Microsoft and Mitre have announced the release of a new tool designed to help cybersecurity professionals emulate attacks on machine learning (ML) systems.
Called Arsenal, the tool is a plugin for the Mitre ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework, a knowledge base of adversarial tactics, techniques, and case studies.
ATLAS is meant to raise awareness of the threats to ML systems, while Arsenal helps cybersecurity researchers store and create adversarial tactics, techniques, and procedures (TTPs) defined in ATLAS to interface with CALDERA, the cybersecurity platform that automates adversary emulation.
Arsenal uses Microsoft’s Counterfit automation tool for running artificial intelligence (AI) security risk assessments as an automated adversarial attack library and enables CALDERA to emulate attacks using the Counterfit library.
The integration of Arsenal into CALDERA is expected to help researchers identify novel vulnerabilities in the building blocks of ML workflows and come up with protections to prevent exploitation of ML systems.
At the moment, Arsenal includes a limited number of adversary profiles, based on publicly available information. Microsoft and Mitre plan to add new techniques and adversary profiles as researchers document new attacks on ML systems.
Arsenal can be used on systems running Ubuntu 18.04 or 20.04 and requires Python versions 3.7 or higher to work.
“As the world looks to AI to positively change how organizations operate, it’s critical that steps are taken to help ensure the security of those AI and machine learning models that will empower the workforce to do more with less of a strain on time, budget and resources,” Microsoft program manager Ram Shankar said.
Related: SecurityWeek Cyber Insights 2023 | Artificial Intelligence
Related: Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix
Related: Are Artificial Intelligence and Machine Learning Just a Temporary Advantage to Defenders?

More from Ionut Arghire
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
- GitHub Suspends Repository Containing Leaked Twitter Source Code
- Google Ventures Leads $16 Million Investment in Dope.security
Latest News
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- US to Adopt New Restrictions on Using Commercial Spyware
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
