Skip to main content

The use of AI-powered tools has increased exponentially, and both Cyber Security professionals and Cyber Criminals are in a constant battle leveraging Artificial Technology. Just like with everything good that technology produces, threat actors keep finding ways to misuse them to carry out their criminal intentions.  

The AI model itself is not exempted from malicious exploit. IBM defines a Model as the output of an algorithm that has been applied to a dataset. An AI model is a program that has been trained on a set of data to recognize certain patterns or make certain decisions without further human intervention.

In this article, we will explore how Threat Actors attack an AI Model

Poisoning Attack

In this attack, the training data set that is used for the model is being attacked. False data no matter how insignificant it may seem can render a whole training set erroneous once inserted into the training set.  Threat actors can poison a model and corrupt the learning process which will produce false or misleading results. 

Attacking an AI Model using poisoning attack
Source: Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks

Prompt Injection Attack

Prompts are inputs or queries made to an AI to which a result is given. Simply like how you make use of ChatGPT. Prompt Injection attacks involve intentionally querying a model with certain prompts that can cause it to generate false, biased, dangerous results which it was trained not to do. This attack could also trick a tool into providing private or dangerous information which threat actors can use cause damage.

There are various types of prompt attacks such as prompt leaking, jailbreaking, etc

Source: Prompt Engineering Attack

Evasion Attack

Evasion attacks are caused by manipulating input data during the testing phase to cause commotion and fool the AI model into producing inaccurate results. The difference between Poisoning attack and Evasion attack is that poisoning is done using training data while evasion is with testing data. An adversarial example is fed into the system which causes commotion in the model.

How Threat Actors are attacking an AI Model
Illustration of the evasion attack and poisoning attack from Research Gate

Infection Attack

AI models are also prone to malware infection and can create backdoors that can be exploited. Threat actors can infect the supply chain for AI Models and create vulnerabilities in the model. When an organization that is unable to develop its model purchases these open-source models, they are at risk of acquiring an infected model. This can render their AI system vulnerable to attacks.

IBM shares more information about how threat actors can attack an AI model.

Artificial Intelligence: The new attack surface by IBM Technology

The possibility that an Artificial Intelligent model can be attacked in many ways, there are increasing concerns and worries about the credibility of AI-powered tools/software. As always, Cyber Security has to be considered at every stage of a technological process and appropriate defense tactics be put in place to curb the threat.

About the author: