Navigating Skynet with MITRE ATLAS

Summary

With the rapid improvements in AI, many companies are moving quickly to integrate it into new or existing technology stacks. While leveraging AI can allow you and your organization to streamline processes and improve your customers' lives, it also adds an extra facet to your cyber-attack surface. As with all other facets of your attack surface, threat actors are already figuring out ways to exploit, manipulate, and otherwise target it. So that begs the question: how are hackers targeting AI, and what can your company do to both protect your own AI-driven products and better vet the AI-driven products of your third-party vendors? Thankfully, the great people at MITRE are already on the case and have published the Mitre ATLAS to assist with this endeavor.  

What is Mitre ATLAS?

MITRE ATLAS (Adversarial Threat Landscape for Artificial Intelligence Systems) is effectively the MITRE ATT&CK matrix for Artificial Intelligence Systems. Per their website, it is defined as “a globally accessible, living knowledge base of adversary tactics and techniques against Al-enabled systems based on real-world attack observations and realistic demonstrations from Al-red teams and security groups.” As with the MITRE ATT&CK Matrix, MITRE ATLAS breaks down how a threat actor can target an AI system into a series of tactics and techniques. You will find that many tactics carry over from the MITRE ATT&CK Matrix. However, there are some AI-specific ones, such as “ML Model Access” and “ML Attack Staging.” The techniques on the other hand are largely unique to AI systems and include such topics as “LLM Prompt Injection”, “Craft Adversarial Data”, and “Discover ML Data”. In a later blog post, we will discuss in more technical detail how to execute these techniques.  The use cases for ATLAS are manifold, but for the purpose of this blog, we’ll focus on two: Internal threat modeling/hunting and third-party vendor review. 

Internal Threat Modeling and Hunting 

This use case applies to those organizations that are building their own AI-enabled products. Leveraging MITRE ATLAS, you can run through threat modeling exercises to ensure your product is hardened against common attack scenarios. In fact, Mitre ATLAS already provides fully fleshed out scenarios from Red Team exercises and real-world hacks to get you started on your threat modeling journey. In addition to helping harden your AI enabled products; MITRE ATLAS can also be leveraged to inform threat hunting and detection engineering just as the MITRE ATT&CK matrix does for more traditional networks. By understanding how threat actors are targeting AI-enabled tools, you can begin developing hunt hypotheses to proactively detect threats before they can wreak havoc on your product 

Third-Party Vendor Review 

This use case applies to those organizations that are purchasing AI-enabled third-party tools. Most companies have some sort of vendor due diligence process wherein they ask a series of security questions or to see relevant security documentation. This review aims to ensure that the vendor is equipped to adequately protect the data the company is entrusting to them. However, AI is such a new topic that security documentation or existing security questionnaires will not be enough to address the risk to AI systems. This is where MITRE ATLAS can come into play. You can update your security questionnaires to ask how the company is working to harden its AI model against the outlined tactics and techniques. Additionally, you can ask what proactive measures the company is taking to detect and respond to such threats.  

Conclusion 

AI can open up many fun and exciting possibilities for your organization. However, whether you are building or buying, it does add an extra facet to your cyber-attack surface. Growing familiar with MITRE ATLAS will help your organization understand the threats AI products face and the steps necessary to keep your organization and its data safe.