1. External risks in AI
Our previous video covered Model risks, which are internal in nature, but in this video we will explore external threats.
2. Internal versus external risks
So what's the difference? Internal risks are within a model's design or data. External risks are attacks from outside actors trying to manipulate the model. Understanding these risks helps protect models from manipulation by malicious actors. Threats are diverse, targeting different aspects of AI systems.
3. Common external risks
We'll categorize these into five groups: adversarial input attacks, data corruption and poisoning, model theft and inversion, infrastructure attacks, and supply chain attacks. Understanding the specifics of each category allows you to target the various risks effectively.
4. Adversarial input attacks
The first risk, adversarial input attacks, occurs during the inference phase. This is when the deployed AI model encounters new data. In this category, attackers aim to influence the AI model's decision-making process. Attackers do this by manipulating input data to trick the model into making incorrect decisions. For example, if an image is altered slightly, a computer vision system may misclassify it, such as not recognizing a stop sign.
5. Data corruption and poisoning
The second risk group, data corruption and poisoning, impacts the model's training phase. Attackers insert false or malicious data into the training dataset, leading the AI to learn incorrectly. This group is like adversarial input attacks in that attackers manipulate data to trick the model. But, these attacks target the integrity of the model's learning, not its decision-making. An example is inserting fake product reviews to impact an e-commerce recommendation system.
6. Model theft and inversion
The third group of attacks, model theft and inversion, are aimed at stealing sensitive information from the model itself. It targets exploiting the model to access or reconstruct its confidential training data rather than manipulating its outputs or learning. For example, an attacker might use manipulated inputs to uncover private data used in training, like personal photos from a facial recognition system.
7. Infrastructure attacks
The fourth group, infrastructure attacks, targets the physical and virtual environments hosting AI systems. This category is unique as it involves the supporting infrastructure of AI systems rather than the models. A common example is when attackers flood the AI servers with overwhelming requests from many different sources to overload them, making them inaccessible.
8. Supply chain attacks
The final group, supply chain attacks, involve the components and libraries used in AI system development. These attacks exploit the building blocks of the AI model. Imagine a vulnerability injected into a widely used AI library. This vulnerability could then be present in many AI systems built using that library.
9. Security best practices
These varied risks require a combination of strategies to protect AI systems.
Regular security audits help identify vulnerabilities, while data validation and sanitization processes ensure the integrity of training and inference data, guarding against corrupted inputs.
Implementing strong access controls restricts system access, preventing unauthorized use. Additionally, encrypting sensitive information and anonymizing data where possible helps maintain privacy and security.
10. More best practices
Continuous monitoring, as discussed in the last video, also allows for the detection and immediate response to emerging external threats.
The supply chain can be made more secure by using trusted development tools and updating them regularly. Finally, ongoing education and training for staff about security risks is crucial.
The next video will cover development best practices in more detail.
11. Risks evolve quickly
Although this lesson has introduced you to the basics of external AI model threats, it is crucial to remember that risks evolve quickly. New threats emerge as AI technologies advance, requiring ongoing adaptation of security practices. Continuous learning, proactive risk management and vigilance are a must to help keep models safe.
12. Let's practice!
Now let's practice these concepts!