tech oligarch" or even a Pokémon. Finally, I demonstrate how easily we can hack these models just by overlaying simple text onto an image. My goal is to prove that AI isn't flawless magic, but a biased mirror of human data that you can actively break and manipulate.
Page of
1. Feature Representation
This notebook explores how Neural Networks perceive and represent image data. It demonstrates the extraction of high-dimensional vectors (embeddings) from images, allowing us to visualize how the model clusters similar visual concepts.
Leveraging the LAION-Aesthetics V2 model, this tool predicts the aesthetic score of any given image. It uses a CLIP-based architecture to evaluate lighting, composition, and professional quality on a scale of 1 to 10.
Investigate the robustness of vision-language models against adversarial text attacks. This example demonstrates how simple typographical errors or hidden text can mislead AI classifications and influence model output.
Welcome to the third round of "Machine Unlearning"! In this session, I'll walk you through the basics of machine learning so we can understand our very first "Hello World" neural network. First, I'll show you how absurdly AI systems analyze faces and how incredibly easy it is to completely manipulate these predictions with a simple text overlay (a "typo attack"). After that, we'll demystify theoretical core concepts like "weights" and "biases" and break down how AI training actually works under the hood. Finally, in the practical part, I'll show you how to use Google's "Teachable Machine" to train and live-trick your own image recognition models directly in the browser—without writing a single line of code. Tune in and learn not just to blindly trust AI, but to actively challenge it!
Part 3.2
Welcome back to "Machine Unlearning"! In this session, I open up the AI black box and show you how neural networks actually work at the code level using Google Colab.
We train an image classifier for dogs and cats, learning concepts like "max pooling", "epochs," and "loss functions" along the way. The exciting part: first, we test a massive model with 90 million parameters, which surprisingly performs quite poorly. After that, we switch to the tiny "MobileNet", a model optimized for smartphones—and this compact network learns extremely reliably.
My main takeaway for you: when it comes to AI, bigger isn't always better. Choosing the right, smart architecture is what truly matters!
Page of
4. Cats & Dogs Dataset
The training archive contains 3,000 images of dogs and cats.
In this session of "Machine Unlearning", I interview activist Michelle Tylicki about creative resistance against surveillance and mega-corporations. We first discuss "subvertising"—the illegal hacking of toxic billboards with art to reclaim public space. Next, Michelle demonstrates "CV Dazzle": an asymmetrical anti-surveillance makeup designed to confuse facial recognition software. Finally, we debate AI: while Michelle rejects generative AI art as theft, I suggest how we could instead use AI agents as a weapon against bureaucracy and to enforce our data protection rights.
Page of
9. Website
A webpage that demonstrates the Cat & Dog classifier.
Explore how adversarial poisoning attacks manipulate training data to compromise machine learning models. Access the adversarial image, download the poisoned dataset, and run the attack via Google Colab.
Understand how backdoor attacks embed hidden visual triggers into training data. Explore the compromised sample images, the specific adversarial pattern, and test the model in real-time.
Explore how image scaling algorithms can be exploited to hide malicious content. View the manipulated image and run the attack demonstration via Google Colab.
Learn the mechanisms of model extraction. Explore how models can be downloaded from target websites, converted across formats, and cloned into a new functional architecture.
In this session of "Machine Unlearning," security expert Johann Rehberger joins me to explore the world of "AI Red Teaming"—the proactive hacking of AI systems.
We analyze how LLMs "think" at the token level and why they often fail at simple logical tasks. Johann demonstrates impressively how he uses various prompt injection techniques (such as hidden commands in documents) to manipulate AI systems, hijack chatbot memories, or force coding agents like GitHub Copilot to overwrite their own security configurations. Our conclusion: AI should never have unrestricted access to your system. Use it extensively, but always within a secure sandbox and with a healthy skepticism toward its unpredictable responses!
Part 5.2
Welcome back to "Machine Unlearning"! In this session, I'll show you the treacherous world of AI security vulnerabilities. We kick things off with an audio attack on OpenAI's Whisper model, where I use targeted noise to trick the AI into fatally transcribing the command "stop" as "start." After that, I explain how hackers manipulate chatbots through direct and indirect prompt injections, as well as jailbreaks (like the "DAN" prompt), to bypass safety guidelines or even buy a car for $1. To wrap things up, I've got an interactive homework assignment for you: an AI chatbot is waiting on my simulated art auction site, "Christos." Your mission before our next class is to hack it using clever prompt engineering to extract its secret reserve prices and hidden background information. Have fun experimenting!
Page of
16. Prompt Injection
Explore how Vision-Language Models can be compromised through hidden text prompts. This demo showcases an art auction platform vulnerable to prompt injection attacks.
Launch Feature Representation
Dataset
Teachable Machine
Launch Webpage Classifier
View Adversarial Image
Adversarial Pattern
View Manipulated Image
Scaling Live Demo
The Example
diffent Background
Tabby Image
Australian Terrier
Adversarial Dog
Adversarial Cat
Course Material