Enables readers to understand the full lifecycle of adversarial machine learning (AML) and how AI models can be compromised
Adversarial Machine Learning is a definitive guide to one of the most urgent challenges in artificial intelligence today: how to secure machine learning systems against adversarial threats.
This book explores the full lifecycle of adversarial machine learning (AML), providing a structured, real-world understanding of how AI models can be compromised—and what can be done about it.
The book walks readers through the different phases of the machine learning pipeline, showing how attacks emerge during training, deployment, and inference. It breaks down adversarial threats into clear categories based on attacker goals—whether to disrupt system availability, tamper with outputs, or leak private information. With clarity and technical rigor, it dissects the tools, knowledge, and access attackers need to exploit AI systems.
In addition to diagnosing threats, the book provides a robust overview of defense strategies—from adversarial training and certified defenses to privacy-preserving machine learning and risk-aware system design. Each defense is discussed alongside its limitations, trade-offs, and real-world applicability.
Readers will gain a comprehensive view of today???s most dangerous attack methods including:
Evasion attacks that manipulate inputs to deceive AI predictions
Poisoning attacks that corrupt training data or model updates
Backdoor and trojan attacks that embed malicious triggers Privacy attacks that reveal sensitive data through model interaction and prompt injection Generative AI attacks that exploit the new wave of large language models
Blending technical depth with practical insight, Adversarial Machine Learning equips developers, security engineers, and AI decision-makers with the knowledge they need to understand the adversarial landscape and defend their systems with confidence.
By:
Jason Edwards (Birkbeck University of London UK)
Imprint: John Wiley & Sons Inc
Country of Publication: United States
ISBN: 9781394402038
ISBN 10: 1394402031
Pages: 400
Publication Date: 19 February 2026
Audience:
Professional and scholarly
,
Undergraduate
Format: Hardback
Publisher's Status: Forthcoming
Preface xi Acknowledgments xiii From the Author xv Introduction xvii About the Companion Website xxi 1 The Age of Intelligent Threats 1 The Rise of AI as a Security Target 1 Fragility in Intelligent Systems 3 Categories of AI: Predictive, Generative, and Agentic 5 Milestones in Adversarial Vulnerability 8 Intelligence as an Attack Multiplier 10 Why This Book and Who It's For 12 2 Anatomy of AI Systems and Their Attack Surfaces 21 The Architecture of Predictive, Generative, and Agentic AI 21 The AI Development Lifecycle: From Data to Deployment 24 Classical Machine Learning vs. Modern AI Pipelines 26 Identifying Entry Points: Training, Inference, and Supply Chain 28 Security Debt in the Model Development Lifecycle 31 3 The Adversary's Playbook 39 Threat Actors: Profiles, Motivations, and Objectives 39 White-Box Attack Techniques and Methodologies 41 Black-Box Attack Techniques and Methodologies 44 Gray-Box Attack Techniques and Methodologies 47 Operationalizing AI Attacks: Tactical Methodologies and Execution 49 Advanced Multi-Stage and Coordinated AI Attacks 52 4 Evasion Attacks—Tricking AI Models at Inference 61 Core Principles and Mechanisms of Evasion Attacks 61 Gradient-Based Evasion Techniques 64 Linguistic and Textual Evasion Methods 67 Image- and Vision-Based Evasion Techniques 69 Evasion Attacks on Time-Series and Sequential Models 72 5 Poisoning Attacks—Compromising AI Systems During Training 81 Fundamentals and Mechanisms of Training-Time Poisoning 81 Label Manipulation and Clean-Label Poisoning Techniques 84 Backdoor and Trojan Insertion in Training Data 86 Poisoning Attacks on Federated and Distributed Learning Systems 89 Poisoning Attacks Against Reinforcement Learning (RL) Systems 91 Poisoning Attacks on Transfer Learning and Fine-Tuning Processes 94 6 Privacy Attacks—Extracting Secrets from AI Models 103 Core Mechanisms and Objectives of AI Privacy Attacks 103 Membership Inference Techniques 106 Model Inversion Attacks and Data Reconstruction 109 Attribute and Property Inference Attacks 111 Model Extraction and Functionality Reconstruction 114 Exploiting Privacy Leakage Through Prompting Generative AI 117 7 Backdoor and Trojan Attacks—Embedding Hidden Behaviors