Quantum Machine Learning (QML) has emerged as a promising field for enhancing classical machine learning, potentially providing significant (up to exponential) improvements for machine learning methods. QML also introduces new security risks due to the novel (quantum) computational paradigm and the additionally required steps of quantum data encoding and result readout. We establish a conceptual overview of vulnerabilities, risk factors as well as the attack surface and attack vectors introduced by QML. We review existing literature regarding QML security including classical attacks (data poisoning, privacy attacks and model stealing) on QML systems as well as the emergent hybrid research field of adversarial QML. We provide novel empirical contributions to the study of robust encodings (using quantum kernel methods), quantum noise-based attacks on quantum neural network classifiers, novel attacks facilitated through quantum circuit transpilation as well as novel attacks aimed at the disruption of result readout.
Franco et al. (Fri,) studied this question.