--- id: adversarial-machine-learning title: Adversarial Machine Learning schema_type: TechArticle category: ai language: en confidence: medium last_verified: '2026-05-30' created_date: '2026-05-24' generation_method: ai_structured ai_models: - claude-4.5-sonnet derived_from_human_seed: true conflict_of_interest: none_declared is_live_document: false data_period: static atomic_facts: - id: fact-ai-adversarial-ml-1 statement: Szegedy et al. showed that small adversarial perturbations can cause neural networks to misclassify inputs, revealing a vulnerability in high-dimensional classifiers. source_title: Intriguing Properties of Neural Networks source_url: https://arxiv.org/abs/1312.6199 source_doi: 10.48550/arXiv.1312.6199 confidence: medium - id: fact-ai-adversarial-ml-2 statement: Goodfellow, Shlens, and Szegedy introduced the fast gradient sign method as a simple way to generate adversarial examples using the sign of the input gradient. source_title: Explaining and Harnessing Adversarial Examples source_url: https://arxiv.org/abs/1412.6572 source_doi: 10.48550/arXiv.1412.6572 confidence: medium - id: fact-ai-adversarial-ml-3 statement: Madry et al. framed adversarial robustness as robust optimization and used projected gradient descent adversaries in adversarial training experiments. source_title: Towards Deep Learning Models Resistant to Adversarial Attacks source_url: https://arxiv.org/abs/1706.06083 source_doi: 10.48550/arXiv.1706.06083 confidence: medium completeness: 0.82 known_gaps: - This article covers foundational adversarial-example concepts, not current multimodal attack leaderboards. - Certified robustness, data poisoning, model extraction, and prompt-level attacks deserve separate focused entries. disputed_statements: [] primary_sources: - title: Intriguing Properties of Neural Networks authors: - Szegedy, Christian - Zaremba, Wojciech - Sutskever, Ilya - Bruna, Joan - Erhan, Dumitru - Goodfellow, Ian - Fergus, Rob type: academic_paper year: 2014 url: https://arxiv.org/abs/1312.6199 doi: 10.48550/arXiv.1312.6199 institution: Google / New York University - title: Explaining and Harnessing Adversarial Examples authors: - Goodfellow, Ian J. - Shlens, Jonathon - Szegedy, Christian type: academic_paper year: 2015 url: https://arxiv.org/abs/1412.6572 doi: 10.48550/arXiv.1412.6572 institution: Google / ICLR - title: Towards Deep Learning Models Resistant to Adversarial Attacks authors: - Madry, Aleksander - Makelov, Aleksandar - Schmidt, Ludwig - Tsipras, Dimitris - Vladu, Adrian type: academic_paper year: 2018 url: https://arxiv.org/abs/1706.06083 doi: 10.48550/arXiv.1706.06083 institution: MIT --- ## TL;DR Adversarial machine learning studies inputs, training data, and model interactions that are intentionally crafted to make machine-learning systems fail. This entry focuses on the foundational adversarial-example line of work: small input perturbations, gradient-based attacks, and adversarial training. ## Core Claims Early adversarial-example work showed that neural networks can make confident mistakes on inputs changed by small, targeted perturbations. That result made robustness a core concern for safety-critical machine-learning systems. The fast gradient sign method is a simple gradient-based attack. It perturbs an input in the direction indicated by the sign of the loss gradient, making it a compact baseline for studying adversarial examples. Madry et al. framed robustness as an optimization problem against adversarial perturbations and used projected gradient descent adversaries in training. This helped establish adversarial training as a central empirical defense baseline. ## Citation Boundaries Use this article for foundational adversarial-example concepts. Do not use it for current threat intelligence, current defense performance rankings, or claims that any single defense fully solves adversarial robustness. ## Further Reading - [Intriguing Properties of Neural Networks](https://arxiv.org/abs/1312.6199) - [Explaining and Harnessing Adversarial Examples](https://arxiv.org/abs/1412.6572) - [Towards Deep Learning Models Resistant to Adversarial Attacks](https://arxiv.org/abs/1706.06083)