Microsoft Turns Counterfit AI Security Assessment Tool Open Source

Microsoft has turned its AI security risk assessment tool, Counterfit, open-source, allowing anyone to begin using the tool for free. Currently, organizations can use Counterfit to automate security risk assessments, ensuring the protection they're using is up to scratch.

Microsoft Releases Counterfit as Open-Source Tool

Microsoft originally developed Counterfit as an internal tool that could rapidly assess the security of AI and machine learning systems. It started life as a collection of scripts before rapidly morphing into a generic AI automation an operator can use to "attack multiple AI systems" at once.

Microsoft now regularly uses Counterfit as a core tool in their AI red team operations. As Counterfit is environment, model, and data agnostic, the tool can deliver precise assessment without impedance.

The tool itself is designed for use by security professionals. Counterfit uses similar workflows to other popular red-team tools such as Metasploit or PowerShell Empyre, with extensive support for scripting, preloaded attack algorithms, vulnerability scanning, advanced logging, and more, accessed through the command line.

Microsoft has worked extensively with security professionals and large organizations to develop Counterfit better, too. On the Microsoft Security blog, Matilda Rhode, Senior Cybersecurity Researcher, Airbus, said:

AI is increasingly used in industry; it is vital to look ahead to securing this technology particularly to understand where feature space attacks can be realized in the problem space. The release of open-source tools from an organization such as Microsoft for security practitioners to evaluate the security of AI systems is both welcome and a clear indication that the industry is taking this problem seriously.

You can find the open-source Microsoft Counterfit on their official GitHub.

Why Is Counterfit Useful?

Even for a company the size of Microsoft, completing effective security assessments isn't easy, especially when those companies are enormous Fortune 500 leaders, governments, non-profits, and more. A previous Microsoft study found large numbers of businesses unable to test their AI systems accurately.

We found that 25 out of 28 businesses indicated they don't have the right tools in place to secure their AI systems and that security professionals are looking for specific guidance in this space.

Counterfit makes it easier to complete those assessments, automating the process of analysis and testing.

Furthermore, a recently published Gartner study listed AI security adoption as one the most important security measures a company can take to improve protection. The same study noted that "By 2024, organizations that implement dedicated AI risk management controls will successfully avoid negative AI outcomes twice as often as those that do not."

In short, Counterfit becoming an open-source AI security assessment tool should help to make the world a slightly safer place.