Multi-Agent Framework for Threat Mitigation and Resilience in AI-Based Systems
Armstrong Foundjem, Lionel Nganyewou Tidjon, Leuson Da Silva, Foutse Khomh
TL;DR
This work proposes a lifecycle-aware, multi-agent threat framework for AI-based systems, integrating MITRE ATLAS, ATT&CK, and the AI Incident Database with real-world vulnerabilities from ML repositories. A five-agent retrieval-augmented system builds an ontology-driven threat graph that links TTPs, vulnerabilities, and ML lifecycle stages, enabling scalable, graph-based severity estimation and real-time monitoring. Key contributions include a state-of-the-art model analysis revealing high vulnerability in foundation and multimodal models, a cross-layer vulnerability taxonomy spanning data, software, and infrastructure surfaces, and an automated CVE-to-ML-tool mapping that exposes supply-chain risks. The framework yields actionable mitigations across data, software, storage, system, and network layers, validated by external correlations to CVSS and incident costs and supported by operational SOC testing. Overall, adaptive, ML-specific security practices—coupling dependency hygiene, threat intelligence, and monitoring—are essential to mitigate evolving supply-chain and inference-time risks in modern ML ecosystems.
Abstract
Machine learning (ML) underpins foundation models in finance, healthcare, and critical infrastructure, making them targets for data poisoning, model extraction, prompt injection, automated jailbreaking, and preference-guided black-box attacks that exploit model comparisons. Larger models can be more vulnerable to introspection-driven jailbreaks and cross-modal manipulation. Traditional cybersecurity lacks ML-specific threat modeling for foundation, multimodal, and RAG systems. Objective: Characterize ML security risks by identifying dominant TTPs, vulnerabilities, and targeted lifecycle stages. Methods: We extract 93 threats from MITRE ATLAS (26), AI Incident Database (12), and literature (55), and analyze 854 GitHub/Python repositories. A multi-agent RAG system (ChatGPT-4o, temp 0.4) mines 300+ articles to build an ontology-driven threat graph linking TTPs, vulnerabilities, and stages. Results: We identify unreported threats including commercial LLM API model stealing, parameter memorization leakage, and preference-guided text-only jailbreaks. Dominant TTPs include MASTERKEY-style jailbreaking, federated poisoning, diffusion backdoors, and preference optimization leakage, mainly impacting pre-training and inference. Graph analysis reveals dense vulnerability clusters in libraries with poor patch propagation. Conclusion: Adaptive, ML-specific security frameworks, combining dependency hygiene, threat intelligence, and monitoring, are essential to mitigate supply-chain and inference risks across the ML lifecycle.
