You can’t generate impressive results, efficiency, and new solutions without a little risk. And in the world of digital transformation, cybersecurity is the main risk to look out for. We’ve seen this in agricultural tech advancements, the IoT, and even autonomous vehicles.
AI, specifically machine learning, is no exception.
As developers and engineers continue to safeguard machine-learning systems with updated security measures, cybercriminals continue to evolve their tactics to penetrate those systems.
Google recently launched a dedicated team of cybersecurity professionals to study this very topic — i.e. a red team. Specifically red teams are trained to think like a hacker so they can accurately predict and combat hacker tactics. Or, as Wikipedia describes them, “a group that pretends to be an enemy.”
In an interview with The Register, the head of Google Red Teams Daniel Fabian discusses common cyberattacks businesses with machine-learning systems need to look out for:
- Data poisoning
Machine-learning models need to learn before they can function. And it’s in that training stage that they’re most vulnerable. Today’s cybercriminals can alter (poison) the date in those training models to change the function of a machine-learning system.
“Anyone can publish stuff on the internet, including attackers, and they can put their poison data out there. So we as defenders need to find ways to identify which data has potentially been poisoned in some way.”
- Prompt injection attacks
Hackers can also tinker with a language learning model’s (LLM) output. This usually entails code to instruct the model to ignore previous instructions, and the code will provide new commands that can switch the intended action to a more nefarious one.
- Backdoor
Like the name suggests, a backdoor cyberattack entails creating a hidden entry to the model’s code. Keyword hidden — hackers can move into the model’s code and bypass any implemented authentication measures.
“On the one hand, the attacks are very ML-specific, and require a lot of machine learning subject matter expertise to be able to modify the model’s weights to put a backdoor into a model or to do specific fine tuning of a model to integrate a backdoor.”
- Adversarial attacks
Hackers can feed specialized inputs into a machine-learning model and lead it to make mistakes or produce incorrect outputs.
But while we must remain vigilant, there’s no need to panic. Fabian predicts that it will get easier for cyber professionals to predict weaknesses and vulnerabilities and thus protect their data and machine-learning systems:
“In the long term, this absolutely favors defenders because we can integrate these models into our software development life cycles and make sure that the software that we release doesn’t have vulnerabilities in the first place.”Read the full article on the Register here.
