101 indexed
ATLASATLAS adversarial ML techniques
101 MITRE ATLAS top-level techniques covering the adversarial-ML attack surface, grouped by tactic. Authored by Adam Lundqvist.
13 in Resource Development · 101 total
| ID | Title | Summary |
|---|---|---|
| AML.T0002 | Acquire Public AI Artifacts | Adversaries may search public sources, including cloud storage, public-facing services, and software or data repositories, to identify AI artifacts. These AI a… |
| AML.T0008 | Acquire Infrastructure | Adversaries may buy, lease, or rent infrastructure for use throughout their operation. A wide variety of infrastructure exists for hosting and orchestrating ad… |
| AML.T0016 | Obtain Capabilities | Adversaries may search for and obtain software capabilities for use in their operations. Capabilities may be specific to AI-based attacks [Adversarial AI Attac… |
| AML.T0017 | Develop Capabilities | Adversaries may develop their own capabilities to support operations. This process encompasses identifying requirements, building solutions, and deploying capa… |
| AML.T0019 | Publish Poisoned Datasets | Adversaries may [Poison Training Data](/techniques/AML.T0020) and publish it to a public location. The poisoned dataset may be a novel dataset or a poisoned va… |
| AML.T0020 | Poison Training Data | Adversaries may attempt to poison datasets used by an AI model by modifying the underlying data or its labels. This allows the adversary to embed vulnerabiliti… |
| AML.T0021 | Establish Accounts | Adversaries may create accounts with various services for use in targeting, to gain access to resources needed in [AI Attack Staging](/tactics/AML.TA0001), or … |
| AML.T0058 | Publish Poisoned Models | Adversaries may publish a poisoned model to a public location such as a model registry or code repository. The poisoned model may be a novel model or a poisone… |
| AML.T0060 | Publish Hallucinated Entities | Adversaries may create an entity they control, such as a software package, website, or email address to a source hallucinated by an LLM. The hallucinations may… |
| AML.T0065 | LLM Prompt Crafting | Adversaries may use their acquired knowledge of the target generative AI system to craft prompts that bypass its defenses and allow malicious instructions to b… |
| AML.T0066 | Retrieval Content Crafting | Adversaries may write content designed to be retrieved by user queries and influence a user of the system in some way. This abuses the trust the user has in th… |
| AML.T0079 | Stage Capabilities | Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting. To support their operations, an adversary may need to take… |
| AML.T0104 | Publish Poisoned AI Agent Tool | Adversaries may create and publish poisoned AI agent tools. Poisoned tools may contain an [LLM Prompt Injection](/techniques/AML.T0051), which can lead to a va… |