{"id":20772,"date":"2023-06-30T14:50:02","date_gmt":"2023-06-30T13:50:02","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=20772"},"modified":"2024-02-26T15:08:53","modified_gmt":"2024-02-26T14:08:53","slug":"attacking-ai-a-real-life-example","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/","title":{"rendered":"Attacking AI? A real-life example!"},"content":{"rendered":"\n<ul>\n<li style=\"text-align: justify;\"><em>In 2023, Artificial Intelligence has received unprecedented media coverage. Why? ChatGPT, a generative artificial intelligence capable of answering questions with astonishing precision.<\/em> <em>The potential uses are numerous and go beyond current comprehension. So much so that some members of the scientific and industrial communities are suggesting that we need to take a six-month break from AI research to reflect on the transformation occurring in our society. <\/em><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><em>As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone&#8217;s Cyber teams invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.<\/em><\/p>\n<h2 style=\"text-align: justify;\">Attacking an internal AI system (our CISO hates us)<\/h2>\n<h3 style=\"text-align: justify;\">Approach and objectives<\/h3>\n<p style=\"text-align: justify;\">As demonstrated by recent work on AI<a href=\"#_ftn1\" name=\"_ftnref1\">[1]<\/a> systems by <a href=\"https:\/\/www.enisa.europa.eu\/publications\/securing-machine-learning-algorithms\">ENISA<\/a><a href=\"#_ftn2\" name=\"_ftnref2\">[2]<\/a> and <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/white-paper\/2023\/03\/08\/adversarial-machine-learning-taxonomy-and-terminology\/draft\">NIST<\/a><a href=\"#_ftn3\" name=\"_ftnref3\">[3]<\/a>, AI is vulnerable to a number of cyber threats. These threats can be generic or specific, but impact all AI systems based on Machine Learning.<\/p>\n<figure id=\"attachment_20773\" aria-describedby=\"caption-attachment-20773\" style=\"width: 941px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-20773 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image1A.png\" alt=\"Different threats facing Artificial Intelligence: evasion, oracle, poisoning, ML failure or malfunction, model or data disclosure, compromise of ML application components\" width=\"941\" height=\"457\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image1A.png 941w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image1A-393x191.png 393w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image1A-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image1A-768x373.png 768w\" sizes=\"auto, (max-width: 941px) 100vw, 941px\" \/><figcaption id=\"caption-attachment-20773\" class=\"wp-caption-text\"><em>Different threats facing Artificial Intelligence<\/em><\/figcaption><\/figure>\n<p style=\"text-align: justify;\">To check the feasibility of such threats, we wanted to test Evasion and Oracle threats on one of our low-impact internal applications: Artistic, a tool for classifying employee tickets for IT support.<\/p>\n<p style=\"text-align: justify;\">To do this, we put ourselves in the shoes of a malicious user who, knowing that ticket processing is based on an Artificial Intelligence algorithm, would try to carry out Evasion or Oracle-type attacks.<\/p>\n<p style=\"text-align: justify;\">Obviously, the impact of such attacks is very low, but our AI is a great playground for experimentation.<\/p>\n<h3 style=\"text-align: justify;\">Application overview<\/h3>\n<h3><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20802 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-8.png\" alt=\"Application presentation\" width=\"1499\" height=\"914\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-8.png 1499w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-8-313x191.png 313w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-8-64x39.png 64w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-8-768x468.png 768w\" sizes=\"auto, (max-width: 1499px) 100vw, 1499px\" \/><\/h3>\n<h3 style=\"text-align: justify;\">Application architecture<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-20800 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-9.png\" alt=\"Artistic architecture\" width=\"1269\" height=\"921\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-9.png 1269w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-9-263x191.png 263w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-9-54x39.png 54w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/MicrosoftTeams-image-9-768x557.png 768w\" sizes=\"auto, (max-width: 1269px) 100vw, 1269px\" \/><\/p>\n<h2>\u00a0<\/h2>\n<h2 style=\"text-align: justify;\">Evasion attack<\/h2>\n<h3 style=\"text-align: justify;\">Approach overview<\/h3>\n<p style=\"text-align: justify;\">An evasion attack consists of hijacking the artificial intelligence by providing it with contradictory examples (also known as &#8220;adversarial examples&#8221;) in order to create inaccurate predictions. An adversarial example is an input with intentional mistakes or changes that cause a machine learning model to make a false prediction. These mistakes or changes can easily go unnoticed by a human, such as a typo in a word, but radically alter the model&#8217;s output data.<\/p>\n<p style=\"text-align: justify;\">For our example, we will try to build different contradictory examples using three techniques:<\/p>\n<ul>\n<li style=\"text-align: justify;\"><span style=\"color: #33cccc;\">Deleting and changing characters<\/span><\/li>\n<li style=\"text-align: justify;\"><span style=\"color: #ff0000;\">Replacing words using a dedicated technique (Embedding)<\/span><\/li>\n<li style=\"text-align: justify;\"><span style=\"color: #7030a0;\">Changing the position of words<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\">The contradictory examples in our use case are slightly modified written requests (see example 1 below) which will be categorised in the Artistic ticketing tool.<\/p>\n<p style=\"text-align: justify;\">To do this, we&#8217;re going to use a dedicated tool: TextAttack. TextAttack is a Python framework for performing evasion attacks (interesting for our case), training an NLP model with contradictory examples, and performing data augmentation in the NLP domain. \u00a0<\/p>\n<h3 style=\"text-align: justify;\">Results<\/h3>\n<p style=\"text-align: justify;\">Consider a sentence correctly classified by our Artificial Intelligence with a high probability. Let&#8217;s now apply the TextAttack Framework and use it to generate contradictory examples based on our correctly classified sentence.