The National Institute of Standards and Technology (NIST) has published its final report on adversarial machine learning (AML), offering a comprehensive taxonomy and shared terminology to help organizations understand and address emerging cybersecurity threats in artificial intelligence (AI) and machine learning (ML) systems.
Titled AI 100-2 E2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, the report outlines how AI/ML systems—particularly predictive AI (PredAI) and generative AI (GenAI)—are uniquely vulnerable to attacks that target every stage of the machine learning lifecycle, from training to deployment. These threats include adversarial data poisoning, input manipulation, and model extraction tactics that can compromise the confidentiality, integrity, or performance of AI systems.
The taxonomy classifies attacks by system type, lifecycle phase, attacker goals, capabilities, and knowledge. It also examines how real-world deployments of GenAI, especially those connected to sensitive data or external tools, increase the stakes of adversarial threats.
Beyond categorization, the report provides mitigation strategies and outlines the limitations of current defenses, aiming to support future standards and risk management practices across government and industry.
The initiative builds on the NIST AI Risk Management Framework, emphasizing the need for security, resilience, and robustness in AI deployment while also highlighting the importance of aligning technical language across sectors.
Read the full report here.