Machine Learning Attack Surface: Training and Inference Pipelines
flowchart LR
Collect[("Data collection
web scrape, uploads,
partner feed")]:::storeNode Clean["Data cleaning
filter, label,
deduplicate"]:::pipeNode Train["Training
optimization adjusts
model weights"]:::modelNode Trained["Trained model
frozen weights,
ready to deploy"]:::pipeNode Prod["Production model
receives input,
returns prediction"]:::modelNode Output(["Output
score, label,
generated text"]):::pipeNode Collect --> Clean --> Train --> Trained --> Prod --> Output Poison["Data Poisoning
attacker contributes
corrupted examples"]:::attackNode Evasion["Adversarial ML / Evasion
crafted input causes
wrong output"]:::attackNode Theft["Model Theft
many queries
reconstruct the model"]:::attackNode Inject["Prompt Injection
hidden instructions
override system prompt"]:::attackNode Poison -. attack .-> Collect Evasion -. attack .-> Prod Theft -. attack .-> Prod Inject -. attack .-> Prod classDef storeNode fill:#455a64,stroke:#263238,stroke-width:2px,color:#fff,font-size:14px classDef pipeNode fill:#e3f2fd,stroke:#1565c0,stroke-width:2px,color:#0d2b4a,font-size:14px classDef modelNode fill:#1565c0,stroke:#0d47a1,stroke-width:2px,color:#fff,font-size:14px classDef attackNode fill:#ffa000,stroke:#c62828,stroke-width:3px,color:#5a1500,font-size:14px linkStyle 0,1,2,3,4 stroke:#1565c0,stroke-width:2px,font-size:13px linkStyle 5,6,7,8 stroke:#c62828,stroke-width:3px,font-size:13px
web scrape, uploads,
partner feed")]:::storeNode Clean["Data cleaning
filter, label,
deduplicate"]:::pipeNode Train["Training
optimization adjusts
model weights"]:::modelNode Trained["Trained model
frozen weights,
ready to deploy"]:::pipeNode Prod["Production model
receives input,
returns prediction"]:::modelNode Output(["Output
score, label,
generated text"]):::pipeNode Collect --> Clean --> Train --> Trained --> Prod --> Output Poison["Data Poisoning
attacker contributes
corrupted examples"]:::attackNode Evasion["Adversarial ML / Evasion
crafted input causes
wrong output"]:::attackNode Theft["Model Theft
many queries
reconstruct the model"]:::attackNode Inject["Prompt Injection
hidden instructions
override system prompt"]:::attackNode Poison -. attack .-> Collect Evasion -. attack .-> Prod Theft -. attack .-> Prod Inject -. attack .-> Prod classDef storeNode fill:#455a64,stroke:#263238,stroke-width:2px,color:#fff,font-size:14px classDef pipeNode fill:#e3f2fd,stroke:#1565c0,stroke-width:2px,color:#0d2b4a,font-size:14px classDef modelNode fill:#1565c0,stroke:#0d47a1,stroke-width:2px,color:#fff,font-size:14px classDef attackNode fill:#ffa000,stroke:#c62828,stroke-width:3px,color:#5a1500,font-size:14px linkStyle 0,1,2,3,4 stroke:#1565c0,stroke-width:2px,font-size:13px linkStyle 5,6,7,8 stroke:#c62828,stroke-width:3px,font-size:13px
Color Key
Data store
Model / training stage
Pipeline step
Attack (red edge)
Stage / Attack Details
Hover or tap any blue stage to see what it does, or any amber attack box to see how an adversary abuses that point. The legitimate pipeline flows left to right; attacks point in.