In adverserial machine learning, someone (program or human) attempts to fool an existing model with a malicious input.
The best human example would be an optical illusion. The human brain's model for image processing starts outputting wrong information when looking at an optical illusion. So in the end we see wrong colour, shape, etc. In this case, the optical illusion would be considered as the malicious input.
We can trick the human brain’s model through images created with trial and error.
So, if you just have the trained model at hand, you don’t have to know the data it has been trained with. You just need to be able to input a value to the model and get the output.