A recent report found that security officials’ aims do not match their activities to protect AI and MLOps.
A large number of IT executives, 97%, believe that protecting AI and safeguarding systems is critical, yet just 61% are sure they will receive the money they require. Although 77% of IT leaders interviewed had experienced an AI-related breach (not particularly to models), just 30% had included a manual defense for adversarial attacks in their existing AI development, including MLOps pipelines.
Only 14% are preparing or testing for such assaults. MLOps is defined by Amazon Web Services as “a set of practices that automate and simplify machine learning (ML) workflows and deployments.”
IT executives increasingly depend on AI models, making them an appealing target for a wide range of threatening AI attacks.
IT leaders’ organizations have an average of 1,689 models in production, with 98% believing that some of their AI models are critical to their success. Eighty-three percent report widespread adoption across all teams in their organizations. “The industry is working hard to accelerate AI adoption without having the property security measures in place,” wrote the report’s experts.
HiddenLayer’s AI Threat Landscape Report presents an in-depth analysis of the threats that AI-based systems face, as well as developments in protecting AI and MLOps pipelines.
Define Adversarial AI
The goal of adversarial AI is to intentionally mislead AI and machine learning (ML) systems, leaving them worthless for the purposes for which they were built. Adversarial AI is defined as “the use of artificial intelligence techniques to manipulate or deceive AI systems.” It’s like a shrewd chess player taking advantage of its opponent’s weaknesses. These clever adversaries may defeat typical cyber defense systems by employing complex algorithms and strategies to avoid detection and execute targeted attacks.
HiddenLayer’s study establishes three major kinds of adversarial AI, as stated below:
Adversarial machine learning attacks. The aims of this form of attack, which aims to exploit weaknesses in algorithms, range from influencing the behavior of a larger AI application or system to escaping detection by AI-based detection and response systems or stealing the underlying technology. Nation-states engage in espionage for financial and political advantage, attempting to reverse-engineer models to obtain model data while also deploying the model for their purposes.
Attacks from generative AI systems. These attacks often target filters, guardrails, and limits necessary to protect generative AI models, including all data sources and large language models (LLMs) on which they rely. According to VentureBeat, nation-state assaults continue to use LLMs as weapons.
Attackers consider it standard practice to bypass content limitations to freely generate banned material that the model would otherwise block, such as deepfakes, deception, and other forms of destructive digital media. Nation-states are increasingly using Gen AI system assaults to influence U.S. and other democratic elections worldwide. According to the US Intelligence Community’s 2024 Annual Threat Assessment, “China is demonstrating a higher degree of sophistication in its influence activity, including experimenting with generative AI,” and “the People’s Republic of China (PRC) may attempt to influence the US elections in 2024 at some level because of its desire to sideline critics of China and magnify U.S. societal divisions.”
MLOps and software supply chain attacks. These are often nation-state and big e-crime syndicate operations focused on shutting down the frameworks, networks, and platforms used to design and deploy AI systems. Attack tactics include attacking MLOps pipeline components to inject malicious code into the AI system. Poisoned datasets are provided using software packages, arbitrary code execution, and malware distribution methods.
Four methods to protect against an adversarial AI attack
The more the gaps between DevOps and CI/CD pipelines, the more vulnerable AI and ML model development becomes. Protecting models remains an elusive, shifting target, made more difficult by the weaponization of generation AI.
However, these are only a handful of the numerous actions that organizations may take to protect themselves against an aggressive AI assault. They include the following:
Make red teaming and risk assessment a part of your organization’s muscle memory or DNA. Don’t settle with red teaming on a sporadic basis, or worse, just when an assault causes a renewed feeling of urgency and awareness. Red teaming must become part of the DNA of any DevSecOps that supports MLOps going forward. The objective is to discover system and pipeline flaws ahead of time, as well as prioritize and harden any attack vectors that emerge throughout MLOps’ System Development Lifecycle (SDLC) procedures.
Stay updated and implement the defensive architecture for AI that is most effective for your organization. Have a member of the DevSecOps team remain updated on the many protective frameworks available today. Knowing which one best meets an organization’s needs may assist in securing MLOps, saving time, and protecting the overall SDLC and CI/CD pipeline. Examples include the NIST AI Risk Management Framework and the OWASP AI Security and Privacy Guide.
Integrate biometric modalities and passwordless authentication mechanisms into every identity access management system to reduce the risk of synthetic data-based attacks. VentureBeat has discovered that synthetic data is increasingly being used to impersonate people and get access to source code and model repositories. Consider combining biometric modalities such as face recognition, fingerprint scanning, and voice recognition with passwordless access technologies to protect systems throughout MLOps. Gen AI has shown its ability to assist in creating synthetic data. MLOps teams will increasingly face deepfake risks, therefore a tiered strategy to protecting access is soon becoming essential.
Random and frequent audits of verification systems are performed to maintain access rights current. With synthetic identity attacks emerging as one of the most difficult dangers to prevent, it is important to keep verification systems up to date on fixes and audit them. According to VentureBeat, the next wave of identity assaults will rely heavily on fake data that has been aggregated to resemble real.
Source- VentureBeat
English
English
French
German
Russian
Spanish