Simple Scan(Open Source) in the MLOps Pipeline for Model Security
Securely validating and loading ML models just got easy.
AGI? Hmm, not anytime soon, maybe in the distant future, but picturing our lives in the coming times without AI in them feels unreal. Everyone is obsessed with AI.
Why not, for all we know it is doing once fictional things. It's like a marathon where everyone is trying to get there while knowing the path and utilities to get there are still brewing.
Bright minds with the hunger to change the world are burning out and bending barriers to change the world for the better.
All of this for what?
To make AI generally and securely available for everyone at scale.
Security in any field is multi-staged and demands extra considerations and efforts to ensure smooth and secure implementation.
We will check how to validate pre-trained AI/ML models for vulnerabilities and threats with a simple scan from an open-source offering.
Why Scan AI/ML Models?
Model training is a time-consuming and complex process.
Raw data when transformed and fed to sound statistical and mathematical algorithms generates exceptional ML models.
But a lot of experimentation, data handling, visual and mathematical validations, etc goes into generating a promising model that predicts or generates accurate outcomes.
It is borderline illogical to go from point A to point b to define an AI/ML model.
Models once trained can be reused by other teams and deployed on remote instances for inference.
Sometimes in between the model sharing process for reuse, there are chances of the AI/ML model getting compromised.
Model Serialization Attacks
When models are bundled into PKL / ONNX / etc files the weights and activation functions are serialized into binary format.
Files created using CI/CD pipelines and stored in secure repositories have less chance of exploitation but if the repository is compromised models can too.
Ensuring models are tested and deployed is a vital part of MLOps. Or I’d MLSecOps- so many new frameworks and methodologies to tackle modern problems.
ModelScan: Simple yet Robust Model Scan
We are living in an era where expectations are high.
Everyone wants to get more done in less time while doing as little as possible.
It makes sense. Since automation is taking over, automating virtually anything repetitive has become a norm.
I personally want to do everything I can with minimum effort while focusing more on extracting and delivering value.
So, every tool and library nowadays focuses on enabling users to run a simple command that inherits the logical flow.
The model scan is an open-source tool that can scan your ML model with a simple command and offer in-depth insights into what is happening with the model.
PKL file or any ML model(under development) can be scanned using modelscan for security vulnerabilities and insights.
This library is still in active development and when matured can come in real handy to avoid security bottlenecks and implement automated remediations without breaking a sweat.
Next Stop
The likelihood of AI and ML being applied to every aspect of our daily lives is becoming a reality. Soon we will see flying robots and smart machines taking over menial and repetitive tasks.
Security and privacy are going to take center stage. Soon people might kill to make sure to protect their privacy, except those who “have nothing to hide”.
Security with simplicity is the key to delivering resilient solutions.
Check out the YouTube playlists to learn more about Data Engineering, DevOps, and ML Engineering.