The series covers adversarial ML from foundations to current research: threat models, poisoning and evasion attacks, privacy attacks, formal privacy frameworks, explainability, and some of the harder questions about what it means to trust a deployed model.
The intended reader is someone who knows ML reasonably well and wants to understand the security and privacy dimensions without just memorizing definitions.