Some of the tech industry’s biggest names, including IBM and Nvidia, have teamed up with Microsoft to launch an industry-focused open framework to empower security analysts to fight against advanced cyber threats.
The Adversarial ML Threat Matrix sees more than 11 organisations, as well as the not-for-profit MITRE, pool resources into drafting a playbook for detecting, responding to and remediating threats against machine learning systems.
With the rise of AI and machine learning systems being deployed by businesses across the world, cyber criminals and hackers are increasingly pivoting to finding ways to disrupt these business-critical platforms.
There’s a significant gap between how these systems are being increasingly targeted and how vulnerable they are due to a lack of protection, according to Microsoft, which is spearheading these efforts.
“When it comes to Machine Learning security, the barriers between public and private endeavors and responsibilities are blurring; public sector challenges like national security will require the cooperation of private actors as much as public investments,” said director of machine learning research with MITRE, Mikel Rodriguez.
“So, in order to help address these challenges, we at MITRE are committed to working with organizations like Microsoft and the broader community to identify critical vulnerabilities across the machine learning supply chain. This framework is a first step in helping to bring communities together to enable organizations to think about the emerging challenges in securing machine learning systems more holistically.”
This initiative is seen as the first step in empowering security teams to defend against attacks on machine learning systems, with the framework systematically organising the techniques used by adversaries. These tabulated tactics and techniques will be available to cyber security professionals as a resource they can use to monitor strategies around protecting their businesses’ machine learning deployments.
The matrix is structured like the ATT&CK framework, another widely-adopted cyber security framework, so that security analysts don’t have to learn anything new or different to understand how to manage machine learning threats.
Microsoft is also seeding the framework with a curated set of vulnerabilities and adversary behaviours that itself and MITRE have betted to be effective against production systems. Analysts can, therefore, focus on realistic and tangible threats to machine learning systems rather than abstract or hypothetical dangers.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
