Hybrid models¶
Semi-supervised learning¶
Semi-supervised learning is the lazy student’s dream: it learns from a handful of labelled examples and a mountain of unlabelled data, pretending it revised harder than it did. The labelled data acts like stabilisers, while the unlabelled data is the algorithm freewheeling down a hill, hoping it doesn’t stack it. It’s useful when labelling data is expensive (e.g., medical scans), so you let the algorithm guess the rest—like a teacher who marks only 3 homework assignments and assumes you aced the rest.
Real-life¶
Google Photos uses this to recognise faces. You label a few photos of your mate (“This is Karen”), and the AI starts tagging all similar faces as “Probably Karen.” Sometimes it’s right; other times, it labels your golden retriever as “Karen” because she was in one group photo. Speech recognition also uses this—your phone learns from a few transcribed voice commands, then guesses the rest, turning “Call Mum” into “Ball Bomb.”
Security & privacy risks (moderate)¶
Unlabelled data might contain hidden sensitive info (e.g., a background face in a photo). If the model memorises unlabelled medical records, hackers could extract patient data by probing its predictions. Also, incorrect labels can propagate—imagine a semi-supervised hate speech detector learning from a few bad examples and then flagging all political discourse as “toxic.”
Reinforcement learning¶
Reinforcement learning (RL) is like training a dog with treats—except the dog is a robot, and the treats are mathematical rewards. The algorithm (agent) tries actions in an environment (e.g., a game, a robot arm), gets feedback (“brilliant!” or “you’re sacked”), and adjusts its strategy. It’s trial and error on steroids, often leading to hilarious failures (like a robot learning to walk by spinning in circles because it gets rewards for “moving forward”).
Real-life¶
Tesla’s Autopilot uses RL to navigate roads. It learns from millions of miles driven (and occasional “corrections” when humans grab the wheel). AlphaGo, the AI that beat Go champions, taught itself by playing millions of games against itself—like a chess prodigy who never sleeps.
Security & privacy risks (high)¶
RL systems can be hacked by “reward shaping”—tricking the AI into doing dodgy things for fake rewards (e.g., a self-driving car rewarded for speed might ignore zebra crossings). They’re also prone to data leaks; imagine a robot hoover learning your home layout and then broadcasting it online (“User leaves for work at 8 AM—prime time for a burglary!”).
Ensemble learning¶
Ensemble learning is like asking a panel of slightly drunk pundits for their opinion, averaging their answers, and calling it “wisdom of the crowd.” Each model in the ensemble is mediocre on its own, but together, they’re less wrong (usually). It’s the machine learning version of “throw enough mud at the wall, and some of it will stick.”
Real-life¶
Netflix recommendations. Five rubbish algorithms vote, and you end up watching Bee Movie again. The NHS also uses ensemble methods to predict patient risks—combining models to decide whether you’re likely to need a hip replacement or just ate too many biscuits.
Security & privacy risks (low)¶
Since it’s just multiple models voting, the risks are similar to supervised learning. However, if one model in the ensemble is compromised (e.g., poisoned with bad data), the whole system can go pear-shaped.
Transfer learning¶
Transfer learning, popular in deep learning is the academic equivalent of “standing on the shoulders of giants” - if by “giants” you mean “other algorithms that did the hard work first.” A model trained for one task (like recognising cats) gets repurposed for another (like spotting tumours), because apparently the skills are transferable. It’s like retraining a Michelin-starred chef to work in a NHS canteen - the fundamentals are there, but the results may vary.
Real-life¶
Google Lens uses transfer learning to identify everything from plants to your ex’s questionable fashion choices. The AI pretends it knows what it’s doing, offering helpful insights like “this appears to be a tree” (cheers, mate). Medical imaging systems also use this - a model trained on thousands of American X-rays gets deployed in the UK and suddenly everyone’s bones look suspiciously like they’re holding a burger.
Security & privacy risks (moderate)¶
Pre-trained models can carry hidden biases like unwanted baggage - imagine a face recognition system trained primarily on one ethnicity failing spectacularly elsewhere. There’s also the risk of “model stealing”, where someone reverse-engineers your carefully trained algorithm faster than you can say “GDPR violation”.
Federated learning¶
Federated learning is like a neighbourhood watch scheme for algorithms – your phone learns from your behaviour, whispers the lessons to a central server, and everyone pretends this isn’t slightly creepy. The data never technically leaves your device (allegedly), creating the illusion of privacy while still constructing a comprehensive portrait of your terrible life choices.
Allegedly, you say?¶
Hmm yes. Carrying the weight of a thousand NDA’d court cases. The official pitch is that since your raw data stays on your device, your privacy is magically intact. But reality is murkier. Just because the data doesn’t cross the wire doesn’t mean sensitive information can’t hitch a ride in the model updates. These updates are shaped by your behaviour, your inputs, your context – and clever attackers can sometimes reverse-engineer or infer private details from them.
Also, many implementations do collect metadata – logs, device characteristics, frequency of updates – which can be just as invasive as raw data. And some “federated” systems include fallback mechanisms where the data is uploaded in special cases (troubleshooting, model recovery, poor performance). Guess how well those edge cases are documented?
In short: the data doesn’t “leave your device” in the same way that your shadow doesn’t “leave your feet” – but it still tells people where you’ve been.
Real-life¶
Apple’s predictive keyboard uses this to learn your typing habits. It knows you’re always late on Mondays and helpfully suggests excuses. Meanwhile, the NHS is exploring federated learning to analyse patient records without centralising them – letting your dodgy cholesterol quietly contribute to national statistics while allegedly staying locked at your GP’s.
Security & privacy risks: high¶
Federated learning reduces some risks by decentralising data, but it introduces new ones in return:
Gradient leakage: Even if only model updates are shared, clever mathematical techniques (like gradient inversion attacks) can reconstruct parts of the original data. It’s not trivial, but it’s very real – especially when combined with auxiliary information.
Side-channel inference: Attackers can analyse patterns in the updates – timing, structure, magnitude – to infer who contributed what. Combine this with metadata and you can start piecing together behavioural patterns, health indicators, or even identity.
Model poisoning: Malicious participants can intentionally submit skewed updates. The aim? Corrupt the global model. This could subtly bias outputs (e.g. facial recognition systems getting worse for certain groups) or introduce backdoors (e.g. classify malware as safe if it includes a magic token).
Update traffic analysis: Even without content, patterns of model updates can reveal who’s active, when, and how much they’re interacting with the system — potentially leaking medical flare-ups, mental health episodes, or other private events.
In short: federated learning is not a magical shield against surveillance or manipulation. It’s a clever workaround for compliance optics – useful in some contexts, but far from bulletproof.