publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1519635
I L T A W H I T E P A P E R | S E C U R I T Y & C O M P L I A N C E 21 limit the amount of information from model outputs, and apply applicable privacy controls. • Backdoored ML embeds hidden functionality in an AI/ML model that can be leveraged as required. Modifying training data, code, or updates creates a backdoor that triggers the model to behave abnormally or maliciously on specific inputs or conditions. To minimize the risk of backdoor attacks, pay attention to the integrity and source of training data, code, and updates and apply anomaly detection and verification controls. • Membership inference is similar to model inversion as it focuses on determining if an individual's personal information has been used to train an AI/ML model to access that personal information. To minimize the risk of membership inference, look at techniques like differential privacy (adding noise to the data), adversarial training (training the model on regular and adversarial examples), and regularisation (preventing overfitting in the model). Regarding integrity, ML algorithms are vulnerable to tampering, leading to unauthorized changes to data or systems. If the system's integrity is altered, the data and firm guidance issued could be inaccurate, or the system could be non-compliant with client or regulatory requirements. Some forms of integrity attacks on AI/ML systems that should be considered are: • Data poisoning — This can compromise the quality or integrity of the data used to train or update an AI/ML model. The attacker manipulates the model's behavior or performance by injecting malicious or misleading data into the training set. To minimize the risk of data poisoning, verify the source and validity of your data, use data cleaning and preprocessing techniques, and monitor the model's accuracy and outputs. • Input manipulation — The attacker deliberately alters input data to mislead the AI/ML model. To minimize risk, leverage input validation, such as checking the input data for anomalies (unexpected values or patterns) and rejecting inputs that are likely to be malicious. • Adversarial attacks — The goal here is to cause the AI/ML model to make a mistake, a misclassification, or even perform a new task by including alterations in the input, leading the AI/ML model to make incorrect predictions. As the AI/ML model operates on previously seen data, this data quality significantly impacts the resulting models' performance. To minimize risk, define your threat model, validate and sanitize your inputs, train your model with adversarial examples, and monitor and audit your outputs. • Supply chain — Similar to software development, AI/ML model tech stacks rely on various third-party libraries that S E C U R I N G T H E U S E O F A R T I F I C I A L I N T E L L I G E N C E A N D M A C H I N E L E A R N I N G ( A I / M L ) I N L E G A L S E R V I C E S If the system's integrity is altered, the data and firm guidance issued could be inaccurate, or the system could be non- compliant with client or regulatory requirements.