Are you letting the AI do the threat modeling for you? There is no need to let the machines take over the world! Threat model using Elevation of MLSec on copi.owasp.org instead. Our survival depends on it! At copi.owasp.org you can now play Elevation of MLSec to threat model your AI models.
Elevation of MLsec is an unofficial Machine Learning Security (MLsec) extension of Microsoft's Elevation of Privilege threat modeling card game. These playing cards portray risks associated with machine learning (ML) that have been identified by research groups. It is suitable to play this game with or without the original Elevation of Privilege deck depending on the nature of what you're threat modeling. The intention of these cards is primarily to improve the security of ML systems themselves, as opposed to using ML for security.
The work is based mainly on Berryville Institute for Machine Learnings (BIML)’s architectural risk analysis for machine learning systems (BIML-78) and their LLM analysis (BIML-LLM24), found on berryvilleiml.com. The game also adds a few somewhat supplementary LLM specific threats from OWASP’s TOP 10 list for Large Language Model Applications found on owasp.org.
The game was created by Elias Brattli Sørensen and designed by Jorun Kristin Bremseth while working at Kantega. You can download the design files from their repository if you would like to print a physical version of the game.
Version 2.3 of OWASP Cornucopia brings with it "Elevation of MLSec" as an option when you select a new game at copi.owasp.org. If you like, it's also possible to install Copi yourself. Read more about that here: https://cornucopia.owasp.org/copi
Personally, I am very happy about their game and have used it myself to threat model our new AI features that we are delivering at Admincontrol, and you should do it too. Don't leave the threat modeling up to the AI or it may take over the world!
How to play Elevation of MLSec
- Go to: https://copi.owasp.org/games/new
- Select Elevation of MLSec from the drop-down list
- Make sure you have done all the preparations
- Then click: Create the Game
- Send the link to 3 players
- Once 3 players have join, click start the game.
OWASP Cornucopia
Uncover the security flaws in your software's design before the bad guys do it for you! Get your team together on a call or in a room and use OWASP Cornucopia Web & Mobile, Elevation of Privilege or Elevation of MLSec and OWASP Cumulus to secure your AI models and Cloud infrastructure respectively and guide your threat modelling at copi.owasp.org, and if you visit our code repository please give us a star ⭐️.
Learn how to play OWASP Cornucopia or Elevation of Privilege:
OWASP is a non-profit foundation that envisions a world with no more insecure software. Our mission is to be the global open community that powers secure software through education, tools, and collaboration. We maintain hundreds of open source projects, run industry-leading educational and training conferences, and meet through over 250 chapters worldwide.
Top comments (0)