PromptRiskDBThreat intelligence atlas

Manipulate AI Model - AI Security Technique

AI Security Technique

Adversaries may directly manipulate an AI model to change its behavior or introduce malicious code. Manipulating a model gives the adversary a persistent change in the system. This can include poisoning the model by changing its weights, modifying the model architecture to change its behavior, and embedding malware which may be executed when the model is loaded.

Overview

A source-backed snapshot of this AI security technique.

Tactics2Attacker goals connected to this method.
Mitigations3Defenses that may help against this attack.
AI risks13Research-backed risks connected to this topic.

Technique details

Identifiers, maturity, and source taxonomy for this technique.

ATLAS ID
AML.T0018
Maturity
realized
Priority score
104
ATLAS tactics
AI Attack StagingPersistence

Attack flow

How to read the public records connected to this technique.

1. TechniqueRead the ATLAS description and evidence level.
2. TacticsSee which attacker goals this method supports.
3. ExamplesCheck whether public case studies mention it.
4. DefensesReview safeguards mapped by ATLAS.
5. SourcesOpen the original public records and references.

Impact

Why this technique may deserve attention in the current dataset.

  • Evidence levelrealized
  • Mapped defenses3 ATLAS mitigation records
  • Public examples0 linked case study records
  • Research risks13 related MIT AI Risk records above the confidence threshold
  • Vulnerabilities0 linked CVE records

Mitigations

Defenses that may help against this attack.

AML.M0013 - Code Signing

Code signing provides a guarantee that the model has not been manipulated after signing took place.

LifecycleDeploymentCategoryTechnical - Cyber
Deployment

AML.M0008 - Validate AI Model

Validating an AI model against a wide range of adversarial inputs can help increase confidence that the model has not been manipulated.

LifecycleML Model Evaluation + 1 moreCategoryTechnical - ML
ML Model EvaluationMonitoring

Case studies

Examples from public reports and exercises.

No case studies found. No public example is connected to this attack in the current data.

Source evidence

Original public records and references for this page.