The AIAS consortium is pleased to announce the completion of Deliverable D3.2 – “Taxonomy of Adversarial AI Attacks”, developed under Task 3.3. This deliverable represents a significant step forward in understanding and systematically organizing the rapidly evolving landscape of adversarial threats targeting Artificial Intelligence and Machine Learning systems.
Building a Comprehensive View of Adversarial AI Threats
The main objective of D3.2 is to document and analyse adversarial AI attacks across multiple application domains, providing both a scientific overview and a structured classification framework. The work conducted up to Month 24 focuses on mapping the current threat landscape and enabling a clearer understanding of how AI systems are targeted in real-world environments.
Key Achievements
Within this deliverable, the consortium successfully developed:
📚 Extensive Survey of Adversarial AI Attacks
A broad literature survey covering adversarial attacks across diverse application domains, capturing the state-of-the-art techniques, trends, and research directions.
🧩 Large-Scale Attack Taxonomy
A structured classification of adversarial AI attacks based on distinctive characteristics, including:
- Attacker knowledge of the AI/ML model (e.g., black-box, grey-box, white-box)
- Attack timing (e.g., training-time, inference-time)
- Application domain and operational context
This taxonomy enables consistent comparison, evaluation, and future extension of adversarial attack knowledge within the AIAS ecosystem and beyond.
Methodology and Scientific Rigor
Beyond presenting results, Deliverable D3.2 provides a detailed description of the methodology followed during the survey and classification process. This ensures transparency, reproducibility, and scientific robustness, supporting future research and development activities in adversarial AI security.
Integration within the AIAS Framework
The deliverable also establishes clear links with other AIAS tasks and deliverables, ensuring alignment with the project’s overall architecture and objectives as defined in the Grant Agreement. This integrated approach strengthens the foundation for subsequent research, development, and implementation activities across the AIAS technical work packages.
Supporting the AIAS Vision
By systematically analysing and classifying adversarial AI threats, D3.2 contributes directly to the AIAS mission of advancing:
- AI for Cybersecurity
- Cybersecurity for AI
The taxonomy developed in this deliverable provides a strategic knowledge base that supports the design of robust defensive mechanisms, including deception technologies and secure AI system architectures.