We introduce the AI Security Pyramid of Pain, a framework that adapts the cybersecurity Pyramid of Pain to categorize and prioritize AI-specific threats. This framework provides a structured approach to understanding and addressing various levels of AI threats. Starting at the base, the pyramid emphasizes Data Integrity, which is essential for the accuracy and reliability of datasets and AI models, including their weights and parameters. Ensuring data integrity is crucial, as it underpins the effectiveness of all AI-driven decisions and operations. The next level, AI System Performance, focuses on MLOps-driven metrics such as model drift, accuracy, and false positive rates. These metrics are crucial for detecting potential security breaches, allowing for early intervention and maintenance of AI system integrity. Advancing further, the pyramid addresses the threat posed by Adversarial Tools, identifying and neutralizing tools used by adversaries to target AI systems. This layer is key to staying ahead of evolving attack methodologies. At the Adversarial Input layer, the framework addresses the detection and mitigation of inputs designed to deceive or exploit AI models. This includes techniques like adversarial patterns and prompt injection attacks, which are increasingly used in sophisticated attacks on AI systems. Data Provenance is the next critical layer, ensuring the authenticity and lineage of data and models. This layer is pivotal in preventing the use of compromised or biased data in AI systems. At the apex is the tactics, techniques, and procedures (TTPs) layer, dealing with the most complex and challenging aspects of AI security. This involves a deep understanding and strategic approach to counter advanced AI-targeted attacks, requiring comprehensive knowledge and planning.

翻译：我们提出AI安全痛苦金字塔框架，该框架借鉴网络安全的痛苦金字塔模型，对AI特定威胁进行分类与优先级排序。该框架为理解并应对不同层次的AI威胁提供了结构化方法。从金字塔底部开始，数据完整性作为基石，是确保数据集及AI模型（包括其权重和参数）准确性与可靠性的核心。保障数据完整性至关重要，因为它支撑着所有AI驱动决策与操作的有效性。第二层聚焦AI系统性能，关注MLOps驱动的指标，如模型漂移、准确率和误报率。这些指标对检测潜在安全漏洞、实现早期干预及维护AI系统完整性具有决定性作用。向上推进，对抗工具层着力于识别并消除攻击者针对AI系统的工具，这对应对不断演变的攻击方法至关重要。在对抗输入层，该框架处理用于欺骗或利用AI模型的输入检测与缓解，包括对抗性模式和提示注入攻击等针对AI系统的高阶攻击技术。数据溯源作为关键层级，确保数据与模型的真实性与谱系完整性，对防止在AI系统中使用被篡改或有偏见的数据具有决定性作用。金字塔顶层是战术、技术与程序（TTP）层，涉及AI安全中最复杂的挑战，需要深度理解与战略规划来对抗高级AI定向攻击，这要求全面的知识储备与系统性部署。