External risks in AI

AI Security and Risk Management

Angeline Corvaglia

Founder and Digital Transformation Expert

external risks

Internal Risks

Within design or data

separator

External Risks

Outside actors

Manipulate the model

Targeting different aspects

Common external risks

representation of external risks

Adversarial input attacks
Data corruption and poisoning
Model theft and inversion
Infrastructure attacks
Supply chain attacks

Adversarial input attacks

Impact inference phase (when it encounters new data)
Influence decision-making

separator

Example

Slightly alter image
Misclassify

representation of adversarial input attacks

Data corruption and poisoning

Impact training phase
Target integrity of learning

light bulb

Example

Fake product reviews
Impact an e-commerce recommendation system

representation of data corruption

Model theft and inversion

representation of model inversion

Aimed at sensitive information
Exploit the model itself

light bulb

Example

Use manipulated inputs to uncover private data used in training

Infrastructure attacks

representation of infrastructure attacks

Target physical and virtual environments
Attack the infrastructure

light bulb

Example

Flood AI servers with requests to overload them and make them inaccessible

Supply chain attacks

representation of supply chain attacks

Compromise components or libraries
Exploit the building blocks of AI models

light bulb

Example

Inject vulnerability in widely used library

Security best practices

Regular security audits
Data validation and sanitation
Strong access controls
Encrypting sensitive data
Anonymizing data

representation of a tool kit

More best practices

Continuous monitoring
Use trusted tools
Update tools regularly
Ongoing education

image representing best practices

Risks evolve quickly

Ongoing adaption
Continuous learning
Proactive risk management
Vigilance

representation of fast change

Let's practice!

AI Security and Risk Management