Watchtower seamlessly integrates into AI/ML development workflows, offering automated assessments and real-time monitoring to ensure compliance with standards like OWASP and NIST.
DUBAI, UAE, April 23, 2024 /PRNewswire-PRWeb/ -- AIShield, a Gartner-recognized forerunner in cybersecurity for AI/ML systems, unveils AIShield Watchtower, an innovative Static Application Security Testing (SAST) solution crafted for AI/ML developers. This pioneering open-source utility aims to redefine AI system security with its comprehensive scans of models and notebooks, thereby establishing a bulwark against the fast-evolving AI supply chain risks landscape. The imperative for responsible AI utilization underscores the need for categorization, evaluation, and mitigation of identified risks. Organizations need a tool for mitigating such risks of ML supply chain attacks, and for hardening the trust boundaries during the model training and development phase.
The accessibility of open-source models, driving the democratization of Artificial Intelligence and Machine Learning (AI/ML), is instrumental for a myriad of AI applications across organizations. Yet, this accessibility brings forth security vulnerabilities throughout the supply chain. Given the AI/ML ecosystem's modular configuration, and dependency on the open-source models, application behaviors can be influenced by numerous dispersed configuration files and utilities, introducing risks—whether intentional, accidental, or malicious.
The sector acknowledges the necessity for hardened security by considering guidelines/best practices such as the NIST AI RMF, OWASP Top 10 Vulnerabilities for ML, and the EU AI Act, which underscore AI systems' security perils and advocate for a risk-based mitigation strategy. The Executive Order by US President Joe Biden on October 30, 2023, which calls for federal standards in AI development addressing safety, security, and trust, further accentuates this need. A Secure SDLC approach to AI models requires adding security testing at each development stage, from design to development, to deployment and beyond. AI development teams can gain confidence in their models with continuous, built-in security scanning. Developers worldwide are constantly seeking innovative tools and frameworks that simplify complex tasks, accelerate development, and enhance the security posture of AI models.
To address the critical requirement for enhanced security and trust during model training and development and bring greater control over the security of inventoried AI artifacts, AIShield presents Watchtower. This open-source tool enables developers to conduct thorough scans for unsafe code within models and notebooks, directly within their development environments. Diverging from traditional SAST tools, Watchtower's scope spans automated, extensive vulnerability assessments of both models and notebooks in repositories, targeting risks like hard-coded secrets, PIIs, outdated/unsafe libraries, model serialization attacks, and custom unsafe operations. Supporting formats such as H5, Pickle, and SavedModel, Watchtower is compatible with major frameworks like PyTorch and TensorFlow, promising broader applicability in the future. AIShield Watchtower stands out with its capability to categorize scans into four distinct risk levels: "low," "medium," "high," and "critical." This classification equips organizations with the ability to tailor their security efforts to the level of risk detected. Its adaptive approach and meticulous risk categorization significantly bolster security efforts, fortifying them effectively. Watchtower's alignment with industry standards such as OWASP (specifically ML06:2023 AI Supply Chain Attacks), MITRE, CWE, and NIST AI RMF MAP functions further enhances its market standing by providing advanced security solutions.
Watchtower offers zero-cost AI/ML asset discovery and risk identification, coupled with insightful, actionable reporting that enables developers to reinforce their models against vulnerabilities. With a focus on smooth, efficient integration, AIShield Watchtower ensures that incorporating security into AI/ML development workflows is a seamless process. AIShield Watchtower introduces seamless integration with AI/ML repositories hosted on platforms such as GitHub, Amazon S3, or Hugging Face, marking a new benchmark in AI security practices. AIShield Watchtower is validated by customers and developers and distinguished by its rigorous testing and real-world application complementing the SecureAIx Platform for extensive AI/ML threat surface visibility in organizations. Watchtower has been applauded by over 150+ developers (Github Stars).
Watchtower has already been adopted by the world's leading technology, energy, and telecommunication companies with their enterprise wrappers.
The following are key features of Watchtower:
- Automated discovery of AI models and related artifacts within repositories.
- In-depth vulnerability assessment to identify and address potential risks.
- Dynamic monitoring of model changes to trigger timely assessments.
- Comprehensive risk identification including hardcoded secrets, outdated libraries, and more.
- Alignment with top industry standards like OWASP, MITRE, NIST AI RMF MAP function, and CWE.
"AIShield's Watchtower stands out as a user-friendly tool, effortlessly fitting into our next-gen AppSec Threat Models and security assessment playbooks initiative, our comprehensive umbrella for open-source security projects and tools, aimed at enhancing security assessments and fortifying open-source technology stacks. Watchtower enriches our toolkit by facilitating AI/ML model discovery and security testing, perfectly embodying the collaborative and innovative spirit we champion within our community."
Head of Emerging Cybersecurity Tech and Risk Services Business, Leading Global Technology Services and Consulting Firm (>$10Bn Revenue, >200,000 Employees)
AIShield invites AI/ML developers, risk managers, and cybersecurity engineers to leverage the tool and become part of the AIShield Watchtower community. AIShield Watchtower can seamlessly improve the security posture of your ML pipelines, inference endpoints (at any stage), and data science environments without restricting creativity or performance. Implementation can be done in just a few minutes. Here's a short video to help you get started - https://youtu.be/5hKrmo76ytY.
For the latest installation instructions, code samples, and documentation check out the project on GitHub: https://github.com/bosch-aisecurity-aishield/watchtower
For more information visit us on the website and follow us on LinkedIn.
Media Contact
Mukul Dongre, AIShield, 91 8050163834, [email protected], https://www.boschaishield.com/
SOURCE AIShield
Share this article