With the increasing availability of data and computing power, data-driven AI and machine-learning algorithms have recorded an unprecedented success in many different applications. Recent deep-learning algorithms used for perception tasks like image recognition have even surpassed human performance on some specific datasets, such as the famous ImageNet. Despite their accuracy, it is known that skilled attackers can easily mislead those algorithms. In this talk, Ambra will focus on two of the most famous attacks that can be perpetrated against machine learning systems: evasion and poisoning. Evasion attacks allow the attacker to have a specific sample misclassified, modifying that sample. E.g., the attacker changes his/her malicious program to have it misclassified by a machine learning-based antivirus as legitimate. Poisoning attacks, instead, allow the attacker to have one or more samples misclassified without even modifying those samples. Ambra will start this talk by briefly introducing these attacks and explaining how they can be performed when the attacker has full knowledge of the system that he/she would like to attack (his/her target). Often, in practice, attackers do not have full knowledge of their target system. For example, cybersecurity companies usually avoid disclosing details about their antivirus. Interestingly, attackers can often compute effective attacks even without such knowledge. Ambra will explain how such attacks are performed and talk about some related findings, including challenges,  open problems and defenses against these attacks. Finally, she will present SecML, a library developed by Pluribus One and PRALab, that allows to quickly evaluate the security of a machine learning system against the abovementioned attacks. The talk will consider different application examples, including object recognition in images and cybersecurity-related tasks such as malware detection.