MLOKit: MLOps Attack Toolkit

MLOps Attack Toolkit – MLOKit is a toolkit that can be used to attack MLOps platforms by taking advantage of the available REST API. This tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen access token) for the respective MLOps platform. The attack modules supported include reconnaissance, data extraction and model extraction. MLOKit was built in a modular approach, so that new modules can be added in the future by the information security community.

Example MLOps Focused Attack Path

Command Modules

• check – Check whether credentials provided are valid
• list-projects – List the available projects
• list-models – List the available ML models
• list-datasets – List the available training datasets
• download-model – Download a given ML model
• download-dataset – Download a given training dataset

Arguments/Options

Globally Required Arguments

The below arguments are required for all command modules.

• /credential: – Credential for authentication (API key or Stolen Access Token). Applicable to all modules
• /platform: – MLOps Platform. Applicable to all modules. Supported MLOps platforms listed below.
  • azureml
  • bigml
  • vertexai

Optional Arguments/Dependent on Platform and Module

• /subscription-id: – Applicable to azureml platform only. Only applies to some command modules.
• /resource-group: – Applicable to azureml platform only. Only applies to some command modules.
• /workspace: – Applicable to azureml platform only. Only applies to some command modules.
• /region: – Applicable to azureml platform only. Only applies to some command modules.
• /project: – Applicable to vertexai platform only. Only applies to some command modules.
• /model-id: – Applicable to all platforms. Only applies to some command modules.
• /dataset-id: – Applicable to all platforms. Only applies to some command modules.

Download & Use