Understanding threats across the ML Lifecycle
Every phase is an attack surface
Machine learning systems may look seamless on the surface, but under the hood, each phase of the ML lifecycle is a potential attack surface waiting to be exploited.
From collecting raw data to maintaining models in production, every stage introduces unique vulnerabilities. In this section, you'll explore the most common threats faced during each phase of an ML workflow.

1. Data collection and ingestion threats
Security begins at the data source. Vulnerabilities in early-stage data handling can silently corrupt performance or expose sensitive info.
- Data poisoning: Malicious data is inserted into training sets to manipulate outputs. (Impact: Integrity)
- Data leakage: Sensitive or PII is accidentally included in features. (Impact: Confidentiality)
- Insecure pipelines: Data is transferred without encryption or validation. (Impact: Confidentiality, Authentication)
Example: Leakage
A churn model includes raw customer notes containing health details, violating privacy policies and exposing the company to legal risk.
2. Model training threats
The training phase is a high-value target for external and insider attacks due to privileged access and large datasets.
- Insider threats: Authorized individuals inject malicious code or exfiltrate data. (Impact: Authentication, Non-repudiation)
- Model inversion: Attackers reconstruct training data by analyzing outputs. (Impact: Confidentiality)
- Insecure environments: Weakly configured infrastructure allows access to model artifacts. (Impact: Confidentiality, Integrity)
3. Model evaluation threats
Failing to sanitize outputs or protect logs can give attackers the tools they need to reverse-engineer your system.
- Unintended exposure: Reports or tools reveal sensitive data. (Impact: Confidentiality)
- Evaluation-time attacks: Carefully crafted inputs reveal model structure or vulnerabilities. (Impact: Service Integrity)
4. Deployment threats
Deployment opens the door to adversarial manipulation and model theft.
- Adversarial input attacks: Modified inputs trick the model into wrong predictions. (Impact: Service Integrity)
- Model theft (Extraction): Replicating your model by repeatedly querying it. (Impact: Confidentiality)
- Unauthorised access: Exploiting unsecured APIs or endpoints. (Impact: Authentication)
5. Monitoring and maintenance threats
Without active security monitoring, systems are vulnerable to subtle, long-term threats.
- Membership inference: Determining if specific points were in the training set. (Impact: Confidentiality)
- Drift exploitation: Exploiting behavior changes over time to find weaknesses. (Impact: Service Integrity)
- Lack of audit trails: Missing logs make it impossible to attribute changes. (Impact: Non-repudiation)
Type your reflection here...
Type your reflection here...