What is the difference between data drift and concept drift in AI security?

• A. Data Drift Is A Change In Input Distribution; Concept Drift Is A Change In The Relationship Between Inputs And Outputs
• B. Data Drift Is A Change In The Relationship Between Inputs And Outputs; Concept Drift Is A Change In Input Distribution
• C. Data Drift Is A Kind Of Hardware Drift; Concept Drift Is Software Drift
• D. Data Drift Is Changes In Data Storage; Concept Drift Is Changes In Code

Answer: (A)

Data drift is when the inputs the model sees during inference come from a different distribution than the training data. Even if the underlying mapping from inputs to outputs hasn’t changed, the model can perform poorly because it’s operating on data it wasn’t trained to expect. In security contexts, this shows up as shifts in traffic patterns, feature values, or sensor readings due to new services, encryption, or changing user behavior.

Concept drift, on the other hand, is about the relationship between inputs and the target output changing over time. The same inputs may now correspond to a different label, so the model’s learned decision boundary becomes outdated. This is especially critical in security when attacker behavior evolves or new threat types alter what signals indicate malicious activity.

So, data drift = change in input distribution; concept drift = change in the input-output relationship. They can occur together and both require monitoring and updates to maintain performance.