What is Adversarial AI?
Adversarial AI refers to malicious attempts by hostile actors—such as foreign nation-states, cybercriminals, extremist groups, and corporate entities—to intentionally deceive or disrupt artificial intelligence (AI) systems. These attacks exploit vulnerabilities in the way AI algorithms are trained or interpret information.
Examples of adversarial AI include:
- Data poisoning: Tricking AI models by subtly changing input data (i.e., altering a photo so a law enforcement system misidentifies a suspect).
- Trojan attacks: Inserting hidden “backdoors” during AI training that enable systems to behave normally until activated by a trigger.
- AI model theft/exploitation: Stealing the internal logic of a U.S. AI system to build a rival system or to reverse-engineer the system to uncover weaknesses.
- AI data leakage: Making private or sensitive information accessible—violating privacy laws and exposing the personal data of Americans.
Adversaries are already working to poison sovereign data sources to slow future AI advancement by rivals.
A Systemic Risk
AI plays an increasingly crucial role in the protection of critical infrastructure sectors including defense, healthcare, financial services, and communications. The U.S. military and federal agencies are actively leveraging AI for critical tasks supporting surveillance, cybersecurity, battlefield decision-making, and secure communications.
While such AI tools can enhance productivity and speed response time, adversarial manipulation of AI can compromise classified information, lead to mission failures, and endanger American lives. Moreover, as AI use grows, the attack surface expands, multiplying potential cyberattack points.
The Threat to CBP’s Mission
The U.S. Customs and Border Protection (CBP) agency is enabling the integration of AI tools, automation, decision analysis, and eventually, appropriate AI augmentation of agents into its border security mission. This forward-looking approach holds the promise of realizing CBP’s automated-capable border of the future model, with full technology integration. However, as with any system harnessing the power of AI, there is a real risk that hostile actors will aim to target it with adversarial AI.
In the case of CBP, adversaries might employ various tactics to create chaotic environments—such as errant learning models making incorrect decisions, missed map points, sensors failing to trigger at the levels needed, and learned predictive models failing to alert for an overflow or surge crossing point. Introducing these gaps and friction into the border security system, in turn, would create opportunities for terrorists, smugglers, human traffickers, and other criminals to exploit.
AI Security is Essential to Border Security
Proactive defense against adversarial AI is therefore essential to fortifying CBP’s border of the future model, and data provenance protection—ensuring the integrity, authenticity, and traceability of data throughout its lifecycle—is the critical next phase. Building early data and learning protection into AI models defends against adversaries entering CBP networks, altering CBP data, and even stealing encrypted CBP data with an intent to eventually decrypt and access it years in the future.
Ongoing Defensive Research
Peraton’s ongoing research and development, in partnership with U.S. government agencies, points to promising avenues for countering adversarial AI threats and ensuring data provenance protection including:
- Trojan detection for AI systems: Peraton built automatic scanning systems that detect hidden triggers in AI used by the U.S. military and federal agencies.
- Poisoning defense for cyber systems: Peraton demonstrated protective measures against malware that bypasses AI-based antivirus tools, achieving detection rates exceeding 90%.
- Enhanced AI privacy: Peraton created smart, secure ways to prevent AI from leaking sensitive data, improving compliance with federal privacy laws.
This work also includes a living catalog of adversarial techniques such as databases of known threats now used by cybersecurity teams. This combined knowledge base catalogs more than 30 years of tactics and support data that can be used to test new systems before deployment.
Measures such as these—as well as constant, state-of-the-art research—are essential to protect CBP’s rapidly-innovating systems from the latest in adversarial AI threats.
A Call to Action
Adversarial AI represents a clear and present danger to national security—including, critically, the security of the U.S. border. Ongoing research and successful initiatives show that collaboration between federal agencies and corporate partners such as Peraton can effectively counter this threat. However, continued leadership and support are essential for safeguarding the integrity and reliability of our nation’s most vital AI systems. That includes:
- Sustained funding for adversarial AI research and development: The U.S. must stay ahead of rapidly-evolving adversarial capabilities and maintain U.S. technology and strategic superiority through targeted and consistent investment.
- Policy and oversight support: The government should encourage agencies to establish an AI center of excellence and mandate adversarial AI assessments in procurement, testing, and deployment cycles.
- Cross-agency collaboration: The government should drive robust collaboration and intelligence-sharing among defense, intelligence, homeland security, and civilian agencies to unify efforts against adversarial AI threats.
AI tools hold the promise of unprecedented advances in the security of the U.S. border. With robust leadership and public-private sector partnerships, AI tools can be fortified against any adversary’s efforts to turn a national security strength into a vulnerability.
