Comments

Clive Robinson March 27, 2025 1:17 PM

@ ALL,

Hmm…

“… comprehensive taxonomy of adversarial machine learning attacks…”

Those first two words always fill me with a sort of dread, due to in the past having to learn the Linnaean “Systema Sexuale” taxonomy…

As a rule of thumb those who make catalogues, are stuck for other ways to advance the knowledge domain. A taxonomy is a classified catalogue where someone has imposed some oft arbitrary way to link or order items.

The man oft credited –wrongly– with being first was Linnaus and his multiplicity of taxonomies of plants by patterns he saw around him. None of which really grouped things “animal vegetable or mineral” together in a way that was useful to furthering the respective knowledge domains.

So… ill thought out taxonomies can be “boat anchors” in any science or subject of research as they encourage wrong thinking. Especially when things are in constant flux, as they tend to be in a domain that is essentially combative.

So the question arises of

“How well thought out is this NIST “Aadversarial Machine Learning”(AML) taxonomy, and how stable is it going to be even a short distance into the future?”

Well it says in the abstract,

“The taxonomy is arranged in a conceptual hierarchy that includes key types of ML methods, life cycle stages of attack, and attacker goals, objectives, capabilities, and knowledge.”

Spot “conceptual” another dread word to see in anything, like “random” it’s definition is mostly self referential…

But note two important statments that go toward answering this,

“This document is the result of an extensive literature review, conversations with experts in adversarial machine learning, and research performed by the authors in adversarial machine learning.”

“Like the taxonomy, the terminology and definitions are not intended to be exhaustive but rather to serve as a starting point for understanding and aligning on key concepts that have emerged in the AML literature.”

Some may have noted I say,

“current AI LLM and ML systems”

Almost always and so might wonder why?

Well it’s because I do not expect LLMs and ML systems as they currently are to be around for very much longer because they are as currently designed and used a dead end.

Thus the first statement above kind of tells you this taxonomy is in effect “out of date” before it’s even got started.

Further the second statement kind of tells you this taxonomy is not really designed to leave the “starting blocks”…

But we already know there is another type of AI out there that has “agency” and it’s already killed and maimed people due to it’s deficiencies despite having multi spectral and visual inputs.

Tesla and other road motor vehicle companies have been trying and mainly failing to make safe self driving a feature…

ResearcherZero March 29, 2025 3:27 AM

@Clive Robinson

It could be useful at least as a reference for anyone running attacks who want to increase the chance of successful prompt, referrer forgery, scripting and privilege escalation. LLMs have their own agents which perform tasks, but do not have the same level of security checks, perhaps because they were designed to perform simpler tasks and it was overlooked.

I won’t post links to the latest attacks but there is some detail on why they work.

‘https://cybernetist.com/2024/09/23/some-notes-on-adversarial-attacks-on-llms/

Prediction and Hallucination

Information which may shed a little light on LLM workings.
https://www.anthropic.com/research/tracing-thoughts-language-model

How to increase the chance of successful prompt injection attacks against LLMs.
https://arstechnica.com/security/2025/03/gemini-hackers-can-deliver-more-potent-attacks-with-a-helping-hand-from-gemini/

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.