What You’ll Learn: AI Attack & Defense
Shift from *defensive hope* to *offensive verification*—testing your models like a real adversary would, before they do.
Evasion Attacks
Craft perturbations (FGSM, PGD, C&W) to fool classifiers—image, NLP, tabular—while preserving semantics.
Poisoning & Backdoors
Inject Trojan triggers during training (TrojanNet, BadNets); detect via spectral signatures & activation clustering.
Model Extraction & Theft
Steal model logic via query-based APIs (Knockoff Nets); defend with watermarking & query throttling.
Robustness Hardening
Apply adversarial training, input sanitization, certified defenses, and runtime monitoring.
Who Should Enroll?
For professionals responsible for the integrity, safety, and trustworthiness of AI in production.
- ML engineers & MLOps leads
- Security researchers & red-teamers
- AI risk & compliance officers
- Product security leads (AI/ML products)
- Defense, finance, and healthcare AI teams
- PhD researchers in trustworthy AI
Security Red-Team Projects
Evasion Attack on Medical Imaging Classifier
Generate clinically imperceptible perturbations to misclassify tumors—then harden via adversarial training.
Backdoor Injection in Credit Scoring Model
Implant a Trojan trigger (e.g., ZIP code → approval override); detect using activation clustering.
🛡️ MITRE ATLAS
Full Red-Team Report (Autonomous Vehicle Perception)
Simulate multi-stage attack (sensor spoofing → object misclassification → control override); propose mitigations.
3-Week Adversarial ML Syllabus
~30 hours • PyTorch + Adversarial Robustness Toolbox (ART) • MITRE ATLAS mapping • 1:1 mentor
Week 1: Threat Landscape & Evasion Attacks
- MITRE ATLAS taxonomy: TTPs for adversarial ML
- White-box vs. black-box threat models
- Gradient-based attacks: FGSM, PGD, C&W
- Lab: Fool a ResNet on ImageNet with <5% pixel change
Week 2: Poisoning, Backdoors & Model Extraction
- Data poisoning: label flipping, feature collision
- Backdoor attacks: BadNets, TrojanNet, clean-label poisoning
- Model extraction: query-based, API theft, membership inference
- Lab: Inject & detect a backdoor in a sentiment classifier
Week 3: Defense, Red-Teaming & Governance
- Defenses: adversarial training, input preprocessing, certified robustness
- Red-team playbook: scoping, execution, reporting, remediation
- AI security governance: incident response, model registries, audit trails
- Capstone: Deliver a red-team report to a mock CISO
NSTC‑Accredited Certificate
Recognized by GIAC, Offensive AI Consortium, and NIST AI Safety Institute for adversarial ML competency.
Frequently Asked Questions
No—this course starts from ML fundamentals and builds threat intuition. We provide guided Jupyter labs (PyTorch + ART toolkit) with pre-built attack/defense modules. You’ll learn to think like an attacker without needing prior pentesting experience.
Yes. Content aligns with GIAC GAWN, Offensive AI Red Team Cert, and NIST AI RMF security controls. Labs include MITRE ATLAS mapping, threat modeling templates, and incident response playbooks used in real-world red-team engagements.
