Last week, Alphabet's Google spelled out their view of artificial intelligence (AI) security in their Secure AI Framework, or SAIF. If you are building AI applications, machine learning (ML) systems, or are in AppSec, SAIF is a brief but relevant and practical perspective on how to understand the nuances of security in AI applications and ML systems.
The framework is aimed at enhancing the security and privacy of AI models by providing tools and techniques to protect sensitive data during AI training and inference processes, while also ensuring that privacy concerns are addressed to build more secure AI applications. By leveraging encryption, differential privacy, and other security measures, SAIF aims to empower organizations to build and deploy AI systems while prioritizing data privacy and security.
SAIF addresses the crucial concerns surrounding data privacy and security in the realm of machine learning. ML engineers bear the responsibility of developing and deploying AI models that often involve handling sensitive information. By leveraging this framework, they can ensure adherence to stringent privacy standards by encrypting sensitive data during training and inference stages, effectively safeguarding it against unauthorized access. Moreover, the incorporation of differential privacy techniques enables ML engineers to inject noise into training data, mitigating risks associated with privacy breaches or data re-identification attacks. By embracing SAIF, ML engineers can bolster the overall security of their AI models, foster trust among users and stakeholders, and uphold compliance with data protection regulations, establishing a robust foundation that prioritizes data protection and privacy.
As part of their responsibilities, AppSec teams work to identify and mitigate security vulnerabilities and risks within software applications. SAIF extends this to AI, and provides a basic toolset to address the unique security challenges associated with AI models. By integrating SAIF into their practices, AppSec teams can assist in implementing robust security measures to protect sensitive data during AI training and inference. The framework's encryption pillar provides best practices to allow for the secure handling of data, guarding against unauthorized access or data breaches. Additionally, the incorporation of differential privacy techniques can aid AppSec teams in ensuring the anonymity and protection of individual user data within AI models. By leveraging SAIF, AppSec teams can enhance the security posture of applications leveraging AI, maintain compliance with privacy regulations, and bolster user trust by prioritizing data privacy and security in their everyday practices.
One of the most interesting lines in their initial post explaining why they are doing this now, was the following. They write: “SAIF is inspired by the security best practices — like reviewing, testing and controlling the supply chain — that we’ve applied to software development, while incorporating our understanding of security mega-trends and risks specific to AI systems.”
We agree and are focused exclusively on the unique security of the ML software supply chain. ML and AppSec teams often don’t speak the same language when it comes to enterprise security (e.g the nuances of MLOps vs. DevOps). Both teams lack the tools to see their entire ML threat surface, know where their vulnerabilities are at each stage of the model life cycle, and manage their ML environments in a cohesive and collaborative way between teams.
Protect AI is adhering to the elements listed in the framework, and helping guide customers along a similar arc that helps prevent risks of AI Zero Days that can’t be seen, inspected, or easily remediated.
Protect AI is excited to see titans like Google, Microsoft, and others begin to introduce secure and safe AI frameworks that will extend the work being done by organizations such as NIST and MITRE. But, frameworks alone won’t solve the problem or address the urgent needs of AI security. This is why Protect AI is developing the platform for MLSecOps that ensures teams use what they already have for both ML, and AppSec. We are also sponsoring a large community effort to advance the practice of MLSecOps, which anyone can participate in at MLSecOps.com Our vendor-neutral, cloud-agnostic approach ensures you can work in the environment of your choice, using the security tools your enterprise already trusts, to build safer, more secure AI powered experiences.
Contact us to learn more.