ML Security PapersServerless AI Security: Attack Surface Analysis and Runtime Protection Mechanisms for FaaS-Based Machine Learning
Chetan Pathade , Vinod Dhimam , Sheheryar Ahmad , Ilsa Lareb
Published on arXiv
2601.11664
AI Supply Chain Attacks
OWASP ML Top 10 — ML06
Model Theft
OWASP ML Top 10 — ML05
Key Finding
SAS achieves 94% threat detection rate while maintaining inference latency overhead below 9% across three major FaaS platforms
Serverless AI Shield (SAS)
Novel technique introduced
Serverless computing has achieved widespread adoption, with over 70% of AWS organizations using serverless solutions [1]. Meanwhile, machine learning inference workloads increasingly migrate to Function-as-a-Service (FaaS) platforms for their scalability and cost-efficiency [2], [3], [4]. However, this convergence introduces critical security challenges, with recent reports showing a 220% increase in AI/ML vulnerabilities [5] and serverless computing's fragmented architecture raises new security concerns distinct from traditional cloud deployments [6], [7]. This paper presents the first comprehensive security analysis of machine learning workloads in serverless environments. We systematically characterize the attack surface across five categories: function-level vulnerabilities (cold start exploitation, dependency poisoning), model-specific threats (API-based extraction, adversarial inputs), infrastructure attacks (cross-function contamination, privilege escalation), supply chain risks (malicious layers, backdoored libraries), and IAM complexity (ephemeral nature, serverless functions). Through empirical assessments across AWS Lambda, Azure Functions, and Google Cloud Functions, we demonstrate real-world attack scenarios and quantify their security impact. We propose Serverless AI Shield (SAS), a multi-layered defense framework providing pre-deployment validation, runtime monitoring, and post-execution forensics. Our evaluation shows SAS achieves 94% detection rates while maintaining performance overhead below 9% for inference latency. We release an open-source security toolkit to enable practitioners to assess and harden their serverless AI deployments, advancing the field toward more resilient cloud-native machine learning systems.
Key Contributions
- First comprehensive attack surface characterization for ML workloads in serverless/FaaS environments across five categories: function-level vulnerabilities, model-specific threats, infrastructure attacks, supply chain risks, and IAM complexity
- Serverless AI Shield (SAS): a multi-layered defense framework combining pre-deployment validation, runtime monitoring, and post-execution forensics achieving 94% detection rate with under 9% inference latency overhead
- Open-source security toolkit empirically validated across AWS Lambda, Azure Functions, and Google Cloud Functions for assessing and hardening serverless AI deployments
🛡️ Threat Analysis
API-based model extraction is enumerated as a key model-specific threat in serverless ML deployments, where ephemeral function endpoints expose model inference APIs to adversarial querying for cloning.
Explicitly analyzes supply chain attack vectors in serverless ML pipelines — malicious Lambda layers, backdoored libraries, and dependency poisoning — as a primary threat category unique to FaaS-based ML deployments.