CyberSecurityBoard
Sponsor Register Login

NIST Details Types of Cyberattacks that Leads to Malfunction of AI

Currently, there is no infallible method to safeguard AI against misdirection, partly because the datasets necessary to train an AI are just too big for humans to effectively monitor and filter.
Computer scientists at the National Institute of Standards and Technology and their collaborators have identified these and other AI vulnerabilities and mitigation measures targeting AI systems.
This new report outlines the types of attacks its AI solutions could face and accompanying mitigation strategies to support the developer community.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
It also classifies them based on various characteristics, including the attacker's goals and objectives, capabilities, and knowledge.
Attackers using evasion techniques try to modify an input to affect how an AI system reacts to it after deployment.
Some examples would be creating confusing lane markings to cause an autonomous car to veer off the road or adding markings to stop signs to cause them to be mistakenly read as speed limit signs.
By injecting corrupted data during the training process, poisoning attacks take place.
Adding multiple instances of inappropriate language to conversation records could be one way to trick a chatbot into thinking that the language is sufficiently prevalent for it to use in real customer interactions.
Attacks on privacy during deployment are attempts to obtain private information about the AI or the data it was trained on to abuse it.
An adversary can pose many valid questions to a chatbot and then utilize the responses to reverse engineer the model to identify its vulnerabilities or speculate where it came from.
It can be challenging to get the AI to unlearn those particular undesirable instances after the fact, and adding undesirable examples to those internet sources could cause the AI to perform badly.
In an abuse attack, incorrect data is introduced into a source-a webpage or online document, for example-which an AI receives.
Abuse attacks aim to provide the AI with false information from an actual but corrupted source to repurpose the AI system for its intended purpose.
With little to no prior knowledge of the AI system and limited adversarial capabilities, most attacks are relatively easy to launch.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 09 Jan 2024 11:00:12 +0000


Cyber News related to NIST Details Types of Cyberattacks that Leads to Malfunction of AI

CMMC v2.0 vs NIST 800-171: Understanding the Differences - The NIST SP 800-171 lays out the requirements for any non-federal agency that handles controlled unclassified information, or other sensitive federal information. DFARS does not address the CMMC at all but a new clause is currently being drafted for ...
10 months ago Securityboulevard.com
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
10 months ago Securityboulevard.com
NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - In a landmark move, the US National Institute of Standards and Technology has taken a new step in developing strategies to fight against cyber-threats that target AI-powered chatbots and self-driving cars. The Institute released a new paper on ...
10 months ago Infosecurity-magazine.com
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
9 months ago Techtarget.com
How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
7 months ago Securityintelligence.com
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - NIST has published a report on adversarial machine learning attacks and mitigations, and cautioned that there is no silver bullet for these types of threats. Adversarial machine learning, or AML, involves extracting information about the ...
9 months ago Securityweek.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
11 months ago Securityboulevard.com
Mozilla decides Trusted Types is a worthy security feature The Register - Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. The browser biz will help reduce a longstanding form of web attack that relies on injected code. ...
10 months ago Go.theregister.com
Mozilla decides Trusted Types is a worthy security feature The Register - Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. The browser biz will help reduce a longstanding form of web attack that relies on injected code. ...
10 months ago Packetstormsecurity.com
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
9 months ago Darkreading.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
7 months ago Bleepingcomputer.com
The US National Institute of Standards and Technology Announces the Successful Encryption Algorithm for Securing Internet of Things Data - The National Institute of Standards and Technology (NIST) recently announced that ASCON was the winning bid for its Lightweight Cryptography Program. This program was designed to find the best algorithm to protect small Internet of Things (IoT) ...
1 year ago Bleepingcomputer.com
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - A recent rise in software vulnerability exploits has come as the US National Vulnerability Database, the world's most comprehensive vulnerability database, experiences its most significant crisis in history. After experiencing a vulnerability ...
5 months ago Infosecurity-magazine.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions - Middle East oil and gas operators will need to be vigilant about the risk of cyberattacks as the Israel-Gaza conflict continues, security experts warn, or else risk energy supply disruption globally. A recent report by S&P Global Ratings found that ...
11 months ago Darkreading.com
NIST Details Types of Cyberattacks that Leads to Malfunction of AI - Currently, there is no infallible method to safeguard AI against misdirection, partly because the datasets necessary to train an AI are just too big for humans to effectively monitor and filter. Computer scientists at the National Institute of ...
9 months ago Cybersecuritynews.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
4 months ago Pandasecurity.com
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution - RansomLord: Open-source anti-ransomware exploit toolRansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. Attackers are probing Check Point Remote Access VPN devicesAttackers ...
5 months ago Helpnetsecurity.com
Examining if NISTs Cybersecurity Framework 20 Could Lead to Global Standards - It has been almost seven years since the 1.1 update of NIST's Cybersecurity Framework. Since its launch in 2014, the Framework has become one of the most influential references for cybersecurity best practices and planning. In January, the world got ...
1 year ago Blog.isc2.org
Vanta announces new offerings to meet the needs of modern GRC and security leaders - Vanta announced a number of new and upcoming product launches enabling customers to accelerate innovation and strengthen security. The new offerings include advanced Reporting to help security professionals measure the success of their security ...
11 months ago Helpnetsecurity.com
NIST CSF Adoption and Automation - As a gold standard for cybersecurity in the United States and the foundation for many new standards and regulations starting to emerge today, the National Institute of Standards and Technology's Cybersecurity Framework is more crucial than ever. ...
10 months ago Securityboulevard.com
FAQ: What Is DFARS Compliance and How Does It Work? - Our intention is to offer a comprehensive perspective on DFARS in the context of cybersecurity, its various clauses, and the intricacies of maintaining compliance as these rules constantly shift and change over time. Size doesn't matter - big global ...
10 months ago Securityboulevard.com
NIST NVD Disruption Sees CVE Enrichment on Hold - Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database, the world's most widely used software vulnerability database. Tom Pace, CEO of firmware security provider ...
7 months ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)