What is AIWiki Malaysia?

AIWiki Malaysia is a free, open AI knowledge base covering artificial intelligence concepts, tools, models, and use cases — written specifically for Malaysian professionals and students. It is maintained by AITG Sdn Bhd, an AI company based in Penang.

Who maintains AIWiki Malaysia?

AIWiki Malaysia is maintained by AITG Sdn Bhd (Registration: 202601016521 (1678618-W)), an AI company headquartered in George Town, Penang, Malaysia. The editorial team continuously updates and expands the knowledge base.

What topics does AIWiki Malaysia cover?

AIWiki Malaysia covers a wide range of AI topics including large language models (LLMs), AI agents, machine learning fundamentals, prompt engineering, AI automation, generative AI tools, Malaysian AI regulations, local vendor landscape, and real-world AI use cases relevant to the Malaysian market.

How do I search for AI topics on AIWiki Malaysia?

You can use the search bar at the top of the site to find articles by keyword or topic. Articles are also organised by category, so you can browse by subject area such as Models, Tools, Concepts, or Use Cases.

Is AIWiki Malaysia available in Bahasa Malaysia?

Yes. AIWiki Malaysia publishes content in both English and Bahasa Malaysia to serve the full breadth of the Malaysian professional and student community. Language availability is indicated on each article page.

How can I submit a topic or suggest an article?

You can suggest topics or submit article ideas by contacting the AIWiki Malaysia team at admin@aiteragrid.com. AITG Sdn Bhd reviews all submissions and publishes content that meets editorial accuracy standards.

Adversarial Machine Learning

Adversarial machine learning is the study of attacks that exploit weaknesses in machine learning models, such as crafted inputs that cause misclassification, and of the defences designed to make models more robust.

5 min readLast updated June 2026Applications

Adversarial machine learning is the study of how machine learning systems can be deliberately manipulated, and of the techniques used to defend against such manipulation. A central finding of the field is that models which perform well on ordinary data can be highly vulnerable to inputs that have been crafted to deceive them. In the best-known example, adding a small, carefully computed perturbation to an image, often imperceptible to a human, can cause an image classifier to confidently assign the wrong label.

These crafted inputs are called adversarial examples, and they reveal that the patterns a model learns are not always the robust, human-like features one might assume. The field has become increasingly important as machine learning is deployed in security-sensitive settings such as autonomous vehicles, fraud detection, medical diagnosis, and content moderation.

Categories of attack

Adversarial attacks are commonly grouped by their goal and the stage of the pipeline they target. Evasion attacks occur at inference time, modifying an input so the model produces an incorrect output; an attacker might subtly alter network traffic so that malicious activity appears normal to an intrusion-detection system. Poisoning attacks corrupt the training data so that the resulting model behaves incorrectly or contains a hidden backdoor. Model extraction attacks query a deployed model repeatedly to steal a functional copy of it. Inference attacks, including membership inference, attempt to recover information about the training data.

A further distinction is between white-box attacks, where the attacker knows the model's internal parameters and can compute perturbations directly, and black-box attacks, where the attacker can only observe inputs and outputs and must estimate how to fool the model.

Methods and defences

Two classic techniques for generating adversarial examples are the Fast Gradient Sign Method (FGSM), which perturbs an input in the direction that most increases the model's error, and Projected Gradient Descent (PGD), a stronger iterative method that is widely used to benchmark robustness. Defending against these attacks is difficult. The most effective general approach is adversarial training, in which the model is trained on adversarial examples alongside normal data so that it learns to resist them, though this raises training cost and can reduce accuracy on clean inputs. Other defences include input preprocessing, detecting anomalous inputs, and ensemble methods, but no defence is universally robust, and the field remains an ongoing contest between attacks and countermeasures.

Relevance in 2025 and 2026

As of 2025, adversarial machine-learning research concentrates on automotive systems, healthcare, electrical power and energy systems, and large language models. Attacks on vision-language models and on the vision-LiDAR fusion used in autonomous driving have grown, and large language models face their own adversarial pressures through prompt injection and jailbreaking. Standards bodies including the United States National Institute of Standards and Technology have published taxonomies of adversarial threats to guide defenders.

| Attack | Stage | Goal | |--------|-------|------| | Evasion | Inference | Cause misclassification | | Poisoning | Training | Corrupt or backdoor the model | | Extraction | Inference | Steal the model | | Membership inference | Inference | Reveal training data |

Malaysian Context — Adversarial Threats and National Cyber Security

Adversarial machine learning sits at the intersection of AI and cybersecurity, an area overseen in Malaysia by the National Cyber Security Agency (NACSA) and CyberSecurity Malaysia. As Malaysian banks, telecommunications operators, and government services adopt AI for fraud detection, identity verification, and threat monitoring, these very systems become targets, and understanding adversarial robustness is essential to securing them.

The financial sector is a particular concern. Banks regulated by Bank Negara Malaysia (BNM) increasingly rely on machine-learning models for transaction monitoring and anti-money-laundering screening; evasion attacks that disguise fraudulent activity as legitimate would directly undermine these controls. Similarly, facial-recognition and electronic know-your-customer systems used in digital banking and by the National Registration Department could be targeted by adversarial inputs.

Malaysia's growing connected-vehicle and smart-manufacturing sectors, including the electronics corridor in Penang and Kulim, depend on computer-vision models that are susceptible to adversarial perturbation. Critical infrastructure protected under the national cyber-security framework, including power and water utilities, faces analogous risks where machine learning is used for monitoring and control.

The Malaysia AI Governance and Ethics framework and related guidance emphasise the safety, security, and reliability of AI systems. Adversarial robustness is a practical requirement for meeting these principles. Universities such as Universiti Teknologi Malaysia and Universiti Kebangsaan Malaysia conduct research in AI security, and HRD Corp-supported cybersecurity training increasingly incorporates the AI dimension as adversarial threats become more prominent across Southeast Asia.

References

Goodfellow, I., Shlens, J., & Szegedy, C. (2015). Explaining and Harnessing Adversarial Examples. ICLR.
Madry, A., et al. (2018). Towards Deep Learning Models Resistant to Adversarial Attacks. ICLR.
ISACA. (2025). Combating the Threat of Adversarial Machine Learning to AI-Driven Cybersecurity. isaca.org.
Springer. (2025). Adversarial Machine Learning: A Review of Methods, Tools, and Critical Industry Sectors. Artificial Intelligence Review.

Tags:security robustness ai safety attacks

Field	AI security and robustness
Core threat	Crafted inputs that fool models
Attack types	Evasion, poisoning, extraction, inference
Notable methods	FGSM, PGD
Defences	Adversarial training, detection
Standards	NIST AI adversarial taxonomy