{"id":18894158,"url":"https://github.com/trailofbits/awesome-ml-security","last_synced_at":"2026-02-02T05:02:57.829Z","repository":{"id":163175352,"uuid":"636781211","full_name":"trailofbits/awesome-ml-security","owner":"trailofbits","description":null,"archived":false,"fork":false,"pushed_at":"2025-09-05T19:50:21.000Z","size":239,"stargazers_count":151,"open_issues_count":2,"forks_count":19,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-11-02T16:01:00.554Z","etag":null,"topics":["machine-learning"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-05T16:18:30.000Z","updated_at":"2025-10-10T03:16:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"8a43e61f-4122-42aa-a57d-9f4abb4e7bc4","html_url":"https://github.com/trailofbits/awesome-ml-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/awesome-ml-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fawesome-ml-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fawesome-ml-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fawesome-ml-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fawesome-ml-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/awesome-ml-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fawesome-ml-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29006081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T04:25:24.522Z","status":"ssl_error","status_checked_at":"2026-02-02T04:24:51.069Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["machine-learning"],"created_at":"2024-11-08T08:18:36.647Z","updated_at":"2026-02-02T05:02:57.821Z","avatar_url":"https://github.com/trailofbits.png","language":null,"funding_links":[],"categories":["[↑](#table-of-contents)Related Awesome Lists \u003ca name=\"related-awesome-lists\"\u003e\u003c/a\u003e","📚 Research, Talks, and Writeups","Related Awesome Lists"],"sub_categories":["Startup Blogs \u003ca name=\"startup-blogs\"\u003e\u003c/a\u003e","Technical Research"],"readme":"# Awesome-ML-Security\n\nA curated list of awesome machine learning security references, guidance, tools, and more.\n\n**Table of Contents**\n\n- [Awesome-ML-Security](#awesome-ml-security)\n  - [Relevant work, standards, literature](#relevant-work-standards-literature)\n    - [CIA of the model](#cia-of-the-model)\n      - [Confidentiality](#confidentiality)\n      - [Integrity](#integrity)\n      - [Availability](#availability)\n    - [Degraded model performance](#degraded-model-performance)\n    - [ML-Ops](#ml-ops)\n    - [AI’s effect on attacks/security elsewhere](#ais-effect-on-attackssecurity-elsewhere)\n      - [Self-driving cars](#self-driving-cars)\n      - [LLM Alignment](#llm-alignment)\n  - [Regulatory actions](#regulatory-actions)\n    - [US](#us)\n    - [EU](#eu)\n    - [Other](#other)\n  - [Safety standards](#safety-standards)\n  - [Taxonomies and frameworks](#taxonomies-and-frameworks)\n  - [Security tools and techniques](#security-tools-and-techniques)\n    - [API probing](#api-probing)\n    - [Model backdoors](#model-backdoors)\n    - [Other](#other-1)\n  - [Background information](#background-information)\n  - [DeepFakes, disinformation, and abuse](#deepfakes-disinformation-and-abuse)\n  - [Notable incidents](#notable-incidents)\n  - [Notable harms](#notable-harms)\n\n## Relevant work, standards, literature\n\n### CIA of the model\nMembership attacks, model inversion attacks, model extraction, adversarial perturbation, prompt injections, etc.\n* [Towards the Science of Security and Privacy in Machine Learning](https://arxiv.org/abs/1611.03814)\n* [SoK: Machine Learning Governance](https://arxiv.org/abs/2109.10870)\n* [Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them](https://www.goodreads.com/book/show/125075266-not-with-a-bug-but-with-a-sticker)\n* [On the Impossible Safety of Large AI Models](https://arxiv.org/abs/2209.15259)\n\n#### Confidentiality\nReconstruction (model inversion; attribute inference; gradient and information leakage), theft of data, Membership inference and reidentification of data, Model extraction (model theft), property inference (leakage of dataset properties), etc.