Question 10
Domain 2 — AI Operations, Lifecycle, and Control EnvironmentAn attacker repeatedly queries an organization's AI credit scoring API, varying inputs systematically, to reconstruct a functionally equivalent model. This is classified as which type of adversarial attack?
Correct answer: C
Explanation
Model stealing is when an attacker queries a model repeatedly and uses the outputs to "reconstruct a functionally equivalent model." Systematically varying inputs to copy an AI credit scoring API matches this definition because the goal is to replicate the model’s behavior, not just evade a single prediction.
Why each option is right or wrong
A. Data poisoning
B. Membership inference
C. Model stealing
The conduct described matches model extraction under the AI security taxonomy: the attacker makes repeated, systematic API queries and uses the returned scores to infer the decision boundary and approximate the underlying model. In NIST AI RMF and common ML security usage, this is the classic pattern of stealing a model’s functionality by querying it as an oracle, rather than manipulating one input to cause a misclassification.
D. Evasion attack