Microsoft has launched an open source tool to help developers assess the security of their machine learning systems.
The Counterfit project, now available on GitHub, consists of a command-line tool and generic layer of automation to allow developers to simulate cyber attacks against AI systems.
Microsoft’s red team used Counterfit to test its own AI models, while the broader company is also investigating using the AI development tool.
Anyone can download the tool and deploy it through Azure Shell, to run in-browser, or locally in an Anaconda Python environment.
It can test AI models hosted in a variety of cloud, on-premises, or side-by-side environments. Microsoft also promotes its flexibility by highlighting the fact that it is agnostic to AI models and also supports a variety of data types, including text, images, or generic processing. input.
“Our tool makes published attack algorithms accessible to the security community and helps provide an extensive interface from which to generate, manage, and launch attacks. AI models, ”Microsoft said.
“This tool is part of Microsoft’s broader effort to empower engineers to safely develop and deploy AI systems.”
The three main ways that security professionals can move Counterfit is by testing pen and red groups of AI systems, scanning AI systems for vulnerabilities, and hacking attacks. log against AI models.
The tool comes preloaded with attack algorithms, while security professionals can also use the built-in cmd2 scripting engine to hook into Counterfit from existing offensive tools for these purposes. on trial.
Optionally, businesses can scan AI systems with related attacks any number of times to create baselines, with continuous operation as vulnerabilities are addressed, helping to measure ongoing progress.
Microsoft developed the tool out of a need to test its own systems for vulnerabilities. Counterfit started life as a small attack script written to target individual AI models, and gradually evolved into an automated tool to attack multiple systems in size.
The company claims that it engages with various partners, customers, and government entities to test the tool against machine learning models in their own environments.
Dennis Publishing News Service
Is it an area of interest? Tailored training for IT Professionals
The Irish Computer Society provides members with the necessary qualifications, skills and training necessary to succeed and excel within the profession.
Upcoming courses that may be of interest include:
- Certificate in Business Analysis-offers academic accreditation for business analysts by using proven business analysis techniques. Up to 100% available funding.
- European Certified Data Protection Officer (ECDPO) – This program is designed to equip Data Protection Officers with the necessary skills and abilities to address and maintain all aspects of data protection compliance.
- CDPP – Certified Data Protection Practitioner – Trust that your organization’s policies and procedures legally comply with data protection law by completing Ireland’s first certified data protection program.