\n* [awesome-ml-privacy-attacks](https://github.com/stratosphereips/awesome-ml-privacy-attacks)\n* [Privacy Side Channels in Machine Learning Systems](https://arxiv.org/abs/2309.05610#:~:text=Most%20current%20approaches%20for%20protecting,%2C%20output%20monitoring%2C%20and%20more)\n* [Beyond Labeling Oracles: What does it mean to steal ML models?](https://arxiv.org/abs/2310.01959)\n* [Text Embeddings Reveal (Almost) As Much As Text](https://arxiv.org/abs/2310.06816?ref=upstract.com)\n* [Language Model Inversion](https://arxiv.org/abs/2311.13647)\n* [Extracting Training Data from ChatGPT](https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html)\n* [Recovering the Pre-Fine-Tuning Weights of Generative Models](https://arxiv.org/abs/2402.10208)\n\n#### Integrity\nBackdoors/neural trojans (same as for non-ML systems), adversarial evasion (perturbation of an input to evade a certain classification or output), data poisoning and ordering (providing malicious data or changing the order of the data flow into an ML model).\n* [A Systematic Survey of Backdoor Attack, Weight Attack and Adversarial Examples](https://arxiv.org/abs/2302.09457)\n* [Poisoning Web-Scale Training Datasets is Practical](https://arxiv.org/abs/2302.10149)\n* [Planting Undetectable Backdoors in Machine Learning Models](https://arxiv.org/abs/2204.06974)\n* [Motivating the Rules of the Game for Adversarial Example Research](https://arxiv.org/abs/1807.06732)\n* [On Evaluating Adversarial Robustness](https://arxiv.org/abs/1902.06705)\n* [Tree of Attacks: Jailbreaking Black-Box LLMs Automatically](https://arxiv.org/abs/2312.02119)\n* [Universal and Transferable Adversarial Attacks on Aligned Language Models](https://llm-attacks.org/)\n* [Manipulating SGD with Data Ordering Attacks](https://arxiv.org/abs/2104.09667)\n* [Adversarial reprogramming](https://arxiv.org/abs/1806.11146) - repurposing a model for a different task than its original intended purpose\n* [Model spinning attacks](https://arxiv.org/abs/2107.10443) (meta backdoors) - forcing a model to produce output that adheres to a meta task (for ex. making a general LLM produce propaganda)\n* [LLM Censorship: A Machine Learning Challenge or a Computer Security Problem?](https://arxiv.org/abs/2307.10719)\n* [Securing LLM Systems Against Prompt Injection](https://developer.nvidia.com/blog/securing-llm-systems-against-prompt-injection/) \u0026 [Mitigating Stored Prompt Injection Attacks Against LLM Applications](https://developer.nvidia.com/blog/mitigating-stored-prompt-injection-attacks-against-llm-applications/)\n  * [Best Practices for Securing LLM-Enabled Applications](https://developer.nvidia.com/blog/best-practices-for-securing-llm-enabled-applications/)\n  * [NVIDIA NeMo Guardrails: Security Guidelines](https://docs.nvidia.com/nemo/guardrails/security/guidelines.html)\n* [Multi-Agent Systems Execute Arbitrary Malicious Code](https://arxiv.org/abs/2503.12188)\n* [Agentic Autonomy Levels and Security](https://developer.nvidia.com/blog/agentic-autonomy-levels-and-security/)\n* [Rerouting LLM Routers](https://arxiv.org/abs/2501.01818)\n* [Defeating Prompt Injections by Design](https://arxiv.org/abs/2503.18813)\n* [Arcanum Prompt Injection Taxonomy](https://github.com/Arcanum-Sec/arc_pi_taxonomy)\n\n\n#### Availability\n* [Energy-latency attacks](https://arxiv.org/abs/2006.03463) - denial of service for neural networks\n\n### Degraded model performance\n* [Trail of Bits's Audit of YOLOv7](https://blog.trailofbits.com/2023/11/15/assessing-the-security-posture-of-a-widely-used-vision-model-yolov7/)\n* [Robustness Testing of Autonomy Software](https://users.ece.cmu.edu/~koopman/pubs/hutchison18_icse_robustness_testing_autonomy_software.pdf)\n* [Can robot navigation bugs be found in simulation? An exploratory study](https://hal.science/hal-01534235/file/PID4832685.pdf)\n* [Bugs can optimize for bad behavior (OpenAI GPT-2)](https://openai.com/research/fine-tuning-gpt-2)\n* [You Only Look Once Run time errors](https://www.york.ac.uk/assuring-autonomy/guidance/body-of-knowledge/implementation/2-3/2-3-3/cross-domain-automotive/)\n\n### ML-Ops\n* [Incubated