Adversarial training improves model robustness against known attack patterns by incorporating adversarial examples into the training process. However, no single security technique provides comprehensive protection—adversarial training addresses only the attack vectors it was designed for, leaving other vulnerabilities unaddressed.
Why B is Correct: The ISACA AAIR security defense-in-depth guidance identifies residual system vulnerabilities as the greatest risk when adversarial training is the sole security measure. Adversarial training protects against specific attack types (evasion, perturbation) but does not address infrastructure vulnerabilities, API security weaknesses, model inversion attacks, membership inference, or other security risks present in a testing environment. A defense-in-depth approach is required for comprehensive protection.
Why A is Wrong: Adversarial training does increase computational requirements and may extend training cycles, but inefficiency is an operational concern rather than a security risk. The security risk of unprotected vulnerabilities significantly outweighs training cycle efficiency.
Why C is Wrong: Overfitting to adversarial training examples is a model quality concern that can be managed through standard regularization techniques. It represents a model performance trade-off, not the greatest security risk from relying solely on adversarial training.
Why D is Wrong: Exposure of proprietary algorithms is an intellectual property risk that is not specifically increased by relying on adversarial training. Algorithm confidentiality is protected through access controls and encryption, which are separate from the adversarial training approach.
