A device may receive a machine learning model, training data, a pipeline configuration for the machine learning model, and impact costs associated with customer preferences, and may perform assessments of the machine learning model to identify attacks associated with the machine learning model and vulnerabilities associated with the attacks. The device may map the vulnerabilities to threats, may map the threats to the impact costs, and may determine success rates of the threats. The device may calculate probabilities of the threats based on the vulnerabilities and the success rates, and may calculate risk costs of the attacks based on the probabilities and the impact costs. The device may identify controls for limiting the vulnerabilities and control costs. The device may determine a total cost for eliminating the risk costs based on the risk costs and the control costs, and may perform actions based on the total cost.