MLOKit: MLOps Attack Toolkit
MLOps Attack Toolkit – MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen access token) for the respective MLOps platform. The attack modules supported include reconnaissance, data extraction and model extraction. MLOKit was built in a modular approach, so that new modules can be added in the future by the information security community.
Example MLOps Focused Attack Path
Command Modules
- check – Check whether credentials provided are valid
- list-projects – List the available projects
- list-models – List the available ML models
- list-datasets – List the available training datasets
- download-model – Download a given ML model
- download-dataset – Download a given training dataset
Arguments/Options
Globally Required Arguments
The below arguments are required for all command modules.
- /credential: – Credential for authentication (API key or Stolen Access Token). Applicable to all modules
- /platform: – MLOps Platform. Applicable to all modules. Supported MLOps platforms listed below.
azuremlbigmlvertexai
Optional Arguments/Dependent on Platform and Module
- /subscription-id: – Applicable to
azuremlplatform only. Only applies to some command modules. - /resource-group: – Applicable to
azuremlplatform only. Only applies to some command modules. - /workspace: – Applicable to
azuremlplatform only. Only applies to some command modules. - /region: – Applicable to
azuremlplatform only. Only applies to some command modules. - /project: – Applicable to
vertexaiplatform only. Only applies to some command modules. - /model-id: – Applicable to all platforms. Only applies to some command modules.
- /dataset-id: – Applicable to all platforms. Only applies to some command modules.
