COMS 4995: ML Security (Spring 2026)
Lecture Details
Instructor: Suman Jana
Office: Mudd 412
Office hours: 2-2:40 pm Fridays
TA Office hours: TBD
Classroom: 825 Mudd
Class hours: Friday (12:10-2 pm)
Description
This class introduces the unique security challenges of machine learning and large language model systems, explaining how they differ from traditional computer security. It covers threat modeling for AI systems, common attacks such as prompt injection, data poisoning, model stealing, and privacy leakage, as well as defenses including secure prompt design, policy enforcement, and defense-in-depth strategies. The course also examines robustness, adversarial attacks, secure LLM architectures, red teaming, and responsible deployment, with the goal of understanding and mitigating real-world security risks in modern ML systems.
Note:There will be no assigned textbook for the class and you are expected to read the assigned articles/papers/slides carefully.
Prerequisite
Intro to ML
Grading
- Project (Some ideas: ideas) - 50%
- In-class Quiz - 20%
- Paper presentation - 20%
- Paper discussion - 10%
Schedule
| Date | Topics | Lecture slides & Reading |
| Jan 23 | Intro | Why ML security is different from traditional security? intro.pptx, how to read a paper? |
| Jan 29 | Modern ML & LLMs: threat models and adversarial inputs | Assigned reading: Adversarial Examples (Szegedy et al.). Optional reading: GPT-4 Technical Report |