in AI Models 125 Fundamental Concepts of AI Backdoors and Trojans 125 Backdoor Trigger Design and Optimization 128 Data Poisoning Methods for Backdoor Embedding 130 Trojan Attacks in Transfer and Fine-Tuning Scenarios 132 Embedding Backdoors in Federated and Decentralized Training 135 Advanced Trigger Embedding in Generative and Agentic AI Models 137 8 The Generative AI Attack Surface 147 Architectural Foundations of Large Language Models 147 How Generative Architectures Expand Attack Opportunities 150 Exploiting Fine-Tuning as an Adversarial Vector 152 Prompt Engineering as an Adversarial Exploitation Pathway 155 Technical Risks in Retrieval-Augmented Generation Systems 157 Leveraging Model Internals for Generative AI Exploitation 160 9 Prompt Injection and Jailbreak Techniques 169 Technical Foundations of Prompt Injection Attacks 169 Direct Prompt Injection Methods and Input Crafting 173 Indirect Prompt Injection via External or Retrieved Content 175 Jailbreak Techniques and Semantic Boundary Exploitation 177 Token-Level and Embedding Space Manipulations 180 Contextual and Conversational Injection Strategies 182 10 Data Leakage and Model Hallucination 191 Technical Mechanisms of Data Leakage in Generative Models 191 Membership and Attribute Inference via Generative Outputs 195 Model Inversion and Training Data Reconstruction 197 Hallucination Exploitation in Generative Outputs 199 Prompt-Based Extraction of Memorized Data 202 Exploiting Multi-Modal and Cross-Modal Leakage in Generative Models 204 11 Adversarial Fine-Tuning and Model Reprogramming 213 Technical Foundations of Adversarial Fine-Tuning 213 Semantic Perturbation Methods for Adversarial Fine-Tuning 216 Embedding Covert Behaviors via Adversarial Prompt Conditioning 219 Advanced Trojan Embedding via Fine-Tuning Gradients 221 Cross-Model and Transferable Adversarial Fine-Tuning Attacks 223 Model Reprogramming via Adversarial Fine-Tuning Techniques 226 12 Agentic AI and Autonomous Threat Loops 235 Technical Foundations of Agentic AI Systems 235 Technical Manipulation of Autonomous Decision Loops 238 Exploitation of Agentic Memory and Context Management 241 Agentic Tool Integration and External API Exploitation 244 Technical Embedding of Autonomous Chain Injection 246 Exploitation of Environmental Interactions and Stateful Vulnerabilities 248 13 Securing the AI Supply Chain 257 Technical Mechanisms of Supply Chain Poisoning in AI Models 257 Artifact and Model Checkpoint Contamination Techniques 260 Technical Exploitation of Third-Party AI Libraries and Frameworks 263 Dataset Provenance and Annotation Manipulation Techniques 265 Technical Exploitation of Hosted and Cloud-based Model Infrastructure 268 Artifact Repositories and Model Zoo Contamination Methods 270 14 Evaluating AI Robustness and Response Strategies 277 Technical Foundations of AI Robustness Evaluation 277 Metrics for Evaluating AI Security and Robustness 279 Robust Optimization Methods and Adversarial Training 282 Certified Robustness and Formal Verification Techniques 285 Technical Benchmarking Tools and Evaluation Frameworks 287 Technical Analysis of Robustness Across Model Architectures and Modalities 289 15 Building Trustworthy AI by Design 299 Technical Foundations of Security-by-Design in AI Systems 299 Robust Embedding and Representation Learning Methods 302 Technical Approaches to Adversarially Robust Architectures 304 Technical Integration of Formal Verification in Model Design 306 Technical Frameworks for Runtime Anomaly Detection and Filtering 308 Technical Embedding of Model Interpretability and Transparency 310 16 Looking Ahead—Security in the Era of Intelligent Agents 319 Technical Foundations of Future Agentic AI Systems 319 Emerging Technical Attack Vectors in Agentic Systems 322 Technical Exploitation of Multi-Modal and Cross-Domain Agentic Capabilities 325 Future Technical Capabilities in Automated Adversarial Generation 327 Technical Mechanisms for Evaluating Advanced Agentic Robustness 330 Technical Embedding of Ethical Constraints and Safety Mechanisms 332 Recommendations 335 Conclusion 337 Key Concepts 337 Glossary 341 Index 367
Jason Edwards, DM, CISSP, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges. His career includes leadership roles across the military, insurance, finance, energy, and technology industries. He is a husband, father, former military cyber officer, adjunct professor, avid reader, dog dad, and popular on LinkedIn.
