Skip to main content

OWASP ML Top 10

ScopeMachine learning security risks
Use ForML-specific risk assessment
Linkowasp.org

The OWASP Machine Learning Security Top 10 addresses security risks specific to machine learning systems broadly, not limited to LLMs. While the LLM Top 10 focuses on language model applications, the ML Top 10 covers the full spectrum of ML deployments including computer vision, recommendation systems, anomaly detection, and predictive models. For AI red teamers, this framework is essential when the target includes classical ML components such as classifiers, object detectors, or fraud detection models that sit alongside or feed into LLM pipelines. It provides risk categories for adversarial attacks, data poisoning, model theft, and other threats that apply across all ML architectures. Used alongside the LLM Top 10, it ensures assessment coverage extends beyond text-based LLM interactions to the full AI/ML stack.

Key Components

  • ML04: Model Evasion covers adversarial inputs crafted to cause misclassification, including gradient-based attacks (FGSM, PGD, C&W) and black-box evasion techniques that exploit model transferability.
  • ML06: AI Supply Chain Attacks addresses risks from pre-trained models, third-party datasets, and ML pipeline dependencies that may introduce vulnerabilities or backdoors into production systems.
  • ML01: Input Manipulation focuses on the broader class of input-level attacks including adversarial examples, data injection, and feature-level perturbations that exploit how models process inputs.
  • ML07: Transfer Learning Attack covers risks specific to fine-tuning pre-trained models, where backdoors or biases in the base model transfer to downstream applications.
  • ML09: Output Integrity Attack addresses manipulation of model outputs through post-processing exploitation, confidence score manipulation, and output pipeline tampering.