To Defend Effectively, One Must First Learn to Attack”: A New Paradigm in AI Cybersecurity Education

Amid the rapid advancement of generative AI and large language models (LLMs), AI security has become a major global concern. Asia University continues to strengthen its research and talent development in the areas of AI × Cybersecurity × Interdisciplinary Applications, and recently invited Professor Jen-Hong Huang, Dean of the College of Artificial Intelligence and Green Energy at National Yang Ming Chiao Tung University, to deliver a lecture titled “AI Security and AI for Cybersecurity.”

During the lecture, Professor Huang shared cutting-edge research on adversarial attacks and backdoor attacks, and offered an in-depth discussion on how AI technologies can be leveraged to enhance Intrusion Detection Systems (IDS). Following the talk, he engaged in active discussions with attendees, exchanging insights on AI forensics and the cybersecurity challenges emerging in the physical world.

Professor Huang began by emphasizing that as AI is increasingly deployed in critical sectors such as healthcare, finance, and national defense, AI models themselves have become prime targets for cyberattacks. Through vivid real-world examples, he illustrated the vulnerabilities of AI systems. One notable case demonstrated how wearing specially designed adversarial patch glasses could cause facial recognition systems to misidentify individuals or fail to detect faces entirely—attacks that are difficult for security personnel to notice in real-world settings.

Addressing the rapidly evolving landscape of generative AI and AI agent systems, Professor Huang also warned of a new and emerging threat known as Indirect Prompt Injection. In such attacks, adversaries embed hidden instructions within web content to manipulate AI assistants into performing unauthorized actions without users’ awareness.

Under the theme “AI for Cybersecurity,” Professor Huang highlighted the limitations of traditional intrusion detection systems. He pointed out that IDS solutions relying on a single data source—such as packet-level data or traffic flow alone—often suffer from single-source blind spots, making them ineffective against sophisticated, multi-stage cyberattacks.

In-Depth Dialogue: AI Forensics, Physical-World Threats, and Offensive–Defensive Cybersecurity Education

The post-lecture Q&A session sparked lively discussion, with faculty members and students raising in-depth questions on the practical applications and future trends of AI security.

Addressing how non-expert audiences perceive AI security, Dean Ching-Hsien Hsu of the College of Information and Electrical Engineering opened the discussion by asking whether there are concrete real-world incidents that clearly demonstrate the importance of AI security. In response, Professor Huang cited Tesla autonomous vehicle accidents as an example, noting that official reports often claim the driver disengaged the system just one second before impact—statements that have raised concerns over credibility.

Professor Huang emphasized that AI systems must adopt mechanisms similar to an aircraft’s “black box,” incorporating pre-incident logging, in-incident evidence preservation, and post-incident third-party verification through robust AI forensics. He stressed that responsibility attribution should not rely solely on unilateral claims made by the involved parties.

Professor Yueh-Ting Tsai from the Department of Artificial Intelligence then shifted the focus to the risks associated with Physical AI, asking whether robots could face attacks similar to data poisoning. Professor Huang acknowledged that if a robot’s visual recognition system is compromised, dangerous scenarios could occur—jokingly remarking that “you ask it to fetch water, but it ends up grabbing a knife.” He pointed out that a key challenge lies in the stealth of physical-world attacks, such as placing stickers on stop signs to misclassify them as speed-limit signs—attacks that are difficult to detect with the naked eye yet highly effective in real-world scenarios.

In the final discussion, Dean Hsu further explored cybersecurity education strategies, asking whether university curricula should prioritize teaching attack techniques or defensive mechanisms. Professor Huang firmly advocated for a “teach attack first” approach as a powerful way to engage students. With a touch of humor, he shared that National Yang Ming Chiao Tung University has integrated hands-on offensive and defensive practices into its courses, allowing students to gain experience as white-hat hackers. He noted that once students experience a sense of achievement, they become more motivated to learn defensive strategies and develop a deeper appreciation for security governance.

Asia University’s Vision: Integrating Quantum AI and Cybersecurity

President Chin-Fa Tsai of Asia University stated that the university has recently established a Quantum AI Research Center, dedicated to interdisciplinary applications spanning quantum-secure encryption and AI-powered smart healthcare. Dean Hsu added that Professor Huang previously served as Convener of the Information Engineering Discipline at the National Science and Technology Council, and is widely respected within the academic community. His research expertise, Dean Hsu noted, closely aligns with Asia University’s strategic focus on AI × Cybersecurity × Edge Computing.

Asia University has also launched deep industry–academia collaborations with companies such as Trend Micro and Sunlit Optronics, jointly advancing milestones in quantum security and trustworthy AI research. By bringing in the perspectives of leading scholars like Professor Huang from Taiwan and abroad, Asia University aims to continue cultivating cybersecurity professionals with strong hands-on capabilities, while staying closely connected to global technological trends.

                             President Chin-Fa Tsai of Asia University (right) presented a commemorative gift to guest speaker Professor Jen-Hong Huang.

                             Professor Jen-Hong Huang posed for a group photo with participants.