Home

Awesome

Awesome-ML-Security

A curated list of awesome machine learning security references, guidance, tools, and more.

Table of Contents

Relevant work, standards, literature

CIA of the model

Membership attacks, model inversion attacks, model extraction, adversarial perturbation, prompt injections, etc.

Confidentiality

Reconstruction (model inversion; attribute inference; gradient and information leakage), theft of data, Membership inference and reidentification of data, Model extraction (model theft), property inference (leakage of dataset properties), etc.

Integrity

Backdoors/neural trojans (same as for non-ML systems), adversarial evasion (perturbation of an input to evade a certain classification or output), data poisoning and ordering (providing malicious data or changing the order of the data flow into an ML model).

Availability

Degraded model performance

ML-Ops

AI’s effect on attacks/security elsewhere

Self-driving cars

LLM Alignment

Regulatory actions

US

EU

Other

Safety standards

Taxonomies and frameworks

Security tools and techniques

API probing

Model backdoors

Other

Background information

DeepFakes, disinformation, and abuse

Notable incidents

IncidentTypeLoss
TayPoor training set selectionReputational
Apple NeuralHashAdversarial evasion (led to hash collisions)Reputational
PyTorch CompromiseDependency confusion
Proofpoint - CVE-2019-20634Model extraction
ClearviewAI LeakSource Code misconfiguration
Kubeflow Crypto-mining attack System misconfiguration
OpenAI - takeover someone's account, view their chat history, and access their billing information Web Cache DeceptionReputational
OpenAI- first message of a newly-created conversation was visible in someone else’s chat historyCache - Redis Async I/OReputational
OpenAI- ChatGPT's new Browser SDK was using some relatively recently known-vulnerable code (specifically MinIO CVE-2023-28432)Security vulnerability resulting in information disclosure of all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD.Reputational
ML FlowMLFlow - combined Local File Inclusion/Remote File Inclusion vulnerability which can lead to a complete system or cloud provider takeover.Monetary and Reputational
HuggingFace Spaces - RubikaSystem misuse
Microsoft AI Data LeakSAS token misconfiguration
HuggingFace Hub- Takeover of the Meta and Intel organizationsPassword Reuse
HuggingFace API token exposureAPI token exposure
ShadowRay - Active Cryptominer campaign against Ray clustersImproper authenticationMonetary and Reputational
Nullbudge attacks on ML supply chainSupply chain compromiseMonetary and Reputational

Notable harms

IncidentTypeLoss
Google Photos GorillasAlgorithmic biasReputational
Uber hits a pedestrianModel failure
Facebook mistranslation leads to arrestAlgorithmic bias