Blog

AI Poisoning: What You Need To Know To Protect Your Business

May 20, 2021
Jeff Ahlerich

Machine learning provides tremendous benefits for automating repetitive tasks. But what happens when the machine learns (or is “poisoned” with) bad code? That’s the reality IT professionals must be wary of when using artificial intelligence (AI) and machine learning in their business. AI poisoning can be devastating to your organization and is poised to be a major cybersecurity threat in 2021.

AI POISONING: THE BASICS

At a basic level, machine learning algorithms “learn” specific tasks and can analyze and filter specific data based on pre-defined criteria. Unfortunately, cybercriminals have found a way to exploit this technology through what is known as “AI Poisoning.” Essentially what happens is cybercriminals will corrupt the training data, leading to “algorithmic missteps that are amplified by ongoing data crunching using poor parametric specifications. Data poisoning exploits the weakness by deliberately polluting the training data to mislead the machine learning algorithm and render the output either obfuscatory or harmful.”

Although humans are adept at recognizing patterns and filtering the important aspects of those patterns, machines are reliant on specific criteria and are less discerning of small variations. For example, a machine may understand the basic differences between traffic signs or signals, but in the wrong hands, these “learned actions” can be altered.

WHEN AI GOES WRONG

There have been several public cases of AI poisoning over the years. A notable attack occurred in 2016, corrupting Microsoft’s AI chatbot. The chatbot was designed to learn to interact with humans through ongoing engagement. Unfortunately, the idea backfired. In less than a day, Twitter users had successfully retrained the chatbot to shift from playful conversation to inflammatory and offensive tweets.

Experts caution that although AI can be used for good, it has the ability to cause devastating outcomes if left unprotected. “A military drone misidentifies enemy tanks as friendlies. A self-driving car swerves into oncoming traffic. An NLP bot gives an erroneous summary of an intercepted wire. These are examples of how AI systems can be hacked, which is an area of increased focus for government and industry leaders alike.”

Although enterprise organizations may not experience such life and death outcomes to AI poisoning, the damage to their business and reputation can still be quite dramatic.

DEFENDING AGAINST AI POISONING

The primary entry point for AI poisoning is in the training data used to “teach” your machines. So, it stands to reason that the tighter you control your training data, the safer you’ll be. The following tips will help:

  1. Ensure you vet any third-party partners or vendors who may be involved in training your model or providing samples for training.
  2. Establish a mechanism for inspecting training data for contamination.
  3. Avoid real-time training, if possible. This will enable you to not only vet data but discourage attackers as well.
  4. Maintain a clean copy of your data set. This will help you quickly identify any considerable changes that could be indicative of AI poisoning.
  5. Be vigilant about who has access to your training data and how it is labeled.
  6. Consider training a secondary tier of AI to help spot mistakes in your primary data analysis.
  7. Always employ human oversight on data analysis to be on the lookout for any anomalies.

As AI and machine learning advance, so should your oversight over the integrity of your data. Be sure you are taking appropriate actions to vet, verify, and validate your data at regular intervals. And be prepared to take action should you discover a potential data poisoning. The faster you take action, the less the damage will be to your data and company.

«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development