Researchers Expose Random Number Generators as Hidden Attack Vector in Machine Learning Systems
Key Takeaways
- ▸Pseudorandom number generators in ML frameworks represent an unexplored attack vector that can be exploited covertly by adversaries
- ▸Variations in PRNG implementations across different ML frameworks, dependencies, and hardware create security vulnerabilities in the ML pipeline
- ▸RNGGuard offers a practical solution through static code analysis and runtime enforcement to secure randomness sources in ML systems
Summary
A new research paper published on arXiv reveals a previously unexplored vulnerability in machine learning systems: pseudorandom number generators (PRNGs) used throughout the ML development pipeline can serve as covert attack vectors. The paper, titled "One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning," examines how variations in PRNG implementations across different ML frameworks, combined with lack of statistical validation, create security weaknesses that adversaries could exploit.
Authored by researchers Kotekar Annapoorna Prabhu, Andrew Gan, and Zahra Ghodsi, the work highlights that machine learning systems rely heavily on randomness for critical operations including data sampling, data augmentation, weight initialization, and optimization. The researchers analyzed PRNG implementations in major ML frameworks and discovered that inconsistencies in design choices and implementations across different software dependencies and hardware backends create potential security risks.
To address these vulnerabilities, the team introduced RNGGuard, a practical security tool designed to help ML engineers secure their systems with minimal effort. RNGGuard performs static analysis of target library source code to identify random functions and modules, then enforces secure execution at runtime by replacing insecure function calls with implementations that meet security specifications. The research has been accepted for publication at the IEEE Conference on Secure and Trustworthy Machine Learning (SaTML).
- The research highlights the need for standardization and security validation of randomness sources across the ML ecosystem
Editorial Opinion
This research uncovers a fundamental blind spot in machine learning security that has been hiding in plain sight. While the ML community has focused extensively on adversarial examples and model robustness, the integrity of randomness sources—which underpin everything from training to inference—has received surprisingly little scrutiny. The elegance of this attack vector lies in its subtlety: compromised RNGs could silently degrade model performance, introduce backdoors, or enable data poisoning without triggering conventional security alarms, making it a particularly insidious threat to production ML systems.
