Awesome AI Security

March 8, 2026 · View on GitHub

A curated list of AI security resources inspired by awesome-adversarial-machine-learning & awesome-ml-for-cybersecurity.

Legend:

TypeIcon
Research
Slides
Video
Website / Blog post
Code
Other

Keywords:

Adversarial examples

TypeTitle
Explaining and Harnessing Adversarial Examples
Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
Delving into Transferable Adversarial Examples and Black-box Attacks
On the (Statistical) Detection of Adversarial Examples
The Space of Transferable Adversarial Examples
Adversarial Attacks on Neural Network Policies
Adversarial Perturbations Against Deep Neural Networks for Malware Classification
Crafting Adversarial Input Sequences for Recurrent Neural Networks
Practical Black-Box Attacks against Machine Learning
Adversarial examples in the physical world
Robust Physical-World Attacks on Deep Learning Models
Can you fool AI with adversarial examples on a visual Turing test?
Synthesizing Robust Adversarial Examples
Defensive Distillation is Not Robust to Adversarial Examples
Vulnerability of machine learning models to adversarial examples
Adversarial Examples for Evaluating Reading Comprehension Systems
Adversarial Examples and Adversarial Training by Ian Goodfellow at Stanford
Tactics of Adversarial Attack on Deep Reinforcement Learning Agents
Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
Did you hear that? Adversarial Examples Against Automatic Speech Recognition
Adversarial Manipulation of Deep Representations
Exploring the Space of Adversarial Images
Note on Attacking Object Detectors with Adversarial Stickers
Adversarial Patch
LOTS about Attacking Deep Features
Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN
Adversarial Images for Variational Autoencoders
Delving into adversarial attacks on deep policies
Simple Black-Box Adversarial Perturbations for Deep Networks
DeepFool: a simple and accurate method to fool deep neural networks

Evasion

TypeTitle
Query Strategies for Evading Convex-Inducing Classifiers
Evasion attacks against machine learning at test time
Automatically Evading Classifiers A Case Study on PDF Malware Classifiers
Looking at the Bag is not Enough to Find the Bomb: An Evasion of Structural Methods for Malicious PDF Files Detection
Generic Black-Box End-to-End Attack against RNNs and Other API Calls Based Malware Classifiers
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
Fast Feature Fool: A data independent approach to universal adversarial perturbations
One pixel attack for fooling deep neural networks
Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition
RHMD: Evasion-Resilient Hardware Malware Detectors

Poisoning

TypeTitle
Poisoning Behavioral Malware Clustering
Efficient Label Contamination Attacks Against Black-Box Learning Models
Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization

Feature selection

TypeTitle
Is Feature Selection Secure against Training Data Poisoning?

Misc

TypeTitle
Breaking Agent Backbones: Evaluating the Security of Backbone LLMs in AI Agents
Can Machine Learning Be Secure?
On The Integrity Of Deep Learning Systems In Adversarial Settings
Stealing Machine Learning Models via Prediction APIs
Data Driven Exploratory Attacks on Black Box Classifiers in Adversarial Domains
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
A Methodology for Formalizing Model-Inversion Attacks
Adversarial Attacks against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues
Adversarial Data Mining for Cyber Security
High Dimensional Spaces, Deep Learning and Adversarial Examples
Neural Networks in Adversarial Setting and Ill-Conditioned Weight Space
Adversarial Machines
Adversarial Task Allocation
Vulnerability of Deep Reinforcement Learning to Policy Induction Attacks
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Adversarial Robustness: Softmax versus Openmax
DEF CON 25 - Hyrum Anderson - Evading next gen AV using AI
Adversarial Learning for Good: My Talk at #34c3 on Deep Learning Blindspots
Universal adversarial perturbations
Camouflage from face detection - CV Dazzle

Code

TypeTitle
CleverHans - Python library to benchmark machine learning systems vulnerability to adversarial examples
Model extraction attacks on Machine-Learning-as-a-Service platforms
Foolbox - Python toolbox to create adversarial examples
Adversarial Machine Learning Library(Ad-lib)
Deep-pwning
DeepFool
Universal adversarial perturbations
Malware Env for OpenAI Gym
Exploring the Space of Adversarial Images
StringSifter - A machine learning tool that ranks strings based on their relevance for malware analysis
CAI - Cybersecurity AI framework for autonomous security testing
dstack - Confidential AI framework for secure ML/LLM deployment with hardware-enforced isolation and data privacy
ClawMoat - Open-source runtime security scanner for AI agents. Detects prompt injection, jailbreak, PII leakage, memory poisoning, and tool misuse
SkillFortify - Formal analysis and supply chain security for agentic AI skills. Sound static analysis, SAT-based dependency resolution, trust scoring, CycloneDX ASBOM. 5 theorems, F1=96.95%, 0% FP rate
TypeTitle
EvadeML - Machine Learning in the Presence of Adversaries
Adversarial Machine Learning - PRA Lab
Adversarial Examples and their implications