[FEEDBACK]: Is the "OWASP Machine Learning Security Top Ten" machine generated?

[xw48]

Type

Documentation Issue Report

What would you like to report?

I would like to report the following issue/feedback

I am not an ML person but feels that the OWASP Machine Learning Security Top Ten is generated by LLMs and there is a lot of errors in it. For example, the description of member inference attack, and the use of the terms such as "a malicious attacker" (Is there a benign attacker then?).

Code of Conduct

• I agree to follow this project's Code of Conduct

[mik0w]

Yup, it is.

The project is currently in Work In Progress status, initial version was released as generated by some kind of LLM, we are working on delivering "actionable" release which is human-generated, e.g. this vulnerability was fully rewritten by me some time ago:

https://github.com/OWASP/www-project-machine-learning-security-top-10/blob/develop/docs/ML06_2023-AI_Supply_Chain_Attacks.md

Thank your for raising this issue, we are aware of this fact and we plan to update top10 in the near future

[sagarbhure]

To my knowledge, the top 10 was originally created before the release of GPT and hasn't been influenced by LLM-generated content. However, it might have incorporated some LLM elements since then. By the way, we're also developing a GitHub bot to detect LLM-generated content in our pull requests. I have a similar tool for my personal projects, so I might just integrate it here.