Awesome AI Security

A curated list of AI security resources inspired by awesome-adversarial-machine-learning & awesome-ml-for-cybersecurity.

Legend:

Type	Icon
Research
Slides
Video
Website / Blog post
Code
Other

Keywords:

• Adversarial examples
• Evasion attacks
• Poisoning attacks
• Feature selection
• Tutorials
• Misc
• Code
• Links

▲ Adversarial examples

Type	Title
	Explaining and Harnessing Adversarial Examples
	Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
	Delving into Transferable Adversarial Examples and Black-box Attacks
	On the (Statistical) Detection of Adversarial Examples
	The Space of Transferable Adversarial Examples
	Adversarial Attacks on Neural Network Policies
	Adversarial Perturbations Against Deep Neural Networks for Malware Classification
	Crafting Adversarial Input Sequences for Recurrent Neural Networks
	Practical Black-Box Attacks against Machine Learning
	Adversarial examples in the physical world
	Robust Physical-World Attacks on Deep Learning Models
	Can you fool AI with adversarial examples on a visual Turing test?
	Synthesizing Robust Adversarial Examples
	Defensive Distillation is Not Robust to Adversarial Examples
	Vulnerability of machine learning models to adversarial examples
	Adversarial Examples for Evaluating Reading Comprehension Systems
	Adversarial Examples and Adversarial Training by Ian Goodfellow at Stanford
	Tactics of Adversarial Attack on Deep Reinforcement Learning Agents
	Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
	Did you hear that? Adversarial Examples Against Automatic Speech Recognition
	Adversarial Manipulation of Deep Representations
	Exploring the Space of Adversarial Images
	Note on Attacking Object Detectors with Adversarial Stickers
	Adversarial Patch
	LOTS about Attacking Deep Features
	Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN
	Adversarial Images for Variational Autoencoders
	Delving into adversarial attacks on deep policies
	Simple Black-Box Adversarial Perturbations for Deep Networks
	DeepFool: a simple and accurate method to fool deep neural networks

▲ Evasion

Type	Title
	Query Strategies for Evading Convex-Inducing Classifiers
	Evasion attacks against machine learning at test time
	Automatically Evading Classifiers A Case Study on PDF Malware Classifiers
	Looking at the Bag is not Enough to Find the Bomb: An Evasion of Structural Methods for Malicious PDF Files Detection
	Generic Black-Box End-to-End Attack against RNNs and Other API Calls Based Malware Classifiers
	Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
	Fast Feature Fool: A data independent approach to universal adversarial perturbations
	One pixel attack for fooling deep neural networks
	Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition
	RHMD: Evasion-Resilient Hardware Malware Detectors

▲ Poisoning

Type	Title
	Poisoning Behavioral Malware Clustering
	Efficient Label Contamination Attacks Against Black-Box Learning Models
	Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization

▲ Feature selection

Type	Title
	Is Feature Selection Secure against Training Data Poisoning?

▲ Tutorials

Type	Title
	Breaking Into AI Security: A Beginner's Guide to Adversarial Machine Learning
	Practical Guide to Adversarial Robustness
	Adversarial Machine Learning Tutorial – MIT OpenCourseWare
	Adversarial Robustness – Theory and Practice (NeurIPS Tutorial)
	Adversarial Robustness Toolbox (ART) – End-to-end tutorial notebooks
	CleverHans Tutorials – Step-by-step adversarial example construction with MNIST
	Threat Modeling for Machine Learning Systems
	Google's Rules of Machine Learning – Security and Reliability Best Practices
	Foolbox Quickstart – Crafting adversarial images in a few lines of Python
	Hands-On Machine Learning Security: Attacks, Defenses, and Evaluation (USENIX)
	Building Secure ML Pipelines: Practical Hardening Techniques
	MITRE ATLAS – Adversarial Threat Landscape for AI Systems (tactics & mitigations)
	TextFooler – Hands-on NLP adversarial attack and defense notebook
	Practical ML Security: Red-Teaming AI Models (DEF CON AI Village)
	A Gentle Introduction to Backdoor Attacks and Defenses in Deep Learning

▲ Misc

Type	Title
	Breaking Agent Backbones: Evaluating the Security of Backbone LLMs in AI Agents
	Can Machine Learning Be Secure?
	On The Integrity Of Deep Learning Systems In Adversarial Settings
	Stealing Machine Learning Models via Prediction APIs
	Data Driven Exploratory Attacks on Black Box Classifiers in Adversarial Domains
	Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
	A Methodology for Formalizing Model-Inversion Attacks
	Adversarial Attacks against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues
	Adversarial Data Mining for Cyber Security
	High Dimensional Spaces, Deep Learning and Adversarial Examples
	Neural Networks in Adversarial Setting and Ill-Conditioned Weight Space
	Adversarial Machines
	Adversarial Task Allocation
	Vulnerability of Deep Reinforcement Learning to Policy Induction Attacks
	Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
	Adversarial Robustness: Softmax versus Openmax
	DEF CON 25 - Hyrum Anderson - Evading next gen AV using AI
	Adversarial Learning for Good: My Talk at #34c3 on Deep Learning Blindspots
	Universal adversarial perturbations
	Camouflage from face detection - CV Dazzle

▲ Code

Type	Title
	CleverHans - Python library to benchmark machine learning systems vulnerability to adversarial examples
	Model extraction attacks on Machine-Learning-as-a-Service platforms
	Foolbox - Python toolbox to create adversarial examples
	Adversarial Machine Learning Library(Ad-lib)
	Deep-pwning
	DeepFool
	Universal adversarial perturbations
	Malware Env for OpenAI Gym
	Exploring the Space of Adversarial Images
	StringSifter - A machine learning tool that ranks strings based on their relevance for malware analysis
	CAI - Cybersecurity AI framework for autonomous security testing
	dstack - Confidential AI framework for secure ML/LLM deployment with hardware-enforced isolation and data privacy
	ClawMoat - Open-source runtime security scanner for AI agents. Detects prompt injection, jailbreak, PII leakage, memory poisoning, and tool misuse
	SkillFortify - Formal analysis and supply chain security for agentic AI skills. Sound static analysis, SAT-based dependency resolution, trust scoring, CycloneDX ASBOM. 5 theorems, F1=96.95%, 0% FP rate

▲ Links

Type	Title
	EvadeML - Machine Learning in the Presence of Adversaries
	Adversarial Machine Learning - PRA Lab
	Adversarial Examples and their implications

👋 About Me

AI Security • Cloud Security • Autonomous Systems • Drone Engineering

I'm a security-minded engineer pursuing my Master's in Artificial Intelligence, specializing in autonomous vehicle flight security and adversarial machine learning. I curate this list to help the security community stay current on threats, defenses, and research at the intersection of AI and cybersecurity.

Mission: Securing AI-driven systems — from hardening models against adversarial attacks to protecting autonomous platforms and cloud-native AI pipelines against real-world threats.

Areas I'm interested in collaborating on:

• 🛡️ AI/ML security research and adversarial robustness
• 🤖 Autonomous systems security (UAVs, robotics, self-driving)
• ☁️ Cloud security for AI workloads and MLOps pipelines
• 🔍 Red-teaming and adversarial testing of AI models
• 📡 Drone engineering and secure flight systems

Connect:

• 🐙 GitHub: @abooker30126