Machine learning systems are susceptible to attacks at different stages, including at the training stage and during inference. Attackers can manipulate inputs to result in malicious perturbations which can cause the system to give incorrect answers.