[doublekill]

You do not need white box access to a target model anymore. You can find adversarial samples for an ensemble of similar networks and it will fool the target network.

The parlor trick becomes dangerous to the powers that that be, when you start fooling surveillance and smart gun turrets or drones. This is already happening in the background. That is where the funding comes from, not a SV company fearing that their face filter does not work, but governments afraid their deep net border security will be rendered moot.

If anything the article is countering hype by citing researchers saying we don't really know how deep learning learns and represent objects, and that deep nets are a very weak copy of the human brain.