Which metric is used to evaluate AI security beyond traditional accuracy?

Evaluating AI security requires looking at how a model holds up under adversarial or manipulated inputs, not just how it performs on clean data. Traditional accuracy tells you how often the model is right on unaltered examples, but attackers can tweak inputs slightly to cause mistakes. Robust accuracy measures the proportion of cases where the model remains correct even when inputs are perturbed within a defined threat model (for example, small changes bounded by a specified ε under an L-infinity norm). In practice, you test each example with perturbed versions inside the allowed budget and see whether the prediction stays correct; robust accuracy is the fraction that do. This provides a clearer picture of resilience to attacks, which is essential for security assessments. Precision and recall focus on classifier mistakes related to false positives and false negatives and don’t address resilience to input manipulation. Inference latency concerns speed, not robustness to adversarial changes.