<\/p>\n<figure id=\"attachment_20779\" aria-describedby=\"caption-attachment-20779\" style=\"width: 943px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-20779 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image4A.png\" alt=\"Test example\" width=\"943\" height=\"419\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image4A.png 943w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image4A-430x191.png 430w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image4A-71x32.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image4A-768x341.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><figcaption id=\"caption-attachment-20779\" class=\"wp-caption-text\"><em>Test example<\/em><\/figcaption><\/figure>\n<p style=\"text-align: justify;\">We have observed that sentences which are (more or less) comprehensible to a person can confuse the Artificial Intelligence to the point of misclassifying them. In addition, we can see that with a multitude of contradictory examples created, it is possible for the model to assign the same message to each of the classification categories with varying accuracy rates.<\/p>\n<p style=\"text-align: justify;\">By extension, with more critical Artificial Intelligence models, these poor predictions cause a number of problems:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Security breaches: the model in question is compromised and it becomes possible for attackers to obtain inaccurate predictions<\/li>\n<li>Reduced confidence in AI systems: such an attack reduces confidence in AI and the choice of adopting such models, calling into question the potential of this technology<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">However, according to ENISA, a number of measures can be implemented to be protected against this type of attack:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Define a model that is more robust against evasion attacks. Artistic&#8217;s AI system is not particularly robust to these attacks and is very basic in its operation (as we shall see later). A different model would certainly have been more resistant to evasion attacks.<\/li>\n<li>Adversarial training during the model learning phase. This consists of adding examples of attacks to the training data so that the model improves its ability to classify &#8220;strange&#8221; data correctly.<\/li>\n<li>Implement checks on the model&#8217;s input data to ensure the &#8216;quality&#8217; of the words entered.<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\">\u00a0<\/h2>\n<h2 style=\"text-align: justify;\">Oracle Attack<\/h2>\n<h3 style=\"text-align: justify;\">Definition<\/h3>\n<p style=\"text-align: justify;\">Oracle attacks involve studying AI models and attempting to obtain information about the model by interacting with it via queries. Unlike evasion attacks, which aim to manipulate the input data of an AI model, Oracle attacks attempt to extract sensitive information about the model itself and the data it has manipulated (the type of training data used, for example).<\/p>\n<p style=\"text-align: justify;\">In our use case, we are simply trying to understand how the model works. To do this, we sought to understand the model\u2019s behaviour by analysing the input-output pairs provided by our contradictory examples.<\/p>\n<h3 style=\"text-align: justify;\">Results<\/h3>\n<figure id=\"attachment_20781\" aria-describedby=\"caption-attachment-20781\" style=\"width: 942px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-20781 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image5A.png\" alt=\"Test example\" width=\"942\" height=\"288\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image5A.png 942w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image5A-437x134.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image5A-71x22.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/Image5A-768x235.png 768w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><figcaption id=\"caption-attachment-20781\" class=\"wp-caption-text\"><em>Test example<\/em><\/figcaption><\/figure>\n<p style=\"text-align: justify;\">By going through several trials, the attacker may be able to detect the sensitivity of the model to changes in the input data. From the example above, we can see that the algorithm used by the application predicts the class of a message by assigning a score to each word and then determines the category. By analysing these various results, the attacker may be able to deduce the model\u2019s vulnerabilities to evasion attacks.<\/p>\n<p style=\"text-align: justify;\">By extension, on more critical Artificial Intelligences, Oracle-type attacks pose several problems:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Infringement of intellectual property: as mentioned, the Oracle attack can allow the theft of the model architecture, hyperparameters, etc. Such information can be used to create a replica of the model.<\/li>\n<li>Attacks on the confidentiality of training data: this attack may reveal sensitive information about the training data used to train the model, which may be confidential.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">A few measures can be implemented to protect against this type of attack:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Define a model that is more robust to Oracle-type attacks. Artistic&#8217;s AI system is very basic and easy to understand.<\/li>\n<li>For AI more broadly, ensure that the model respects differential privacy. Differential privacy is an extremely strong definition of privacy that guarantees a limit to what an attacker with access to the results of the algorithm can learn about each individual record in the dataset.<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\">Getting to grips with the subject in your organisation today<\/h2>\n<p style=\"text-align: justify;\">We have observed that even without precise knowledge of the parameters of an Artificial Intelligence model, it is relatively easy to carry out Evasion or Oracle-type attacks.<\/p>\n<p style=\"text-align: justify;\">In our case, the impact is limited. However, the consequences of an evasion attack on an autonomous vehicle or an Oracle-type attack on a model used with health data are far more serious for individuals: physical damage in one case and invasion of privacy in the other.<\/p>\n<p style=\"text-align: justify;\">A number of our customers are already starting to deploy initial measures to deal with the cyber risks created by the use of AI systems. In particular, they are developing their risk analysis methodology to take account of the threats outlined above, and most importantly they are putting in place relevant countermeasures, based on security guides such as those proposed by ENISA or NIST.