In an embodiment, a method is performed by a computer system and includes intercepting machine learning (ML) input data before the ML input data flows into a ML model. The method also includes scanning the ML input data against a plurality of ML threat signatures, the scanning yielding at least a first result. The method also includes examining a correlation between values of first and second variables in the ML input data, the examining yielding at least a second result. The method also includes validating at least one of the first and second results via a variability analysis of error instances in the ML input data, the validating yielding at least a third result. The method also includes applying thresholding to the ML input data via the third result, where the applying thresholding results in at least a portion of the ML input data being filtered.