NIST Highlights Ongoing Challenges in Securing AI Systems from Cyber Threats

TL;DR:

  • NIST’s report highlights four types of cyberattacks targeting AI systems.
  • AI systems face growing risks from malicious actors evading security measures.
  • Existing defenses lack robust assurances, prompting a call for better solutions.
  • Adversarial machine learning attacks include poisoning, abuse, privacy, and evasion.
  • The challenge lies in unlearning malicious behavior within AI models.

Main AI News:

As we usher in a new year, the spotlight continues to shine on the immense potential of artificial intelligence (AI). However, amid the excitement, there looms a shadow cast by malicious actors seeking to exploit the vulnerabilities inherent in emerging generative AI technologies. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has just released a comprehensive report titled “Trustworthy and Responsible AI,” shedding light on the four distinct types of cyberattacks that can manipulate AI systems, along with the essential mitigation strategies and their associated limitations.

NIST’s mandate extends to the development of domestic guidelines for AI model assessment and red-teaming, fostering the creation of consensus-driven standards, and providing testing environments for AI system evaluation. Their findings underscore the growing susceptibility of AI systems to attacks by nefarious entities capable of bypassing security measures and potentially causing data breaches.

Apostol Vassilev, a computer scientist at NIST and one of the report’s authors, highlights the gravity of the situation: “Despite the significant progress AI and machine learning have made, these technologies are vulnerable to attacks that can cause spectacular failures with dire consequences. There are theoretical problems with securing AI algorithms that simply haven’t been solved yet. If anyone says differently, they are selling snake oil.”

In an effort to combat these threats, the report presents a comprehensive overview of attack techniques and methodologies applicable to various AI systems. However, it cautions that existing defenses lack the robust assurances required to fully mitigate the associated risks. Vassilev implores the community to collaborate and devise more effective defense mechanisms, emphasizing the urgency of the matter.

The Landscape of Adversarial Machine Learning Threats

The NIST report classifies potential adversarial machine learning attackers into three distinct categories: white-box hackers, sandbox hackers, and gray-box hackers. Each category poses a significant risk, as fraud in the AI space becomes increasingly sophisticated.

Gerhard Oosthuizen, Chief Technology Officer at Entersekt, warns, “Fraud is growing, and the recipes are getting slicker. At this stage, the technology has led to more challenges in the fraud space than potential wins.”

The challenges and risks associated with AI security continue to escalate as AI infiltrates more aspects of our interconnected economy. The report underscores that AI systems can malfunction when exposed to untrustworthy data, and attackers are exploiting this vulnerability through “poisoning” and “abuse” attacks.

In AI system poisoning, malevolent actors introduce corrupted data during the AI system’s training phase, causing it to interpret inappropriate language as common vernacular, which it then employs in customer interactions. Conversely, AI system abuse attacks involve the insertion of incorrect information from legitimate but compromised sources, altering the AI system’s intended function.

Alina Oprea, a co-author of the NIST report and a professor at Northeastern University, explains, “Most of these attacks are fairly easy to mount and require minimum knowledge of the AI system and limited adversarial capabilities. Poisoning attacks, for example, can be mounted by controlling a few dozen training samples, which would be a very small percentage of the entire training set.”

One of the major challenges in AI defense lies in the difficulty of unlearning a taught behavior within an AI model, even when that behavior is malicious.

Additional Adversarial Machine Learning Threats

The NIST report also highlights two other adversarial machine learning attacks: Privacy attacks and Evasion attacks.

Privacy attacks aim to glean sensitive information about the AI or its training data for nefarious purposes. By posing legitimate questions to a chatbot and reverse-engineering the model based on its responses, malicious actors can identify vulnerabilities or sources.

Evasion attacks occur after an AI system’s deployment, attempting to alter its responses to traditional inputs. This may involve adding misleading markings to road signs to confuse autonomous vehicles or manipulating lane markings to veer vehicles off course.

While a foolproof method for safeguarding AI remains elusive, adhering to basic cybersecurity practices can serve as a bulwark against potential abuses. The timeless wisdom of maintaining a tidy house proves equally relevant in the ever-evolving realm of AI security.

Conclusion:

The NIST report underscores the persistent vulnerabilities in securing AI systems from cyber threats. As AI continues to advance, it is imperative for the market to prioritize the development of more robust defenses and cybersecurity measures to safeguard against malicious attacks. Failure to do so could result in dire consequences, making it essential for businesses to stay vigilant and proactive in protecting their AI assets.

Source