AI systems are valuable intellectual property, vulnerable to theft and illegal redistribution. MITRE, Microsoft, and 16 other organizations tackle such challenges with MITRE ATLAS, the new name for the AdvML Threat Matrix.
Miter AtlasTakes on AI System Theft
对于任何公司来说,创建新的人工智能(AI)系统都不是很小的。这是耗时且昂贵的。而且它的有效性很多。
“Bad actors can reverse engineer valuable AI systems and training data by exploiting the fact that most AI systems remember and reveal too much,” says Mikel Rodriguez, Ph.D., director of MITRE’sAI & Autonomy Innovation Center.
Outright system theft is just one of the concerns. In the last three years, major companies such asGoogle,Amazon, andTesla他们的机器学习(ML)系统受到了损害。而且这种趋势只会上升:根据Gartner报告, by 2022, 30 percent of cyberattacks will involve data poisoning, model theft, or adversarial examples (think optical illusions for machines).
行业没有做出回应。在微软的2020年报告中,有89%的组织“没有配备战术和战略工具来保护,检测和应对对机器学习系统的攻击”。
Of course, problems go far beyond individual companies. “These critical technologies are fundamental to a broader technology competition between nation states,” says查尔斯·克兰西(Charles Clancy), senior vice president, general manager ofMITER LABS, and chief futurist.
“Countries that are successful at mitigating the challenges and vulnerabilities of the current crop of AI and autonomous systems will drive economies, shape societies, and exert influence and exercise power in the world.”
Trusting AI for More Than Movie Recommendations
目前,美国AI和自治的最普遍的应用是在狭窄的低风险环境中,例如互联网搜索引擎。
克兰西说:“让AI系统向您推荐电影是一回事,这是让它驾驶您的汽车的另一件事。”“但是,即使此外,如果对手可以窃取或反向工程师有价值的AI系统,并通过以一小部分成本来快速复制它们来取得成功,那么它就给他们带来了巨大的竞争优势。”
成功地减轻当前人工智能和自治系统的挑战和脆弱性的国家将推动经济,塑造社会,并在世界上发挥影响力和行使力量。
克兰西说,美国需要做更多的事情,以跟上国外的技术进步,我们不能让他们领导AI。
这就是为什么在2020年秋天,微软和Miter发布了Adversarial ML (AdvML) Threat Matrixin collaboration with Bosch, IBM, NVIDIA, Airbus, Deep Instinct, Two Six Technologies, the University of Toronto, Cardiff University, Software Engineering Institute/Carnegie Mellon University, PricewaterhouseCoopers, and Berryville Institute of Machine Learning. This open framework empowers security analysts to detect, respond to, and mitigate threats against ML systems.
“Security and privacy of AI systems is a cornerstone ofMicrosoft's Responsible AI principles,” says Ram Shankar Siva Kumar, principal lead for Microsoft Azure Trustworthy ML. “One of the ways we fulfill this commitment is continuous risk assessment of critical AI systems by automating parts of MITRE’s ATLAS framework using our recently open sourced tool. These exercises have led to increased security visibility into our enterprise AI systems.”
In spring 2021, Cardiff University, Citadel AI, McAfee, Palo Alto Networks, and several other organizations joined MITRE and Microsoft to release Version 2.0. They also gave the matrix a new name:Miter Atlas,人工智能系统的对抗威胁格局。
“As the matrix matured between version 1.0 and 2.0, we knew it needed a stronger name to foster even more community adoption,” says Christina Liaghati, Ph.D., operations manager of MITRE’s AI & Autonomy Innovation Center.
ATLAS is presented in an interactiveMITRE ATT&CK®-style format with connections between the case studies, threats, vulnerabilities, and the matrix itself. Version 2.0 also brings several additional case studies from the new contributors, as MITRE continues to build community engagement and collaborations to focus on the realities of AI security challenges.
Putting a Brand on AI Systems
Rodriguez says artificial intelligence and machine learning are starting to touch every part of our economy, national security, and daily life. “Yet, AI systems demand huge training datasets, are vulnerable to counter-AI attacks, and can bedifficult to understand—and thus trust。”
To ensure the integrity and reliability of AI-enabled systems, MITRE is focused on identifying emerging threats through the ATLAS framework. We’re also developing vendor-agnostic tools to help organizations protect themselves, creating blue and red team handbooks, and more.
我们的AI和自治创新中心解决方案建筑师Jonathan Broadbent说:“这包括为组织开发'水印'的AI系统的方法,从而为它们提供烙印,以防止盗窃。”
Coming Together to Maintain the U.S. Lead in AI
According toDoug Robbins,Miter Labs的工程和原型副总裁,国家安全要求私人参与者与公共投资者的合作。“如果我们要与国家的对手赢得技术竞争,我们需要参与政府和私营部门的努力。这就是实现未来AI应用所需的公平,解释性,隐私和安全性所需的需求。
“We should not lose our current bottom-up innovation culture," Robbins adds. "But even large tech firms cannot be expected to compete with the resources of a global power competition nation state or make the big investments the U.S. will need to stay ahead.”
“That’s why we’re pleased to be working with our partners in the ATLAS framework collaboration to make AI more secure,” says Clancy. “This technology is vital to our nation’s security, prosperity, and health.
“Together, we must protect it from theft and manipulation—and we need to do it now.”