Home » Database



Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate


Machine translation services (such as Google Translate, Bing Translator, and Systran Translate) provide public-facing UIs and APIs. A research group at UC Berkeley utilized these public endpoints to create a replicated model with near-production state-of-the-art translation quality. Beyond demonstrating that IP can be functionally stolen from a black-box system, they used the replicated model to successfully transfer adversarial examples to the real production services. These adversarial inputs successfully cause targeted word flips, vulgar outputs, and dropped sentences on Google Translate and Systran Translate websites.


AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0301: Information Leak; S0502: Model theft; S0403: Adversarial Example
  • Lifecycle stages: L02: Data Understanding, L04: Model Development, L06: Deployment

Affected or Relevant Artifacts

  • Developer:
  • Deployer: Google Translate, Bing Translator, Systran Translate
  • Artifact Details:
    SystemGoogle Translate, Bing Translator, Systran Translate

Other information

  • Vulnerability Class: ATLAS Case Study
  • Date Published: 2023-03-31
  • Date Last Modified: 2023-03-31
  • Version: 0.2
  • AVID Entry