We use cookies to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.
PreferencesDecline AllAccept All

Your Cookie Preferences

We use different types of cookies to optimize your experience on our website. Click on the categories below to learn more about their purposes. You may choose which types of cookies to allow and can change your preferences at any time. Remember that disabling cookies may affect your experience on the website. You can learn more about how we use cookies by visiting our Privacy Policy.

Essential Cookies
Details

These cookies are necessary to the core functionality of our website and some of its features, such as access to secure areas.

Analytics and Customization Cookies
Details

These cookies collect information that can help us understand how our websites are being used. This information can also be used to measure effectiveness in our marketing campaigns or to curate a personalized site experience for you.

Advertising Cookies
Details

These cookies are used to enhance the performance and functionality of our websites but are nonessential to their use. However, without these cookies, certain functionality (like videos)may become unavailable.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Decline AllConfirm my Choices
Back

Essential Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
Back

Analytics and Customization Cookies

Name
Purpose
Marketo Munchkin
Marketo's custom JavaScript tracking code, called Munchkin, tracks all individuals who visit your website so you can react to their visits with automated marketing campaigns.
Name
Purpose
Google Tag
The Google tag (gtag.js) is a single tag you can add to a website to use a variety of Google products and services (e.g., Google Ads, Google Analytics, Campaign Manager, Display & Video 360, Search Ads 360).
Back

Performance and Functionality Cookies

Name
Purpose
LinkedIn Insight
The LinkedIn Insight Tag is a snippet of JavaScript code that loads a small library of functions you can use to track Linkedin ad-driven visitor activity on your website.
Back

Advertising Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
January 9, 2024
-
5
minute read

Robust Intelligence Co-authors NIST Adversarial Machine Learning Taxonomy

Author
Authors
Alie Fordyce
Alie is a Product Policy Manager at Robust Intelligence.

The rapid evolution and enterprise adoption of AI has motivated bad actors to target these systems with greater frequency and sophistication. Many security leaders recognize the importance and urgency of AI security, but don’t yet have processes in place to effectively manage and mitigate emerging AI risks with comprehensive coverage of the entire adversarial AI threat landscape.

In their 2023 CISO Village Survey, Team8 found that 48% of CISOs cited AI security as their most acute problem—the highest of any category. While AI itself is relatively nascent, the impact of a successful attack can be severe.

In order to successfully mitigate these attacks, it’s imperative that the AI and cybersecurity communities are well informed about today’s AI security challenges. To that end, we’ve co-authored the latest update to NIST’s taxonomy and terminology of adversarial machine learning.

Let’s take a glance at what’s new in this latest update to the publication, walk through the taxonomies of attacks and mitigations at a high level, and then briefly reflect on the purpose of taxonomies themselves—what are they for, and why are they so useful?

What’s new?

The previous iteration of the NIST Adversarial Machine Learning Taxonomy focused solely on predictive AI, models designed to make accurate predictions based on historical data patterns. Individual adversarial techniques were grouped into three primary attacker objectives: availability breakdown, integrity violations, and privacy compromise.

Availability breakdown attacks degrade the performance and availability of a model for its users.

Integrity violations attempt to undermine model integrity and generate incorrect outputs.

Privacy compromises infer or directly access sensitive data such as information about the underlying model and training data.



The most notable change in this revision is the addition of an entirely new taxonomy for generative AI models.

The new generative AI taxonomy inherits the same three attacker objectives as predictive AI—availability, integrity, and privacy—but with new individual techniques. There’s also a new fourth attacker objective unique to generative AI: abuse violations.

Abuse violations repurpose the capabilities of generative AI to further an adversary’s malicious objectives by creating harmful media or content that supports cyber attack initiatives.



Classifying attacks on Generative AI models

As mentioned, the generative and predictive adversarial taxonomies share three common attacker objectives. The fourth objective, abuse, is unique to generative AI.

To achieve one or several of these goals, adversaries can leverage a number of techniques. The introduction of the generative AI section brings an entirely new arsenal that includes supply chain attacks, direct prompt injection, data extraction, and indirect prompt injection.

Supply chain attacks are rooted in the complexity and inherited risk of the AI supply chain. Every component—open-source models and third-party data, for example—can introduce security issues into the entire system.

These can be mitigated with supply chain assurance practices such as vulnerability scanning and validation of datasets.

Direct prompt injection alters the behavior of a model through direct input from an adversary. This can be done to create intentionally malicious content or for sensitive data extraction

Mitigation measures include training for alignment and deploying a real-time prompt injection detection solution for added security.

Indirect prompt injection differs in that adversarial inputs are delivered via a third-party channel. This technique can help further several objectives: manipulation of information, data extraction, unauthorized disclosure, fraud, malware distribution, and more.

Proposed mitigations help minimize risk through reinforcement learning from human feedback, input filtering, and the use of an LLM moderator or interpretability-based solution.

What are taxonomies for, anyways?

Hyrum Anderson, our CTO, put it best when he said that “taxonomies are most obviously important to organize our understanding of attack methods, capabilities, and objectives. They also have a long tail effect in improving communication and collaboration in a field that's moving very quickly.”

It’s why our team at Robust Intelligence strives to collaborate with leading organizations like NIST, and to aid in the creation and continuous improvement of shared standards.

These resources give us better mental models for classifying and discussing new techniques and capabilities. Awareness and education of these vulnerabilities facilitate the development of more resilient AI systems and more informed regulatory policies.

You can review the entire NIST Adversarial Machine Learning Taxonomy and learn more with a complete glossary of key terminology in the full paper, available here.

Author
Authors
Alie Fordyce
Alie is a Product Policy Manager at Robust Intelligence.
Share article
Social

Follow us on LinkedIn

Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.

