- Maturity
- demonstrated
- Reference
- atlas.mitre.org/techniques/AML.T0018.001
Description
Adversaries may directly modify an AI model’s architecture to re-define it’s behavior. This can include adding or removing layers as well as adding pre or post-processing operations.
The effects could include removing the ability to predict certain classes, adding erroneous operations to increase computation costs, or degrading performance. Additionally, a separate adversary-defined network could be injected into the computation graph, which can change the behavior based on the inputs, effectively creating a backdoor.
How GTK Cyber trains on this
GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the relevant tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.