About this book:

*Adversarial ML for Defenders* provides a comprehensive operational framework for securing machine learning systems against intentional manipulation. The book transitions from the "defender’s mindset," emphasizing specialized threat modeling and attack surface mapping, to the technical mechanics of core threats like evasion, data poisoning, model extraction, and privacy breaches. By framing ML models as probabilistic and data-dependent assets, the text argues that traditional software security is necessary but insufficient, requiring a layered defense strategy that spans the entire MLOps lifecycle—from data ingestion and training to model deployment at the edge.

The technical core of the book details various defensive archetypes, contrasting empirical methods like adversarial training and input sanitization with the formal assurances provided by certified robustness. It offers domain-specific deep dives into the unique vulnerabilities of computer vision, natural language processing, recommenders, and time series models. For instance, it explores how "physical-world" attacks can bypass digital filters in vision systems and how "shilling attacks" can subvert recommendation logic. Throughout, the text maintains a pragmatic focus on the "accuracy-robustness trade-off," helping practitioners balance security with model utility and computational costs.

The final section shifts toward the institutionalization of ML security through Resilient MLOps and Governance, Risk, and Compliance (GRC). It advocates for "MLSecOps," where security gates, automated monitoring for data drift, and supply chain verification are integrated into the continuous integration and deployment pipeline. To move from theory to practice, the book provides hands-on evaluation labs and a suite of actionable checklists and incident response playbooks. These tools are designed to help cross-functional teams—comprising data scientists, security engineers, and compliance officers—standardize their hardening efforts and maintain a proactive, red-team-tested posture against evolving adversarial tactics.

What You'll Find Inside:

• Learn threat modeling for ML systems to identify critical assets, adversary motivations, and attack surfaces across data, training, deployment, and monitoring lifecycle.
• Understand core attack families—evasion (adversarial examples), poisoning, privacy (model inversion/membership inference), and model extraction—and implement corresponding defensive strategies.
• Deploy layered defenses including input sanitization, adversarial training, certified robustness, privacy-preserving learning, and API hardening to increase attack costs and ensure resilience.
• Apply domain-specific robustness techniques for vision models, language models, recommender systems, time series, and edge/on-device ML deployments.
• Establish resilient ML operations via continuous monitoring, incident response playbooks, red teaming, supply chain security, and governance, risk, and compliance frameworks.

Who's It For:

This book is intended for machine learning engineers, data scientists, security analysts, SREs, and product managers responsible for building, deploying, and maintaining machine learning systems in production. It is especially valuable for those operating in high-stakes domains such as finance, healthcare, autonomous systems, and content moderation where model robustness, privacy, and integrity are critical to safety and compliance.