ML Exploits: Backdooring ML Pipelines using Input-Handling Bugs](https://www.youtube.com/watch?v=Z38pTFM0FyU)\n* [Auditing the Ask Astro LLM Q\u0026A app](https://blog.trailofbits.com/2024/07/05/auditing-the-ask-astro-llm-qa-app/)\n* [Exploiting ML models with pickle file attacks: Part 1](https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/) \u0026 [Exploiting ML models with pickle file attacks: Part 2](https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-2/)\n* [PCC: Bold step forward, not without flaws](https://blog.trailofbits.com/2024/06/14/pcc-bold-step-forward-not-without-flaws/)\n* [Trail of Bits's Audit of the Safetensors Library](https://github.com/trailofbits/publications/blob/master/reviews/2023-03-eleutherai-huggingface-safetensors-securityreview.pdf)\n* [Facebook’s LLAMA being openly distributed via torrents](https://news.ycombinator.com/item?id=35007978)\n* [Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning](https://arxiv.org/abs/1701.04739)\n* [DeepPayload: Black-box Backdoor Attack on Deep Learning Models through Neural Payload Injection](https://arxiv.org/abs/2101.06896)\n* [Weaponizing Machine Learning Models with Ransomware](https://hiddenlayer.com/research/weaponizing-machine-learning-models-with-ransomware/) (and [Machine Learning Threat Roundup](https://hiddenlayer.com/research/machine-learning-threat-roundup/))\n* [Bug Characterization in Machine Learning-based Systems](https://arxiv.org/abs/2307.14512)\n* [LeftoverLocals: Listening to LLM responses through leaked GPU local memory](https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/)\n* [Offensive ML Playbook](https://wiki.offsecml.com/Welcome+to+the+Offensive+ML+Playbook)\n* [MCP security briefing](https://www.wiz.io/blog/mcp-security-research-briefing)\n\n\n### AI’s effect on attacks/security elsewhere\n* [How AI will affect cybersecurity: What we told the CFTC](https://blog.trailofbits.com/2023/07/31/how-ai-will-affect-cybersecurity-what-we-told-the-cftc/)\n* [Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants](https://arxiv.org/abs/2208.09727)\n* [Examining Zero-Shot Vulnerability Repair with Large Language Models](https://arxiv.org/pdf/2112.02125.pdf)\n* [Do Users Write More Insecure Code with AI Assistants?](https://arxiv.org/pdf/2211.03622.pdf)\n* [Learned Systems Security](https://arxiv.org/abs/2212.10318)\n* [Beyond the Hype: A Real-World Evaluation of the Impact and Cost of Machine Learning-Based Malware Detection](https://arxiv.org/abs/2012.09214)\n* [Data-Driven Offense](https://player.vimeo.com/video/133292422) from Infiltrate 2015\n* [Codex (and GPT-4) can’t beat humans on smart contract audits](https://blog.trailofbits.com/2023/03/22/codex-and-gpt4-cant-beat-humans-on-smart-contract-audits/)\n\n#### Self-driving cars\n* [Driving to Safety: How Many Miles of Driving Would It Take to Demonstrate Autonomous Vehicle Reliability?](https://www.rand.org/pubs/research_reports/RR1478.html)\n\n#### LLM Alignment\n* [When Your AIs Deceive You: Challenges with Partial Observability of Human Evaluators in Reward Learning](https://arxiv.org/abs/2402.17747)\n\n## Regulatory actions\n\n### US\n* [FTC: Keep your AI claims in check](https://www.ftc.gov/business-guidance/blog/2023/02/keep-your-ai-claims-check)\n* [FAA - Unmanned Aircraft Vehicles](https://www.faa.gov/regulations_policies/rulemaking/committees/documents/index.cfm/committee/browse/committeeID/837)\n* [NHTSA - Automated Vehicle safety](https://www.nhtsa.gov/technology-innovation/automated-vehicles-safety)\n* [AI Bill of Rights](https://www.whitehouse.gov/ostp/ai-bill-of-rights/)\n* [Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence](https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/#:~:text=With%20this%20Executive%20Order%2C%20the,information%20with%20the%20U.S.%20government.)