[soheil]

It seems to me all you have to do to fool a ML model is rephrase sentences and just use verbiage it has never seen before. So why isn't your tool just the latest item on a pre-IPO company's checklist that is looking to commit fraud to scrub against?

Also if Muddy Waters can do something similar to this (if not better?) doesn't that mean you should just hire them and throw away your ML model?

[piesauce]

It isn't that easy to reverse engineer our models. We test our models for a certain degree of robustness (same concepts expressed in different ways will be generally picked up). Plus, if companies go out of their way to express risks in cryptic terms, our models picks up needlessly convoluted text as well. We also constantly retrain our models so I don't foresee this becoming a problem in the foreseeable future.

[soheil]

Why can't there be an adversarial GAN model that tries to minimize your model's score by using text that your model has not seen yet, ad-infinitum?