5 Adversarial AI Attacks: How to Stay Safe
AI (specifically generative AI) works off the knowledge it’s been given. Give it a map, and it can navigate you anywhere. But what happens if someone swaps north and south on that map? The AI’s not going to know the difference, and suddenly that map’s never going to work.
This is adversarial AI in action.
Adversarial AI (or adversarial machine learning) has gone from an “interesting idea” to a massive security risk for all AI users. In fact, MITRE created the ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) Threat Matrix to provide a globally accessible knowledge base regarding attacks against AI systems.
In this post, we break down what adversarial AI is and what you can do to stay safe from this AI manipulation threat.
What Is Adversarial AI?
Adversarial AI tricks AI into giving bad, and potentially dangerous, results. This can happen by messing with training data or manipulating AI outputs through tricky prompts. Compared to traditional cybercrime, like phishing and malware, adversarial AI targets how an AI behaves through subtle nudges and manipulation.
Say you have an AI Chatbot that answers customer questions. An attacker can use adversarial AI to:
- Feed bad information to your AI, causing it to give dangerous or misleading responses.
- Manipulate the chatbot into sharing sensitive information or acting in unintended ways.
An attack like this might cause your bot to accidentally link a client to a virus instead of a product page, or reveal a password or proprietary information. That’s not to mention the cost of identifying, fixing, and preventing future attacks.
The Threat of Adversarial AI
Adversarial AI turns AI into an extension of your attack surface. That means, when you use AI, you give the bad guys another entry point into your company. If your AI is being used for security, automation, or permissions, a manipulated AI could lead to catastrophic results.
Unlike traditional cybersecurity attacks, adversarial AI is far subtler with long-term ramifications. Antivirus software won’t be able to stop a hacker from asking an AI a manipulative question, and a firewall sure won’t stop an AI from giving away sensitive information.
This begs the question: “How the heck can I stay safe from an attack?”
How Do You Stay Safe?
Here are 5 major adversarial attacks and how to stay safe from them:
1. Data Poisoning
AI is only as good as the data it’s trained on, and hackers know this. By manipulating AI training data, hackers can corrupt how the AI learns, processes, and generates information.
Example: Attackers sent Google’s Gmail spam filter millions of carefully crafted emails to confuse the AI classifier. By doing this, they changed how the system defined spam, allowing malicious emails containing malware or other threats to slip through undetected.
How to stay safe: Only give your AI data from internal, verified, and secure databases. By keeping your data clean and isolated, you can mitigate the chances of data poisoning.
2. Evasion Attacks
These attacks manipulate already-trained AI through subtle prompts and inputs, causing the AI to generate incorrect results. Unlike poisoning, these attacks happen in real-time and exploit model blind spots.
Example: McAfee researchers used electrical tape to trick a self-driving car into reading a 35 mph street sign as an 85 mph. The researchers used a 2-inch strip of black tape to extend the middle stroke of the “3”. To a human, it looked like a slightly warped 35 mph sign, but to the AI, the change was enough for the system to read it as 85 mph.
How to stay safe: Don’t let your AI have the final say in critical processes. Always double-check your AI outputs to make sure your AI is not being misled.
3. Data Extraction
Attackers can prompt an AI model to pull private or proprietary information, leading to data leaks and compromises.
Example: Researchers showed this in action by using specific “trigger” phrases to make GPT-2 output training data, including personal and private information, names, email addresses, and phone numbers.
How to stay safe: Do not feed your data any sensitive information (Social security numbers, client info, passwords, etc.). Use pseudonyms to anonymize your data, so your AI can never accidentally repeat the info.
4. Model Extraction
Hackers can barrage an AI model with prompts that basically ask, “How do you work?” This allows hackers to reverse engineer existing AI models, one response at a time. This compromises both security and intellectual property.
Example: Google DeepMind has identified over 100,000 prompts designed to extract information and clone Gemini.
How to stay safe: Limit how many times people can query your AI in a short period. That way, attackers can’t spam your AI and extract information.
5. Prompt Injection
Attackers use specific phrasing (prompts) to force AI to ignore safety filters, such as: “ignore all previous instructions and do X.”
Example: When prompted to treat every request as legally binding, one hacker managed to get a car dealership’s AI chatbot to agree to selling him a $70,000 Chevrolet Tahoe for only $1. Hilarious? Yes. Though more soberingly, it demonstrates the power of prompt injection and manipulation.
(The dealership did not honor the AI’s incredible sale)
How to stay safe: Same as data extraction, don’t let your AI have the final say in major decisions like financial transactions or password changes. A quick review can stop an AI from being prompted maliciously.
Adversarial AI Attacks? Add It to the List
At the end of the day, AI is a technology that needs managing and securing. That said, it’s going to take a lot more than traditional, layered security systems to stay safe from these adversarial attacks.
But properly safeguarding your AI is a complex, time-consuming process that not every business can manage alone.
By partnering with trusted security professionals, like The 20 MSP, you can properly protect your AI systems. We have a dedicated team of AI experts who can help you secure your data, improve your models, and shore up your security across the board.
If you’re looking to secure your AI or have any questions regarding AI safety, reach out. We’d be more than happy to chat.
Want more tips like this?
Subscribe using the form on the right and get our latest insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