\n\n### EU\n* [The Artificial Intelligence Act](https://artificialintelligenceact.eu/) (proposed)\n\n### Other\n* [TIME Ideas: How AI Can Be Regulated Like Nuclear Energy](https://time.com/6327635/ai-needs-to-be-regulated-like-nuclear-weapons/)\n* [Trail of Bits’s Response to OSTP National Priorities for AI RFI](https://blog.trailofbits.com/2023/07/18/trail-of-bitss-response-to-ostp-national-priorities-for-ai-rfi/)\n* [Trail of Bits’s Response to NTIA AI Accountability RFC](https://blog.trailofbits.com/2023/07/18/trail-of-bitss-response-to-ostp-national-priorities-for-ai-rfi/)\n\n## Safety standards\n* [Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems](https://blog.trailofbits.com/2023/03/14/ai-security-safety-audit-assurance-heidy-khlaaf-odd/)\n* ISO/IEC 42001 — Artificial intelligence — Management system\n* ISO/IEC 22989 — Artificial intelligence — Concepts and terminology\n* ISO/IEC 38507 — Governance of IT — Governance implications of the use of artificial intelligence by organizations\n* ISO/IEC 23894 — Artificial Intelligence — Guidance on Risk Management\n* ANSI/UL 4600 Standard for Safety for the Evaluation of Autonomous Products — addresses fully autonomous systems that move such as self-driving cars, and other vehicles including lightweight unmanned aerial vehicles (UAVs). Includes safety case construction, risk analysis, design process, verification and validation, tool qualification, data integrity, human-machine interaction, metrics and conformance assessment.\n* High-Level Expert Group on AI in European Commission — Ethics Guidelines for Trustworthy Artificial Intelligence\n\n## Taxonomies and frameworks\n* [NIST AI 100-2e2023](https://csrc.nist.gov/publications/detail/white-paper/2023/03/08/adversarial-machine-learning-taxonomy-and-terminology/draft)\n* [MITRE ATLAS](https://atlas.mitre.org/)\n* [AI Incident Database](https://incidentdatabase.ai/)\n* [OWASP Top 10 for LLMs](https://owasp.org/www-project-top-10-for-large-language-model-applications/)\n* [Guidelines for secure AI system development](https://www.ncsc.gov.uk/files/Guidelines-for-secure-AI-system-development.pdf)\n\n## Security tools and techniques\n### API probing\n* [PrivacyRaven](https://github.com/trailofbits/PrivacyRaven): runs different privacy attacks against ML models; the tool only runs black-box label-only attacks\n* [Counterfit](https://github.com/Azure/counterfit): runs different adversarial ML attacks against ML models\n* [Garak](https://github.com/NVIDIA/garak)\n\n### Model backdoors\n* [Fickling](https://github.com/trailofbits/fickling): a decompiler, static analyzer, and bytecode rewriter for Python pickle files; injects backdoors into ML model files\n* [Semgrep rules for ML](https://blog.trailofbits.com/2022/10/03/semgrep-maching-learning-static-analysis/)\n\n### Other\n* [Awesome Large Language Model Tools for Cybersecurity Research](https://github.com/tenable/awesome-llm-cybersecurity-tools)\n* [Watermarks in the Sand: Impossibility of Strong Watermarking for Generative Models](https://arxiv.org/abs/2311.04378)\n\n\n## Background information\n* [Building A Generative AI Platform (Chip Huyen)](https://huyenchip.com/2024/07/25/genai-platform.html)\n* [Machine Learning Glossary | Google Developers](https://developers.google.com/machine-learning/glossary)\n* [Hugging Face NLP course](https://huggingface.co/learn/nlp-course/chapter1/1)\n* [Making Large Language Models work for you](https://simonwillison.net/2023/Aug/27/wordcamp-llms/)\n* [Andrej Karpathy's Intro to Large Language Models](https://www.youtube.com/watch?v=zjkBMFhNj_g) and [Neural Networks: Zero to Hero](https://www.youtube.com/watch?v=VMj-3S1tku0\u0026list=PLAqhIrjkxbuWI23v9cThsA9GvCAUhRvKZ)\n* [Normcore LLM Reading List](https://gist.github.com/veekaybee/be375ab33085102f9027853128dc5f0e) especially [Building LLM applications for production](https://huyenchip.com/2023/04/11/llm-engineering.html)\n* [3blue1brown's Guide to Neural Networks](https://www.youtube.com/playlist?list=PLZHQObOWTQDNU6R1_67000Dx_ZCJB-3pi)\n* Licensing:\n  * [From RAIL to Open RAIL: Topologies of RAIL Licenses](https://www.licenses.ai/blog/2022/8/18/naming-convention-of-responsible-ai-licenses)\n  * [Hugging Face - OpenRAIL ](https://huggingface.co/blog/open_rail)\n  * [Hugging Face - AI Release Models](https://arxiv.org/abs/2302.04844)\n  * [Open LLMs](https://github.com/eugeneyan/open-llms)\n  * [Prompt Engineering Guide](https://github.com/trailofbits/awesome-ml-security/blob/main/prompt-engineering.md)\n* [How to Build an Agent](https://ampcode.com/how-to-build-an-agent)\n* [Building effective agents](https://www.anthropic.com/engineering/building-effective-agents)\n* [Chip Huyen on Agents](https://huyenchip.com/2025/01/07/agents.html)\n\n\n## DeepFakes, disinformation, and abuse\n* [How to Prepare for the Deluge of Generative AI on Social Media](https://knightcolumbia.org/content/how-to-prepare-for-the-deluge-of-generative-ai-on-social-media)\n* [Generative ML and CSAM: Implications and Mitigations](https://purl.stanford.edu/jv206yg3793)\n\n## Notable incidents\n| **Incident** | **Type** | **Loss** |\n| ----- | ----- | ----- |\n| Tay | Poor training set selection | Reputational |\n| [Apple NeuralHash](https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography) | Adversarial evasion (led to hash collisions) | Reputational |\n| [PyTorch Compromise](https://pytorch.org/blog/compromised-nightly-dependency/) | Dependency confusion |\n| [Proofpoint - CVE-2019-20634](https://github.com/moohax/Proof-Pudding) | Model extraction |\n| [ClearviewAI Leak](https://techcrunch.com/2020/04/16/clearview-source-code-lapse/) | Source Code misconfiguration |\n| [Kubeflow Crypto-mining attack ](https://sysdig.com/blog/crypto-mining-kubeflow-tensorflow-falco/) | System misconfiguration |\n| [OpenAI - takeover someone's account, view their chat history, and access their billing information ](https://twitter.com/naglinagli/status/1639343866313601024) | Web Cache Deception | Reputational |\n| [OpenAI- first message of a newly-created conversation was visible in someone else’s chat history](https://openai.com/blog/march-20-chatgpt-outage) | [Cache - Redis Async I/O](https://github.com/redis/redis-py/issues/2624) | Reputational |\n| [OpenAI- ChatGPT's new Browser SDK was using some relatively recently known-vulnerable code (specifically MinIO CVE-2023-28432)](https://twitter.com/Andrew___Morris/status/1639325397241278464) | [Security vulnerability resulting in information disclosure of all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD.](https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean) | Reputational              |\n| ML Flow | [MLFlow - combined Local File Inclusion/Remote File Inclusion vulnerability which can lead to a complete system or cloud provider takeover.](https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow) | Monetary and Reputational |\n| [HuggingFace Spaces - Rubika](https://hiddenlayer.com/research/crossing-the-rubika-the-use-and-abuse-of-ai-cloud-services/) | System misuse |\n| [Microsoft AI Data Leak](https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers) | SAS token misconfiguration |\n| [HuggingFace Hub- Takeover of the Meta and Intel organizations](https://twitter.com/huggingface/status/1675242955962032129) | Password Reuse |\n| [HuggingFace API token exposure](https://twitter.com/huggingface/status/1675242955962032129) | API token exposure |\n| [ShadowRay - Active Cryptominer campaign against Ray clusters](https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild) | Improper authentication | Monetary and Reputational\n| [Nullbudge attacks on ML supply chain](https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/) |  Supply chain compromise | Monetary and Reputational\n| | |\n\n## Notable harms\n| **Incident** | **Type** | **Loss** |\n| ----- | ----- | ----- |\n| Google Photos Gorillas | Algorithmic bias | Reputational |\n| [Uber hits a pedestrian](https://incidentdatabase.ai/cite/4/) | Model failure |\n| [Facebook mistranslation leads to arrest](https://incidentdatabase.ai/cite/72/) | Algorithmic bias |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fawesome-ml-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fawesome-ml-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fawesome-ml-security/lists"}