Core security principles in the ML context
Secure foundations for brilliant models
Machine learning systems can be brilliant, but without a solid foundation in security, even the smartest models can become the weakest link.
Before building secure ML workflows, you need to understand the foundational security principles that take on unique dimensions in machine learning: confidentiality, integrity, authentication, non-repudiation, and service integrity.

Confidentiality
Definition: Ensuring that sensitive data and model assets are accessible only to authorised users or systems.In ML, this includes:
- Protecting training datasets containing personal or proprietary information.
- Preventing exposure of model parameters (intellectual property).
- Ensuring inference outputs (API responses) don’t unintentionally leak patterns.
Example
A financial institution trains a credit risk model using customer income data. Without strict access controls, a leak could expose private financial histories, damaging reputation and compliance standing.
Integrity
Definition: Ensuring that data and models are accurate, consistent, and have not been altered by unauthorised sources.In ML, this applies to:
- Verifying that training data hasn't been tampered with (poisoned).
- Ensuring models remain unchanged from training to deployment.
- Detecting manipulation of outputs (adversarial inputs).
Example
A healthcare model identifies early-stage cancers. If training data is modified (e.g., malignant images relabeled as benign), model predictions could become dangerously unreliable.
Authentication
Definition: Verifying the identity of users or systems interacting with an ML environment.In ML, this includes:
- Controlling access to model APIs or training environments.
- Enforcing Multi-Factor Authentication (MFA) for developers.
- Validating automated systems that run training or deployment steps.
Example
Unauthorised access to a model registry could allow attackers to replace a product recommendation engine with a malicious version, redirecting users or stealing data.
Non-repudiation
Definition: Ensuring that actions within a system can be traced to an identifiable entity and cannot be denied later.In ML, this is crucial for:
- Tracking changes to models, datasets, or configuration files.
- Logging access events across environments.
- Supporting regulatory audits and incident investigations.
Example
After a traffic prediction system failure, non-repudiation logs help confirm which engineer modified the pipeline and whether the update was properly tested.
Service integrity
Definition: Ensuring that deployed models perform as intended and remain resistant to tampering, degradation, or misuse.In ML, this is about:
- Preventing unauthorised model modifications or swaps post-deployment.
- Detecting adversarial inputs designed to trick the model.
- Monitoring for model drift that degrades service quality over time.
Example
A fraud detection model starts missing suspicious activity. Investigation reveals that subtle adversarial inputs are being used to bypass the model, breaching service integrity.
Integrity vs. Service Integrity
Integrity is about building the right model (protecting files and data). Service Integrity is about keeping it trustworthy in the real world (protecting behavior post-deployment).