Despite the large body of academic work on machine learning security, little is known about the occurrence of attacks on machine learning systems in the wild. In this paper, we report on a quantitative study with 139 industrial practitioners. We analyze attack occurrence and concern and evaluate statistical hypotheses on factors influencing threat perception and exposure. Our results shed light on real-world attacks on deployed machine learning. On the organizational level, while we find no predictors for threat exposure in our sample, the amount of implement defenses depends on exposure to threats or expected likelihood to become a target. We also provide a detailed analysis of practitioners' replies on the relevance of individual machine learning attacks, unveiling complex concerns like unreliable decision making, business information leakage, and bias introduction into models. Finally, we find that on the individual level, prior knowledge about machine learning security influences threat perception. Our work paves the way for more research about adversarial machine learning in practice, but yields also insights for regulation and auditing.

As more and more systems leverage ML models in their decision-making processes, it will become increasingly important to consider how malicious actors might exploit these models, and how to design defenses against those attacks. The purpose of this post is to share some of my recent learnings on this topic. The explosion of available data, processing power, and innovation in the ML space have resulted in ML ubiquity. It's actually quiet easy to build these models given the proliferation of open source frameworks and data (this tutorial takes someone from zero ML/programming knowledge to 6 ML models in about 5-10 minutes). Further, the ongoing trend from cloud providers to offer ML as a service is enabling customers to build solutions without needing to ever write code or understand how it works under the hood.

Machine learning security is an emerging concern for companies, as recent research by teams from Google Brain, OpenAI, US Army Research Laboratory and top universities has shown how machine learning models can be manipulated to return results fitting the attacker's desire. One area of significant finding has been in image recognition models. Image recognition is one of the stalwarts of machine learning and deep learning systems, allowing for superhuman performance on classification tasks and enabling proofs of concept in autonomous vehicles. Recent highly successful research showing the exploitation of image recognition models, specifically convolutional neural networks, is especially troubling for autonomous vehicles as attackers could theoretically take control of vehicles, or at least cause them to lose control. Advancements by Geoffrey Hinton and team address a few of the key problems plaguing convolutional neural networks, or CNNs, (more on that below), however, definitive research has not yet been performed to check if they fix the security problems. I'll outline several security issues that exist in current algorithmic deployments and then walk through some steps to take in order to provide assurance over algorithmic integrity.

Today, hackers are winning the game, and the long list of successful breaches is their scorecard. Traditional endpoint security can't keep up. Outdated perimeter defenses are being rendered ineffective. And the approaches of many security vendors are only designed to fill the holes in the boat as it sinks to the bottom. Artificial intelligence (AI) and machine learning security tools, combined with human expertise, offer a better way forward.

UK-based security technology company Sophos (OTC:SPHHF) (LSE: SOPH) has announced an agreement to acquire Invincea's software business for up to $120 million in total consideration. Invincea has developed security software that utilizes machine learning and behavioral modeling to quickly detect and react to endpoint, perimeter threats and malware attacks. The technology is a necessary upgrade to the Sophos Central product line and also provides middle market focused Sophos with a foothold in the small business market through the addition of Invincea's customer base. Fairfax, Virginia-based Invincea was founded in 2009 by CEO Anup Ghosh to focus on endpoint threat detection, prevention, and analysis. The company provides security software to more than 25,000 small and medium enterprise customers through its antivirus'X' system that'combines machine learning and behavioral monitoring to eliminate endpoint security blind spots without sacrificing usability.'

This past Saturday, September 24th, the first episode of Cyber Talk Radio hit the airwaves on 1200 WOAI and iHeartRadio streaming. To open the discussion we covered a machine learning background including mentions of TensorFlow, Watson, Tay, and many other examples of consumer facing AI as well as developer tools to build your own systems. After establishing a baseline we started to discuss the impact machine learning (aka. When the internet began you'd directly connect to it just like a big "home network" from a trust perspective. As more people connected and port scanners such as nmap became available the need for a firewall appeared.