<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1093547011;
mso-list-template-ids:455082254;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1027" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><b>NIST Trustworthy and Responsible AI Report Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations<o:p></o:p></b></p>
<p>Artificial Intelligence (AI) systems have been on a global expansion trajectory, with the pace of development and the adoption of AI systems accelerating in recent years. These systems are being developed by and widely deployed into economies across the
globe—leading to the emergence of AI-based services across many spheres of people’s lives, both real and virtual. As AI systems permeate the digital economy and become essential parts of daily life, the need for their secure, robust, and resilient operation
grows.<o:p></o:p></p>
<p>Despite the significant progress of AI and machine learning (ML) in different application domains, these technologies remain vulnerable to attacks. The consequences of attacks become more dire when systems depend on high-stakes domains and are subjected
to adversarial attacks. NIST’s Trustworthy and Responsible AI Report, <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2Fpubs%2Fai%2F100%2F2%2Fe2025%2Ffinal&data=05%7C02%7Ccaice-csse%40eng.auburn.edu%7C76bdea8de7a54077ec5308dd6c66c013%7Cccb6deedbd294b388979d72780f62d3b%7C0%7C0%7C638785910740927802%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=yqb9AztG7NNOTYwMGpOw2lcfP5dZfL%2Frv8tLzENtOA4%3D&reserved=0" originalsrc="https://csrc.nist.gov/pubs/ai/100/2/e2025/final">
Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations</a> (NIST AI 100-2) targets this issue and offers voluntary guidance relative to identifying, addressing, and managing the risks associated with adversarial machine learning
(AML). It also shares guidance for the development of:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Standardized terminology in adversarial ML (AML) to be used by the ML and cybersecurity communities<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
A taxonomy of the most widely studied and effective attacks in AML, including: <o:p>
</o:p></li><ul type="circle">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
Evasion, poisoning, and privacy attacks for Predictive AI (PredAI) systems<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
Evasion, poisoning, privacy, and misuse attacks for Generative AI (GenAI) systems<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level2 lfo1">
Attacks against all viable learning methods (e.g., supervised, unsupervised, semi-supervised, federated learning, reinforcement learning) across multiple data modalities<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
A discussion of potential mitigations in AML and the limitations of some existing mitigation techniques<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
An Index and Glossary to help understanding, navigating and referencing the taxonomy.<o:p></o:p></li></ul>
<p>The intended primary audience for this report includes individuals and groups who are responsible for designing, developing, deploying, evaluating, and governing AI systems. NIST plans to update this report annually as new developments emerge over time.
NIST is working with partners from the U.S. AI Safety and the U.K. AI Security Institutes, industry and academia to develop and maintain this report.<o:p></o:p></p>
<p><a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2FNews%2F2025%2Fnist-ai-100-2-adversarial-machine-learning-taxonom&data=05%7C02%7Ccaice-csse%40eng.auburn.edu%7C76bdea8de7a54077ec5308dd6c66c013%7Cccb6deedbd294b388979d72780f62d3b%7C0%7C0%7C638785910743931762%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=M%2FFPvbg3vuBc8yKEXnWs6nxwIhsT29sXHuOfTNtVnIw%3D&reserved=0" originalsrc="https://csrc.nist.gov/News/2025/nist-ai-100-2-adversarial-machine-learning-taxonom">https://csrc.nist.gov/News/2025/nist-ai-100-2-adversarial-machine-learning-taxonom</a>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>