On 2024-11-14T05:00:00Z, we hosted the November Global Community Meetup with Susanna Cox, where she highlighted the critical role of data in AIML security and helped us apply that knowledge to understand AI-specific threats using three methodologies.
Replay
Key takeaways
Susanna introduced three approaches to understanding AI-specific threats:
- NIST AI 100-2e2023 (CIA model, applied to AI)
- OWASP AI Exchange (Dev/Deployment phases, MLSecOps)
- Boolean path threat model + OODA Loop (Game theoretic, boolean, OODA).
She also suggested three steps to understanding the AIML system attack surfaces, along with three questions you can ask in the process. Here’s a glimpse of what she covered:
View the full slides.
Resources
Here are a few resources Susanna referred to during her session:
- OWASP AI Exchange
- NIST AI 100-2e2023
- Threat Modeling Manifesto
- Threat Modeling Capabilities
- Securing AIML Systems in the Age of Information Warfare
- anglesofattack.io
Peer discussions
After Susanna’s presentation, we moved into breakout groups groups to discuss:
- How does the role of data in AI systems change the attack surface? How can security professionals adjust their thought processes around this?
- Does the CIA triad (confidentiality, integrity, and availability) still apply to AIML systems? Why or why not?
Take a look at the insights here.
Group photo
It was a really insightful session, packed with helpful frameworks and resources for modeling threats in any AIML environment - led by a true AI security pioneer. Thanks to everyone who joined us, and a special shoutout to our peer group facilitators @aulong @ClaireAA @Robin @dimitri.redant @FraserScott for guiding the breakout sessions!
Next global meetup (Jan 13, 2025)
We’ll dive into “success metrics for threat modeling” at our next global meetup, featuring Caroline Wong as our monthly speaker. Caroline wrote an entire book on metrics for software security and will join us to discuss what success looks like for threat modeling and how to measure and communicate them. Join us: TMC January Global Meetup: Success and Metrics for Threat Modeling · Zoom · Luma