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref1\" name=\"_ftn1\">[1]<\/a> An artificial intelligence system, in the AI Act legislative proposal, is defined as <em>&#8220;software developed using one or more of the techniques and approaches listed in Annex I of the proposal and capable, for a given set of human-defined goals, of generating results such as content, predictions, recommendations, or decisions influencing the environments with which they interact.<\/em>&#8221; In our paper, we consider that AI systems have been trained via Machine Learning, as is generally the case on modern use cases such as ChatGPT.<\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref2\" name=\"_ftn2\">[2]<\/a> <a href=\"https:\/\/www.enisa.europa.eu\/publications\/securing-machine-learning-algorithms\">https:\/\/www.enisa.europa.eu\/publications\/securing-machine-learning-algorithms<\/a><\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref3\" name=\"_ftn3\">[3]<\/a> <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/white-paper\/2023\/03\/08\/adversarial-machine-learning-taxonomy-and-terminology\/draft\">https:\/\/csrc.nist.gov\/publications\/detail\/white-paper\/2023\/03\/08\/adversarial-machine-learning-taxonomy-and-terminology\/draft<\/a><\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref4\" name=\"_ftn4\">[4]<\/a> A ticket represents a sequence of words (in other words, a sentence) in which the employee expresses his or her need.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In 2023, Artificial Intelligence has received unprecedented media coverage. Why? ChatGPT, a generative artificial intelligence capable of answering questions with astonishing precision. The potential uses are numerous and go beyond current comprehension. So much so that some members of the&#8230;<\/p>\n","protected":false},"author":1438,"featured_media":20765,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777],"tags":[4083,3602,4358,4359],"coauthors":[4082,4274],"class_list":["post-20772","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","tag-ai","tag-attack","tag-evasion","tag-oracle"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacking AI? A real-life example! - RiskInsight<\/title>\n<meta name=\"description\" content=\"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone&#039;s cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacking AI? A real-life example! - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone&#039;s cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-30T13:50:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-26T14:08:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Pierre Aubret, Ayoub Mellah\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pierre Aubret, Ayoub Mellah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\"},\"author\":{\"name\":\"Pierre Aubret\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/d9e53a156ad5a20784f1a47e5c07ee80\"},\"headline\":\"Attacking AI? A real-life example!\",\"datePublished\":\"2023-06-30T13:50:02+00:00\",\"dateModified\":\"2024-02-26T14:08:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\"},\"wordCount\":1303,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg\",\"keywords\":[\"AI\",\"attack\",\"evasion\",\"Oracle\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\",\"name\":\"Attacking AI? A real-life example! - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg\",\"datePublished\":\"2023-06-30T13:50:02+00:00\",\"dateModified\":\"2024-02-26T14:08:53+00:00\",\"description\":\"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone's cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attacking AI? A real-life example!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/d9e53a156ad5a20784f1a47e5c07ee80\",\"name\":\"Pierre Aubret\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/pierre-aubret\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacking AI? A real-life example! - RiskInsight","description":"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone's cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/","og_locale":"en_US","og_type":"article","og_title":"Attacking AI? A real-life example! - RiskInsight","og_description":"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone's cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/","og_site_name":"RiskInsight","article_published_time":"2023-06-30T13:50:02+00:00","article_modified_time":"2024-02-26T14:08:53+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg","type":"image\/jpeg"}],"author":"Pierre Aubret, Ayoub Mellah","twitter_misc":{"Written by":"Pierre Aubret, Ayoub Mellah","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/"},"author":{"name":"Pierre Aubret","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/d9e53a156ad5a20784f1a47e5c07ee80"},"headline":"Attacking AI? A real-life example!","datePublished":"2023-06-30T13:50:02+00:00","dateModified":"2024-02-26T14:08:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/"},"wordCount":1303,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg","keywords":["AI","attack","evasion","Oracle"],"articleSection":["Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/","name":"Attacking AI? A real-life example! - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg","datePublished":"2023-06-30T13:50:02+00:00","dateModified":"2024-02-26T14:08:53+00:00","description":"As part of its commitment to supporting the digital transformation of its clients while limiting the risks involved, Wavestone's cyber team invites you to discover how cyber-attacks can be carried out on an AI system and how to protect against them.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/06\/post-letter-2828146_1280.jpg","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/06\/attacking-ai-a-real-life-example\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Attacking AI? A real-life example!"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/d9e53a156ad5a20784f1a47e5c07ee80","name":"Pierre Aubret","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/pierre-aubret\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1438"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=20772"}],"version-history":[{"count":8,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20772\/revisions"}],"predecessor-version":[{"id":20807,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20772\/revisions\/20807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/20765"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=20772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=20772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=20772"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=20772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}