Related articles

April 26, 2024
-
5
minute read

AI Cyber Threat Intelligence Roundup: April 2024

For:
April 2, 2024
-
3
minute read

Robust Intelligence Partners with CrowdStrike to Bring Our Real-Time AI Security Telemetry to Falcon LogScale

For:
March 28, 2024
-
4
minute read

AI Governance Policy Roundup (March 2024)

For:
+   More Articles

Related articles

December 21, 2023
-
4
minute read

AI Governance Policy Roundup (December 2023)

For:
October 30, 2023
-
5
minute read

The White House Executive Order on AI: Assessing AI Risk with Automated Testing

For:
August 9, 2023
-
4
minute read

Robust Intelligence partners with MITRE to Tackle AI Supply Chain Risks in Open-Source Models

For:
+   More Articles

Ready to learn more?

See why we’re the enterprise choice for AI application security.
Get a Demo
January 9, 2024
-
5
minute read

Robust Intelligence Co-authors NIST Adversarial Machine Learning Taxonomy

Author
Authors
Alie Fordyce
Alie is a Product Policy Manager at Robust Intelligence.

The rapid evolution and enterprise adoption of AI has motivated bad actors to target these systems with greater frequency and sophistication. Many security leaders recognize the importance and urgency of AI security, but don’t yet have processes in place to effectively manage and mitigate emerging AI risks with comprehensive coverage of the entire adversarial AI threat landscape.

In their 2023 CISO Village Survey, Team8 found that 48% of CISOs cited AI security as their most acute problem—the highest of any category. While AI itself is relatively nascent, the impact of a successful attack can be severe.

In order to successfully mitigate these attacks, it’s imperative that the AI and cybersecurity communities are well informed about today’s AI security challenges. To that end, we’ve co-authored the latest update to NIST’s taxonomy and terminology of adversarial machine learning.

Let’s take a glance at what’s new in this latest update to the publication, walk through the taxonomies of attacks and mitigations at a high level, and then briefly reflect on the purpose of taxonomies themselves—what are they for, and why are they so useful?

What’s new?

The previous iteration of the NIST Adversarial Machine Learning Taxonomy focused solely on predictive AI, models designed to make accurate predictions based on historical data patterns. Individual adversarial techniques were grouped into three primary attacker objectives: availability breakdown, integrity violations, and privacy compromise.

Availability breakdown attacks degrade the performance and availability of a model for its users.

Integrity violations attempt to undermine model integrity and generate incorrect outputs.

Privacy compromises infer or directly access sensitive data such as information about the underlying model and training data.



The most notable change in this revision is the addition of an entirely new taxonomy for generative AI models.

The new generative AI taxonomy inherits the same three attacker objectives as predictive AI—availability, integrity, and privacy—but with new individual techniques. There’s also a new fourth attacker objective unique to generative AI: abuse violations.

Abuse violations repurpose the capabilities of generative AI to further an adversary’s malicious objectives by creating harmful media or content that supports cyber attack initiatives.



Classifying attacks on Generative AI models

As mentioned, the generative and predictive adversarial taxonomies share three common attacker objectives. The fourth objective, abuse, is unique to generative AI.

To achieve one or several of these goals, adversaries can leverage a number of techniques. The introduction of the generative AI section brings an entirely new arsenal that includes supply chain attacks, direct prompt injection, data extraction, and indirect prompt injection.

Supply chain attacks are rooted in the complexity and inherited risk of the AI supply chain. Every component—open-source models and third-party data, for example—can introduce security issues into the entire system.

These can be mitigated with supply chain assurance practices such as vulnerability scanning and validation of datasets.

Direct prompt injection alters the behavior of a model through direct input from an adversary. This can be done to create intentionally malicious content or for sensitive data extraction

Mitigation measures include training for alignment and deploying a real-time prompt injection detection solution for added security.

Indirect prompt injection differs in that adversarial inputs are delivered via a third-party channel. This technique can help further several objectives: manipulation of information, data extraction, unauthorized disclosure, fraud, malware distribution, and more.

Proposed mitigations help minimize risk through reinforcement learning from human feedback, input filtering, and the use of an LLM moderator or interpretability-based solution.

What are taxonomies for, anyways?

Hyrum Anderson, our CTO, put it best when he said that “taxonomies are most obviously important to organize our understanding of attack methods, capabilities, and objectives. They also have a long tail effect in improving communication and collaboration in a field that's moving very quickly.”

It’s why our team at Robust Intelligence strives to collaborate with leading organizations like NIST, and to aid in the creation and continuous improvement of shared standards.

These resources give us better mental models for classifying and discussing new techniques and capabilities. Awareness and education of these vulnerabilities facilitate the development of more resilient AI systems and more informed regulatory policies.

You can review the entire NIST Adversarial Machine Learning Taxonomy and learn more with a complete glossary of key terminology in the full paper, available here.

Author
Authors
Alie Fordyce
Alie is a Product Policy Manager at Robust Intelligence.
Share article
Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.
Blog

Related articles

October 20, 2021
-
4
minute read

Become an Early Champion of ML Quality Assurance

For:
May 3, 2021
-
5
minute read

Is your AI model ready for production?

For:
Model Compliance Assessment
December 5, 2023
-
5
minute read

Using AI to Automatically Jailbreak GPT-4 and Other LLMs in Under a Minute

For:
December 21, 2023
-
4
minute read

AI Governance Policy Roundup (December 2023)

For:
October 30, 2023
-
5
minute read

The White House Executive Order on AI: Assessing AI Risk with Automated Testing

For:
August 9, 2023
-
4
minute read

Robust Intelligence partners with MITRE to Tackle AI Supply Chain Risks in Open-Source Models

For:
+   More Articles

Achieve AI Integrity Today

Request a Demo