ai-ml-security

What problem does it solve?

This Skill helps you assess and mitigate security risks across the full AI/ML lifecycle, including model supply chain compromise, adversarial manipulation, training and federated learning poisoning, model extraction, privacy leakage, and LLM/agent-specific threats.

Core Features & Use Cases

• Model supply chain attack coverage: Detect and reason about risks like pickle-based deserialization RCE in PyTorch artifacts, Hugging Face poisoning (including backdoored weights and malicious tokenizer/config), and dependency confusion in ML pipelines.
• Adversarial example playbooks: Guide evaluation of robustness using common perturbation methods such as FGSM, PGD, and C&W, including physical-world adversarial considerations.
• Privacy and extraction threat modeling: Plan tests for membership inference, model inversion, gradient leakage in federated learning, and query-based model stealing/extraction.

Example use case: Before deploying an MLaaS endpoint, run a threat assessment that checks whether untrusted model files could execute code on load, whether the model is robust to adversarial inputs, and whether API responses leak enough information for extraction or membership inference.

Quick Start

Ask an AI agent to run an AI/ML security assessment for your model loading pipeline and inference API, focusing on supply chain integrity, adversarial robustness, and privacy leakage.