As companies race to integrate AI and machine learning into every facet of their operations, they are also introducing new security and risk challenges.
While some of the same risks that apply in traditional IT security continue to be relevant in AI/ML, there are several significant and challenging differences.
Unlike a Web application that relies on a database, AI applications are powered by ML models.
The process of building a model involves collecting, sanitizing, and refining data; training ML models on the data; then running those models at scale to make inferences and iterate based on what they learn.
Open sourced AI/ML tools, such as MLflow and Ray, provide convenient frameworks for building models.
Individually, AI/ML libraries themselves create a much larger attack surface, since they contain massive amounts of data and models that are only as safe as the AI/ML tool they're saved in.
If these tools are compromised, attackers can access multiple databases' worth of confidential information, modify models, and plant malware.
Traditional IT security lacks several key capabilities for protecting AI/ML systems.
First is the ability to scan tools used by data scientists to develop the building blocks of AI/ML systems, like Jupyter Notebooks and other tools in the AI/ML supply chain, for security vulnerabilities.
While data protection is a central component of IT security, in AI/ML it takes on added importance, since live data is constantly being used to train a model.
In AI/ML environments, data protection requires the creation of an immutable record that links data to the model.
If the data is modified or altered in any way, a user who wants to retrain the model would see that the hashing values don't match up.
Scanning AI/ML models is required to detect security threats such as command injection.
That's because a model is an asset that lives in memory, but when saved to disk, the format can have code injected into it.
While the model will continue to run exactly as it did before, it will execute arbitrary code.
A dynamic ML bill of materials, can list all components and dependencies, giving the organization a full provenance of all AI/ML systems in the network.
Secure cloud permissions: Cloud containers leaking data can be a fatal flaw in AI security, given the model's reliance on that data for learning.
Scanning permissions on the cloud is a priority to prevent data loss.
Prioritize data storage security: Implement integrated security checks, policies, and gates to automatically report on and alert about policy violations in order to enforce model security.
Scan development tools: Just like development operations evolved into development security operations, AI/ML development needs to build security into the development process, scanning development environments and tools like ML Flow and their dependencies for any vulnerabilities, along with all AI/ML models and data input.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 10 Jan 2024 18:05:16 +0000