Training diverse and robust ensembles of artificial intelligence computer models

What is claimed is: 1. A method, in a data processing system comprising a processor and a memory, the memory comprising instructions which are executed by the processor to specifically configure the processor to implement a hardened ensemble artificial intelligence (AI) model generator, the method comprising: co-training, by the hardened ensemble AI model generator, at least two AI models, of an ensemble AI model computing system, on a same domain of training data; determining, during co-training of the at least two AI models, a similarity measure between a first gradient of a first AI model in the at least two AI models, and a second gradient of a second AI model in the at least two AI models; in response to the similarity measure between the first gradient and the second gradient being equal to or greater than a predetermined threshold similarity measure, determining that a loss surface of one of the first AI model or the second AI model is to be modified; in response to determining that the similarity measure is equal to or greater than the predetermined threshold, modifying, by the hardened ensemble AI model generator a loss surface of one of the first AI model or the second AI model, in the at least two AI models, to control a distance between the loss surfaces of the first AI model and the second AI model and prevent an adversarial attack on one AI model transferring to another AI model in the at least two AI models, and thereby generate a modified ensemble of AI models computing system; and processing, by the modified ensemble of AI models computing system, an input to generate an output result, wherein at least one of the AI models in the modified ensemble of AI models computing system generates a correct output for the output result when the input is an adversarial attack on the AI models. 2. The method of claim 1 , wherein the similarity measure between the gradients of the loss surfaces is determined based on at least one of a cosine similarity or a Lp norm similarity. 3. The method of claim 1 , wherein modifying the loss surface of one of the first AI model or the second AI model comprises adding a first regularizer term, having a first regularizer strength value, to a loss function of one of the first AI model or the second AI model, or increasing a second regularizer strength value of a second regularizer term in the loss function of one of the first AI model or the second AI model, and thereby control the similarity of the first gradient and second gradient of the first AI model and the second AI model. 4. The method of claim 3 , wherein the first regularizer strength value or second regularizer strength value is set to a value that maximizes a distance between the loss surfaces of the first AI model and second AI model while minimizing accuracy loss of the at least two AI models in outputs generated by the at least two AI models. 5. The method of claim 1 , wherein the at least two AI models comprises more than two AI models, and wherein the modifying comprises performing multiple pairwise comparisons of pairs of AI models in the at least two AI models and modifying loss surfaces of one or more of the AI models in each pair based on results of the comparisons, wherein the first AI model and the second AI model is one of the pairs of AI models. 6. The method of claim 5 , wherein the pairwise comparisons of pairs of AI models are performed based on at least one of a clique architecture, a star architecture, or a ring architecture. 7. The method of claim 1 , further comprising: wherein processing the input to generate the output result comprises processing the input by each of the AI models in the modified ensemble of AI models and combining the outputs of the AI models in the modified ensemble of AI models to generate a single output result for the modified ensemble. 8. The method of claim 7 , wherein combining the outputs of the AI models in the modified ensemble of AI models to generate a single output result for the modified ensemble comprises at least one of averaging the outputs of the AI models in the modified ensemble of AI models or performing a majority vote operation on the outputs of the AI models in the modified ensemble of AI models. 9. The method of claim 1 , wherein the co-training and modifying operations are performed for each mini-batch of training data used to train the at least two AI models. 10. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a data processing system, causes the data processing system to implement a hardened ensemble artificial intelligence (AI) model generator that operates to: co-train at least two AI models, of an ensemble AI model computing system, on a same domain of training data; determine, during co-training of the at least two AI models, a similarity measure between a first gradient of a first AI model in the at least two AI models, and a second gradient of a second AI model in the at least two AI models; determine, in response to the similarity measure between the first gradient and the second gradient being equal to or greater than a predetermined threshold similarity measure, that a loss surface of one of the first AI model or the second AI model is to be modified; modify, in response to determining that the similarity measure is equal to or greater than the predetermined threshold, a loss surface of one of the first AI model or the second AI model, in the at least two AI models, to control a distance between the loss surfaces of the first AI model and the second AI model and prevent an adversarial attack on one AI model transferring to another AI model in the at least two AI models, and thereby generate a modified ensemble of AI models computing system; and process, by the modified ensemble of AI models computing system, an input to generate an output result, wherein at least one of the AI models in the modified ensemble of AI models computing system generates a correct output for the output result when the input is an adversarial attack on the AI models. 11. The computer program product of claim 10 , wherein the similarity measure between the gradients of the loss surfaces is determined based on at least one of a cosine similarity or a Lp norm similarity. 12. The computer program product of claim 10 , wherein the computer readable program further causes the hardened ensemble AI model generator to the loss surface of one of the first AI model or the second AI model comprises adding a first regularizer term, having a first regularizer strength value, to a loss function of one of the first AI model or the second AI model, or increasing a second regularizer strength value of a second regularizer term in the loss function of one of the first AI model or the second AI model, and thereby control the similarity of the first gradient and second gradient of the first AI model and the second AI model. 13. The computer program product of claim 12 , wherein the first regularizer strength value or second regularizer strength value is set to a value that maximizes a distance between the loss surfaces of the first AI model and second AI model while minimizing accuracy loss of the at least two AI models in outputs generated by the at least two AI models. 14. The computer program product of claim 10 , wherein the at least two AI models comprises more than two AI models, and wherein the modifying comprises performing multiple pairwise comparisons of pairs of AI models in the at least two AI models and modifying loss surfaces of one or more of the AI models in each pair