Back to Glossary

Adversarial Machine Learning

What is Adversarial Machine Learning?

Adversarial machine learning (AML) is the study of attacks that manipulate machine learning (ML) models by crafting specially designed inputs, corrupting training data, or extracting model information to cause incorrect predictions, bypass classifiers, or steal model intellectual property. As ML models are deployed in security-critical applications — malware detection, fraud scoring, identity verification, autonomous driving, and medical diagnosis — adversarial attacks against these models represent a new class of security risk that combines AI research with offensive security. Adversarial machine learning intersects with AI security, data poisoning, and AI red teaming as overlapping domains.

Description

Adversarial machine learning attacks fall into three primary categories. Evasion attacks manipulate inputs at inference time to cause a model to misclassify them — the classic adversarial example, where imperceptible pixel changes cause an image classifier to misidentify a stop sign as a speed limit sign, or where subtle modifications to a malware sample cause a malware classifier to label it as benign. In cybersecurity, evasion attacks against ML-based malware detection have been demonstrated to bypass endpoint protection products with high success rates. Data poisoning attacks corrupt training data to manipulate model behavior — either degrading overall model performance or implanting targeted backdoors. Model extraction attacks systematically query a model's API to infer its architecture and weights, enabling the attacker to steal model intellectual property or create a local copy for offline adversarial testing. Model inversion attacks attempt to reconstruct training data from model outputs — a privacy risk relevant to models trained on sensitive personal data. The cybersecurity industry's heavy reliance on ML for threat detection makes adversarial machine learning directly relevant to defender effectiveness: if threat detection models can be evaded through adversarial input crafting, malware authors have a systematic technique for defeating signature-free detection. This connects offensive security research to the reliability of MDR and SOC detection tools.

Usage and Examples

A security researcher analyzes a commercially deployed endpoint protection product's ML-based detection engine by creating modified malware samples that preserve malicious functionality while evading the classifier. Using a black-box evasion technique — submitting variants and observing whether they are flagged — the researcher identifies which file characteristics the model weighs most heavily and creates a variant that scores below the detection threshold. The modified malware sample achieves the same payload execution as the original but evades detection on 8 of 10 tested AV engines. This class of research has been published at security conferences including DEF CON and Black Hat, and the techniques are incorporated into malware development frameworks used by advanced threat actors. Understanding adversarial ML techniques is essential for security teams evaluating AI-based detection products and for red teams that need to assess whether their simulated attack payloads would evade deployed ML-based defenses.

How Does This Relate to Penetration Testing?

Adversarial machine learning is an emerging frontier for offensive security practitioners. In AI penetration testing engagements, evaluating whether an AI-based security product or application can be evaded through adversarial input crafting is a specialized assessment that requires both ML expertise and offensive security methodology. For organizations deploying AI-based fraud detection, identity verification, or access control systems, adversarial robustness testing — validating that the model performs correctly under adversarial input conditions — is a critical pre-deployment security gate. The guide to testing for prompt injection provides a starting point for AI security testing methodology that extends into adversarial ML assessment for more complex model deployments. Evolve Security's AI Penetration Testing service includes adversarial robustness testing for ML-based applications — evaluating whether your AI systems maintain correct behavior under adversarial input conditions.

Access control

Advanced Persistent Threat

Adversarial Machine Learning

Adversary-in-the-Middle (AiTM) Attack

Agentic AI Security

AI-Powered Social Engineering

AI Red Teaming

AI Security

API Security

Application Penetration Testing

Assumed Breach

Attack Surface

Attack Surface Management (ASM)

Botnet

Broken Access Control

Business Email Compromise (BEC)

BYOD

CIS Controls

CIS RAM

Cloud computing

Cloud Security

Cloud Security Posture Management (CSPM)

COBIT

Command and Control (C2)

Container Escape

Continuous Threat Exposure Management (CTEM)

Credential Stuffing

Cryptocurrency

Cryptojacking

Cyber Attack

Cyber Maturity Model Certification (CMMC)

Cyber Resilience

Cyber Threat Intelligence

Darknet

Data Breach

Data Loss Prevention

Data Poisoning

DDoS Attack

Declaration of Conformity

Deepfake

Detection Engineering

DMZ

Encryption

Endpoint

Endpoint Detection and Response

Ethical Hacking Tools

Exposure Management

Firewall

Firmware Security

FISMA

Gap analysis

GDPR

Hacker

HIPAA

Hypervisor (VMM)

Identification

Identity Theft

Identity Threat Detection and Response (ITDR)

Incident Response

Infrastructure-as-a-Service (IaaS)

Initial Access Brokers

Insider Threat

Internal Penetration Testing

Intrusion detection system (IDS)

Intrusion Prevention System (IPS)

ISO 27001

Keyboard logger

Lateral Movement

LLM Jailbreak

Macro virus

Malicious Apps

Malware

Managed Detection and Response (MDR)

Managed Detection and Response (MDR)

MCP Security

Memory Safety Vulnerabilities

MTTD and MTTR

Multi-Factor Authentication (MFA)

Network Detection and Response (NDR)

Network Firewall

Network Penetration Testing

Network Security

Network Security Assessment

NIS2 and DORA Compliance

NIST Cybersecurity Framework

Non-Human Identity (NHI) Security

Offensive Security

Operational Technology (OT) Security

Password

Password Cracking

Patch Management

PCI DSS

Penetration Testing

Phishing

Phishing-Resistant Authentication

Platform-as-a-Service (PaaS)

Post-Quantum Cryptography (PQC)

Privilege Escalation

Prompt Injection

Proxy server

Previous term
No previous terms!
Next term
No next terms!

Start Playing Offense to Play Better Defense

Copyright © 2026 Evolve Security. Evolve Security is trademarked in the United States.
312-957-5682
123 N. Waker Dr., Suite: 2125 Chicago, IL 60606
info@evolvesecurity.com
Connect
Contact UsRequest a demo
Services
Services OverviewAI Penetration TestingApplication Penetration TestingCloud Penetration TestingNetwork Penetration TestingEmbedded SystemsRed TeamAdvisory
Platform
Darwin Attack OverviewRisk ScoringAsset & Threat IntelligenceHuman-In-The-LoopDashboards & ReportingPlatform Integrations
Resources
BlogsEventsVideosPodcasts
Company
AboutCareersEvolve AcademyPartner Program
Privacy PolicyTerms of ServiceVulnerability Disclosure PolicyReport Issue
AICPA SOC logo with text 'SOC for Service Organizations | Service Organizations' and website aicpa.org/soc4so.