Trojans in Artificial Intelligence (TrojAI) Final Report
This addresses a critical security problem for AI developers and users by providing foundational insights and detection techniques, though it is incremental in building the AI security field.
The TrojAI program tackled the vulnerability of AI Trojans—hidden backdoors in AI models that can cause failures or hijacking—by mapping the threat, pioneering detection methods like weight analysis and trigger inversion, and identifying unsolved challenges, with comprehensive test results on detector performance and natural Trojan prevalence.
The Intelligence Advanced Research Projects Activity (IARPA) launched the TrojAI program to confront an emerging vulnerability in modern artificial intelligence: the threat of AI Trojans. These AI trojans are malicious, hidden backdoors intentionally embedded within an AI model that can cause a system to fail in unexpected ways, or allow a malicious actor to hijack the AI model at will. This multi-year initiative helped to map out the complex nature of the threat, pioneered foundational detection methods, and identified unsolved challenges that require ongoing attention by the burgeoning AI security field. This report synthesizes the program's key findings, including methodologies for detection through weight analysis and trigger inversion, as well as approaches for mitigating Trojan risks in deployed models. Comprehensive test and evaluation results highlight detector performance, sensitivity, and the prevalence of "natural" Trojans. The report concludes with lessons learned and recommendations for advancing AI security research.