Skip to content

MLASWE — MLSec Application Security Weakness Enumeration

Overview

The MLSec Application Security Weakness Enumeration (MLASWE) is a comprehensive taxonomy of security weaknesses and vulnerabilities specific to machine learning systems. It serves as the classification layer for findings discovered during MLASTG assessments.

MLASWE follows the spirit of the Common Weakness Enumeration (CWE) and the OWASP MASWE but is tailored to the unique attack surface of ML/LLM systems.

Purpose

  • Standardized Classification: Provides consistent vulnerability identifiers for ML security findings
  • Cross-Reference Bridge: Links MLASVS controls (defender requirements) to MITRE ATLAS techniques (attacker perspective)
  • Finding Taxonomy: Enables security teams to classify, track, and trend ML-specific vulnerabilities
  • Knowledge Base: Each MLASWE entry includes detection methods, remediation guidance, and real-world references

MLASWE → MLASVS → MITRE ATLAS Mapping

MLASWE (Weakness)          ─── What went wrong
    ├── Linked to ──► MLASVS controls that prevent this weakness
    └── Linked to ──► MITRE ATLAS techniques that exploit this weakness

Example:
    MLASWE-0001 (Adversarial Perturbation)
        ├── Prevented by: MLASVS-MODEL-001, MODEL-002, MODEL-016
        └── Exploited via: MITRE ATLAS AML.T0010

Weakness Classification Structure

Each MLASWE entry follows this format:

## MLASWE-XXXX: [Weakness Title]

### Description
[What the weakness is and how it manifests in ML systems]

### Risk
- **Severity:** Critical / High / Medium / Low
- **Exploitability:** Easy / Medium / Difficult
- **Prevalence:** Common / Uncommon / Rare

### Affected Components
[Which ML system components are vulnerable]

### Detection Methods
[How to detect this weakness during testing]

### Preventive Controls (MLASVS)
[Links to relevant MLASVS controls]

### Attack Techniques (MITRE ATLAS)
[Links to relevant ATLAS techniques]

### Remediation
[How to fix or mitigate]

### Real-World Examples
[Known incidents or published research]

### References
[Papers, tools, CVE references]

Complete MLASWE Catalog

ID Weakness Severity Related MLASVS MITRE ATLAS
0001 Adversarial Perturbation High MODEL-001, MODEL-002, MODEL-016 AML.T0010
0002 Data Poisoning Critical DATA-011, DATA-024, DATA-025 AML.T0020
0003 Model Extraction High MODEL-005, MODEL-018, MODEL-023 AML.T0024.002
0004 Model Inversion Medium MODEL-019, MODEL-020 AML.T0018
0005 Membership Inference Medium MODEL-020, DATA-019 AML.T0018
0006 Prompt Injection Critical LLM-001, LLM-015, LLM-016 AML.T0051
0007 Backdoor/Trojan Critical MODEL-021, MODEL-022 AML.T0020
0008 Model Denial of Service High LLM-011, MODEL-012 AML.T0029
0009 Supply Chain Compromise Critical SUPPLY-001 through SUPPLY-022 AML.TA0003
0010 Insecure Output Handling High LLM-003, LLM-009, LLM-014 AML.T0057
0011 Excessive Agency High LLM-007, LLM-010, LLM-020 AML.T0053
0012 Training Data Leakage High DATA-005, DATA-010, DATA-015 AML.TA0010

Using MLASWE in Findings

When reporting a security finding during an ML assessment:

Finding:
  title: "Prompt injection vulnerability in LLM chat application"
  mlaswe: "MLASWE-0006"
  mlasvs: "MLASVS-LLM-001 (Prompt Injection Prevention)"
  mitre_atlas: "AML.T0051"
  severity: "Critical"
  description: "..."
  evidence: "..."
  remediation: "..."