TLDR:
- The use of AI models is making software supply chain security more challenging
- AI/ML models present unique security vulnerabilities that are often overlooked
In the article “It’s 10 p.m. Do You Know Where Your AI Models Are Tonight?” by Ericka Chickowski, the author discusses the increasing complexity and challenges faced in securing AI models within the software supply chain. The article highlights the following key elements:
Developers, application security pros, and DevSecOps professionals are struggling to manage the dependencies in software due to the multitude of open source and proprietary components. The addition of AI and machine learning (ML) models to the mix further complicates the situation, as these models are self-executing code that is often overlooked in terms of security.
Daryan Dehghanpisheh, co-founder of Protect AI, emphasizes the need for organizations to gain visibility into the AI models embedded in their software. The lack of visibility into AI models poses a significant security risk, as these models can be used to execute arbitrary code and may have vulnerabilities that go undetected.
To address these challenges, Dehghanpisheh recommends creating a structured understanding of AI lineage, scanning models for flaws, and implementing MLSecOps – a vendor-neutral movement similar to DevSecOps but focused on AI security. By building out capabilities to scan and secure AI models, organizations can prevent security breaches and ensure the integrity of their AI systems.