Summary

For penetration testers to assess the security of systems utilizing Machine Learning (ML) deployments, it is crucial to gain a deep understanding of the types of security vulnerabilities that may arise within them, how ML systems interact with traditional systems, and how these interactions may result in security issues. This module provides a broad introduction to security assessments of ML-based systems and generative AI.

In more detail, this module covers the following:

ML OWASP Top 10
LLM OWASP Top 10
Attacking ML-based systems and their components

This module is broken into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading", but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

A firm grasp of the following modules can be considered a prerequisite for the successful completion of this module:

Fundamentals of AI
Applications of AI in InfoSec

Introduction to Red Teaming ML-based Systems

To assess the security of ML-based systems, it is essential to have a deep understanding of the underlying components and algorithms. Due to the significant complexity of these systems, there is much room for security issues to arise. Before discussing and demonstrating techniques we can leverage when assessing the security of ML-based systems, it is crucial to lay a proper foundation for security assessments of ML-based systems. These systems encompass different interconnected components. In the remainder of this module, we will explore a broad overview of security risks and attack vectors in each of them.

What is Red Teaming?

Traditionally, when discussing security assessments of IT systems, the most common type of assessment is a Penetration Test. This type of assessment is typically a focused and time-bound exercise aimed at discovering and exploiting vulnerabilities in specific systems, applications, or network environments. Penetration testers follow a structured process, often using automated tools and manual testing techniques to identify security weaknesses within a defined scope. A penetration test aims to determine if vulnerabilities exist, whether they can be exploited, and to what extent. It is often carried out in isolated network segments or web application instances to avoid interference with regular users.

Commonly, there are two additional types of security assessment: Red Team Assessments and Vulnerability Assessments.

Vulnerability assessments are generally more automated assessments that focus on identifying, cataloging, and prioritizing known vulnerabilities within an organization's infrastructure. These assessments typically do not involve exploitation but instead focus on the identification of security vulnerabilities. They provide a comprehensive scan of systems, applications, and networks to identify potential security gaps that could be exploited. These scans are often the result of automated scans using vulnerability scanners such as Nessus or OpenVAS. Check out the Vulnerability Assessment module for more details.

The third type of assessment, and the one we will focus on throughout this module, is a Red Team Assessment. This describes an advanced, adversarial simulation where security experts, often called the red team, mimic real-world attackers' tactics, techniques, and procedures (TTPs) to test an organization's defenses. The red team's goal is to exploit technical vulnerabilities and challenge every aspect of security, including people and processes, by employing social engineering, phishing, and physical intrusions. Red team assessments focus on stealth and persistence, working to evade detection by the defensive blue team while seeking ways to achieve specific objectives, such as accessing sensitive data or critical systems. This exercise often spans weeks to months, providing an in-depth analysis of an organization's overall resilience against sophisticated threats.

For more details, check out the Introduction to Information Security module.

Red Teaming ML-based Systems

Unlike traditional systems, ML-based systems face unique vulnerabilities because they rely on large datasets, statistical inference, and complex model architectures. Thus, red team assessments are often the way to go when assessing the security of ML-based systems, as many advanced attack techniques require more time than a typical penetration test would last. Furthermore, ML-based systems are comprised of various components that interact with each other. Often, security vulnerabilities arise at these interaction points. As such, including all these components in the security assessment is beneficial. Determining the scope of a penetration test for an ML-based system can be difficult. It may inadvertently exclude specific components or interaction points, potentially making particular security vulnerabilities impossible to reveal.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.

Sections

Introduction to Red Teaming ML-based Systems PREVIEW
Attacking ML-based Systems (ML OWASP Top 10)
Manipulating the Model
Attacking Text Generation (LLM OWASP Top 10)
Red Teaming Generative AI
Attacking Model Components
Attacking Data Components
Attacking Application Components
Attacking System Components
Skills Assessment

Relevant Paths

This module progresses you towards the following Paths

AI Red Teamer

The AI Red Teamer Job Role Path, in collaboration with Google, trains cybersecurity professionals to assess, exploit, and secure AI systems. Covering prompt injection, model privacy attacks, adversarial AI, supply chain risks, and deployment threats, it combines theory with hands-on exercises. Aligned with Google’s Secure AI Framework (SAIF), it ensures relevance to real-world AI security challenges. Learners will gain skills to manipulate model behaviors, develop AI-specific red teaming strategies, and perform offensive security testing against AI-driven applications. The path will be gradually expanded with related modules until its completion.

Hard

59 Sections

Required: 70

Reward: +30

3 Modules included

Fundamentals of AI

Medium

24 Sections

Reward: +10

This module provides a comprehensive guide to the theoretical foundations of Artificial Intelligence (AI). It covers various learning paradigms, including supervised, unsupervised, and reinforcement learning, providing a solid understanding of key algorithms and concepts.

Applications of AI in InfoSec

Medium

25 Sections

Reward: +10 NEW

This module is a practical introduction to building AI models that can be applied to various infosec domains. It covers setting up a controlled AI environment using Miniconda for package management and JupyterLab for interactive experimentation. Students will learn to handle datasets, preprocess and transform data, and implement structured workflows for tasks such as spam classification, network anomaly detection, and malware classification. Throughout the module, learners will explore essential Python libraries like Scikit-learn and PyTorch, understand effective approaches to dataset processing, and become familiar with common evaluation metrics, enabling them to navigate the entire lifecycle of AI model development and experimentation.

Introduction to Red Teaming AI

Medium

10 Sections

Reward: +10 NEW

This module provides a comprehensive introduction to the world of red teaming Artificial Intelligence (AI) and systems utilizing Machine Learning (ML) deployments. It covers an overview of common security vulnerabilities in these systems and the types of attacks that can be launched against their components.