Ram Shankar Siva Kumar is a data cowboy working on the intersection of machine learning (ML) and security. At Microsoft, he founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack artificial intelligence (AI) systems and defend from attacks. His recent book on attacking AI systems, Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them, has been called “essential reading” by Kevin Scott, Microsoft’s chief technology officer, and received wide praise from industry leaders at DeepMind and OpenAI as well as policy makers and people from academia. He is donating his proceeds of the book royalties to Black In AI.

His work on AI and security has appeared at industry conferences like RSA, Black Hat, Def Con, BlueHat, DerbyCon, MIRcon, and Infiltrate Security Conference as well as academic workshops at NeurIPS: The Annual Conference on Neural Information Processing Systems, the International Conference on Learning Representations, the International Conference on Machine Learning, the IEEE Symposium on Security and Privacy, and the ACM Conference on Computer and Communications Security; it has also been covered by Bloomberg, VentureBeat, Wired, and GeekWire. He founded the Adversarial ML Threat Matrix, an ATT&CK-style framework enumerating threats to ML, and his work on adversarial ML appeared notably in the National Security Commission on Artificial Intelligence final report presented to the US Congress and the president.

He is currently a tech policy fellow at the University of California, Berkeley and a technical advisory board member at the University of Washington. He is also an affiliate at the Berkman Klein Center for Internet and Society at Harvard University, where he is broadly investigating two questions: 1) How do we assess the safety of ML systems? and 2) what are the policy and legal ramifications of AI, in the context of security?