How to Ensure Supply Chain Security for AI Applications

neub9
By neub9
3 Min Read



Machine Learning Revolutionizing AI Applications

Machine Learning (ML) is driving the boom in AI Applications, revolutionizing various domains. From powering intelligent Large Language Model (LLM) based chatbots like ChatGPT and Bard, to enabling text-to-AI image generators like Stable Diffusion, ML continues to drive innovation. Its transformative impact advances multiple fields from genetics to medicine to finance. Without exaggeration, ML has the potential to profoundly change lives, if it hasn’t already.

Despite its benefits, many of the ML solutions in these fields have relegated security to an afterthought in order to be first to market. For example, ChatGPT only recently reinstated users’ query history after fixing an issue in an open source library that allowed any user to potentially view the queries of others. This poses a significant security risk for users sharing proprietary information with the chatbot.

In some respects, open source software design is considered inherently safe because the entire world can scrutinize the source code since it’s not compiled and therefore human readable. However, issues arise when authors that lack a rigorous process compile their code into machine language, aka binaries. Binaries are extremely hard to take apart once assembled, making them a great place to inadvertently or even overtly hide malware.

The consequences of poor software supply chain management can be disastrous, as demonstrated by recent hacks such as Solarwinds, Kaseya, and 3CX. The implications for ML are dire, considering the real-world decisions being made by ML models such as evaluating creditworthiness, detecting cancer, or guiding a missile. The time has come to address these risks.

Speed and Security: AI Software Supply Chain Security At Scale

Security-sensitive industries like defense, healthcare, and finance/banking are at a crossroads: they either have to accept an unreasonable amount of risk or stifle innovation by not allowing the usage of the latest and greatest ML tools. Given that their competitors depend on open source to build their ML applications, speed and security need to become compatible instead of competitive.

At Cloudera and ActiveState, we strongly believe that security and innovation can coexist. This joint mission is why we have partnered to bring trusted, open-source ML Runtimes to Cloudera Machine Learning (CML). Cloudera customers can now enjoy supply chain security across the entire open source Python ecosystem, ensuring their AI projects are secure from concept to deployment.

Next Steps

Create a free ActiveState Platform account so you can use it to automatically build an ML Runtime for your project.


Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *