Threat Modeling for AI/ML Systems
57mAdvanced2024-04-25
Authors

Adam Shostack
Consultant, Entrepreneur, Technologist, and Game Designer
Course details
So much is happening in the world of AI right now that it can be hard to make sense of what’s what. And if you’re a developer, product manager, program manager, or site reliability engineer, you’re expected to deliver secure systems in a practical way. This course is designed to give technologists a durable framework for thinking about what can go wrong with an AI system and how to respond to deliver actionable results. Explore some of the best available frameworks for understanding, categorizing, and discovering security attacks broadly. Instructor Adam Shostack provides an overview of threat modeling, how it fits into the ML and AI systems, and how to create and maintain secure, trustworthy systems.
Skills covered
Software Development SecurityMachine LearningArtificial Intelligence FoundationsCybersecurityArtificial Intelligence (AI)One-Off
Concepts
0. Introduction
- 01 - Threat modeling introduction
- 02 - What you should know
1. Threat Modeling Overview
- 03 - Threat modeling is important when building AI systems
- 04 - The four-question framework structures your work
- 05 - Anyone can threat model and you should, now
- 06 - Trustworthy AI - Threat modeling is better than principles
2. What Are You Working on with ML
- 07 - ML for business, offense, defense, and software
- 08 - Draw your architecture
- 09 - Deployment architectures influence your threats
- 10 - Training data is a crucial variable
- 11 - The stochastic parrot
3. What Can Go Wrong with ML Security
- 12 - The OWASP Top Ten as a checklist
- 13 - The Berryville Institute Exhaustive List
- 14 - Microsoft's frameworks for security flaws
- 15 - Prompt injection
- 16 - Embarrassing and hostile results
4. What Can Go Wrong with AI - Trustworthiness
- 17 - NIST Framework
- 18 - EU's AI Act
- 19 - Current harms
- 20 - Scenarios
5. What Are You Going to Do about It
- 21 - Specific frameworks
- 22 - Mitigations advance faster than threats
- 23 - Deploying new technology isn't a one-and-done
Conclusion
- 24 - Next steps
Related courses
- Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes
- AI Product Security: Secure Architecture, Deployment, and Infrastructure
- AI Product Security: Testing, Validation, and Maintenance
- The OWASP Top 10 for Large Language Model (LLM) Applications: An Overview
- Threat Modeling: Information Disclosure in Depth
- Learning Threat Modeling for Security Professionals
- Microservices Security Workshop: From Build to Production
- 5G Security in Depth: A Hands-On Approach to Securing RAN, Core, and Telco Cloud
Related learn paths
- Leverage AI as a Cybersecurity Analyst
- Building AI Products: Security Essentials Professional Certificate by LinkedIn Learning
- Become an Ethical Hacker
- Master Digital Transformation
- Introduction to Fundamental Skills for Data Work: Data Strategy and Planning
- Become an IT Security Specialist
- Improve Your Threat Modeling Skills
- Hands-On Healthcare Analytics