The Unseen Hand: Manipulating Model Fairness and SHAP with Targeted Identity Re-Association Attacks

Researchers have discovered a new class of attacks called Targeted Identity Re-Association (TIRA) that can manipulate machine learning fairness audits and SHAP explainability tools without leaving detectable traces. The attacks use probabilistic output manipulation techniques to mask the influence of protected features, demonstrating that critical AI accountability mechanisms are vulnerable to sophisticated gaming.

This research exposes a critical vulnerability in AI governance infrastructure at a time when fairness audits and explainability tools are increasingly relied upon for regulatory compliance and accountability. TIRA attacks represent a maturation of adversarial manipulation techniques, moving beyond earlier data-agnostic approaches that left forensic evidence. By employing probabilistic micro-shuffling and rank-shift perturbations, attackers can systematically hide bias indicators without triggering detection mechanisms.

The work builds on growing concerns about the adversarial robustness of ML interpretability methods. As organizations deploy SHAP and similar explainability frameworks to satisfy regulatory requirements and stakeholder demands, the assumption has been that these tools provide honest signals about model behavior. This research challenges that assumption fundamentally, demonstrating that fairness metrics and attribution methods can be systematically deceived.

For the AI industry, this creates immediate practical implications. Organizations relying on SHAP-based fairness audits may be receiving falsified compliance signals. Regulators increasingly mandating explainability and fairness testing may be enforcing standards that can be circumvented without detection. This mirrors broader cybersecurity dynamics where defensive mechanisms generate an adversarial arms race.

The research suggests that future AI governance must move beyond passive explainability audits toward adversarial testing regimes and multi-method validation approaches. Organizations cannot assume that fairness metrics alone guarantee ethical behavior; they require continuous, sophisticated monitoring and cross-validation techniques.

• →TIRA attacks can manipulate fairness metrics and SHAP explanations without requiring access to model internals or leaving detectable artifacts
• →Current explainability-based compliance frameworks may provide false assurance of fairness in deployed AI systems
• →Probabilistic perturbation techniques successfully hide protected feature attribution in a way previous attack methods could not
• →AI governance relying solely on post-hoc explainability tools faces significant blind spots in adversarial settings
• →Organizations need multi-layered validation approaches beyond single explainability methods for credible fairness audits