About this book:

*Adversarial Machine Learning in War* provides a comprehensive technical and operational roadmap for protecting military artificial intelligence from intentional deception. As machine learning becomes central to sensing, logistics, and command-and-control, it introduces unique vulnerabilities where adversaries can manipulate data supply chains or exploit algorithmic "blind spots." The book argues that robustness in conflict is not a static feature but a lifecycle-long discipline, moving from initial threat modeling to the deployment of systems capable of failing gracefully under pressure.

The text details the primary vectors of attack, including data poisoning to corrupt model training, evasion attacks to deceive deployed perception systems, and privacy threats like model inversion and membership inference. To counter these, the authors advocate for a "defense-in-depth" architecture. This includes algorithmic hardening through adversarial training and randomized smoothing, as well as systemic redundancies like multi-modal sensor fusion—where radar or thermal data can cross-verify potentially spoofed visual inputs. The book emphasizes that technical defenses must be paired with secure MLOps to ensure the integrity of models from the lab to the tactical edge.

A significant portion of the work is dedicated to the human element of algorithmic warfare. It explores the necessity of robust human-machine teaming, where Explainable AI (XAI) and uncertainty quantification allow operators to discern when a model’s reasoning has been compromised. The authors argue that as autonomy increases, so does the need for rigorous verification and validation protocols to ensure that AI behavior remains predictable and aligned with strategic intent, even in disconnected or contested environments.

Finally, the book anchors these technical challenges within the frameworks of governance and international law. It addresses the ethical and legal imperatives of the Law of Armed Conflict, specifically how adversarial deception can complicate principles of distinction and proportionality. By combining code-level walkthroughs with strategic case studies, the book concludes that achieving algorithmic superiority requires more than powerful models; it requires resilient, auditable, and ethically grounded systems that can maintain human authority in the face of increasingly automated and deceptive threats.

What You'll Find Inside:

• Adversarial ML threats span the entire pipeline—from data poisoning and model extraction to evasion and membership inference—requiring end‑to‑end defense strategies.
• Robust training techniques such as adversarial training, regularization, ensemble learning, and randomized smoothing increase model resilience against manipulated inputs.
• Defense‑in‑depth architectures combine sensor fusion, modality diversity, redundancy, human‑in‑the‑loop oversight, and zero‑trust MLOps to contain and detect attacks.
• Certified robustness and formal methods provide provable guarantees (e.g., via randomized smoothing) that complement empirical testing and guide verification/validation.
• Operational readiness is achieved through simulation, wargaming, red‑team exercises, continuous monitoring, incident response, and governance frameworks aligned with ethics and the Law of Armed Conflict.

Who's It For:

This book is intended for defense‑focused machine learning practitioners—data scientists, ML engineers, system architects, testers, and operators—who need concrete patterns to build, test, and deploy robust AI in contested environments. It also serves policymakers, program managers, and acquisition leaders who must assess risk, allocate resources for red‑teaming, set verifiable acceptance criteria, and ensure ethical and legal compliance of ML‑enabled systems.