ADMIn: Attacks on Dataset, Model and Input. A Threat Model for AI Based Software
Vimal Kumar, Juliette Mayo, Khadija Bahiss
TL;DR
The paper addresses AI-specific threats in AI-based software by proposing an attack-centric threat model that ties adversarial AI threats to the AI software development lifecycle. It contributes a structured three-phase model (data processing, model development, deployment) and a corresponding ADMIn taxonomy (attacks on dataset, model, and input) to systematically identify threats. The authors validate their approach through application to two real-world AI systems, illustrating how threats emerge across data, model, and input dimensions and how they can be enumerated within the lifecycle. This work provides practitioners with a repeatable methodology to uncover AI-specific vulnerabilities, enabling targeted mitigations across development, deployment, and governance processes.
Abstract
Machine learning (ML) and artificial intelligence (AI) techniques have now become commonplace in software products and services. When threat modelling a system, it is therefore important that we consider threats unique to ML and AI techniques, in addition to threats to our software. In this paper, we present a threat model that can be used to systematically uncover threats to AI based software. The threat model consists of two main parts, a model of the software development process for AI based software and an attack taxonomy that has been developed using attacks found in adversarial AI research. We apply the threat model to two real life AI based software and discuss the process and the threats found.