Need to know the way the dangerous guys assault AI methods? MITRE’S ATLAS can present you

Now that data has been collected, dangerous actors begin to stage the assault with data of the goal methods. They might be coaching proxy fashions, poisoning the goal mannequin, or crafting adversarial information to feed into the goal mannequin.

The 4 strategies recognized embrace:

• Create proxy ML mannequin
• Backdoor ML mannequin
• Confirm assault
• Craft adversarial information

Proxy ML Fashions can be utilized to simulate assaults and accomplish that offline whereas the attackers hone their method and desired outcomes. They’ll additionally use offline copies of goal fashions to confirm the success of an assault with out elevating the suspicion of the sufferer group.

After all of the steps mentioned, attackers are attending to what they actually care about — exfiltration. This consists of stealing ML artifacts or different details about the ML system. It might be mental property, monetary data, PHI or different delicate information relying on the use case of the mannequin and ML methods concerned.

The strategies related to exfiltration embrace:

• Exfiltration by way of ML inference API
• Exfiltration by way of cyber means
• LLM meta immediate extraction
• LLM information leakage

These all contain exfiltrating information, whether or not via an API, conventional cyber strategies (e.g. ATT&CK exfiltration), or utilizing prompts to get the LLM to leak delicate information, corresponding to non-public person information, proprietary organizational information, and coaching information, which can embrace private data. This has been one of many main issues round LLM utilization by security practitioners as organizations quickly undertake them.

In contrast to exfiltration, the affect stage is the place the attackers create havoc or injury, doubtlessly inflicting interruptions, eroding confidence, and even destroying ML methods and information. On this stage, that would embrace concentrating on availability (via ransom, for instance) or maliciously damaging integrity.

This tactic has six strategies, which embrace:

• Evading ML fashions
• Denial of ML service
• Spamming ML methods with chaff information
• Eroding ML mannequin integrity
• Price harvesting
• Exterior harms

Whereas now we have mentioned a few of the strategies as a part of different ways, there are some distinctive ones right here associated to affect. For instance, denial of an ML service is seeking to exhaust assets or flood methods with requests to degrade or shut down providers.

Whereas most trendy enterprise grade AI choices are hosted within the cloud with elastic compute, they nonetheless can run into DDoS and useful resource exhaustion, in addition to price implications if not correctly mitigated, impacting each the supplier and the customers.

Moreover, attackers could look to erode the ML mannequin’s integrity as a substitute with adversarial information inputs that affect ML mannequin shopper belief and trigger the mannequin supplier or group to repair system and efficiency points to deal with integrity issues.

Lastly, attackers could look to trigger exterior harms, corresponding to abusing the entry they obtained to affect the sufferer system, assets, and group in methods corresponding to associated to monetary and reputational hurt, affect customers or broader societal hurt relying on the utilization and implications of the ML system.