Watchtower seamlessly integrates into AI/ML development
workflows, offering automated assessments and real-time monitoring
to ensure compliance with standards like OWASP and NIST.
DUBAI, UAE, April 23,
2024 /PRNewswire-PRWeb/ -- AIShield, a
Gartner-recognized forerunner in cybersecurity for AI/ML systems,
unveils AIShield Watchtower, an innovative Static Application
Security Testing (SAST) solution crafted for AI/ML developers. This
pioneering open-source utility aims to redefine AI system security
with its comprehensive scans of models and notebooks, thereby
establishing a bulwark against the fast-evolving AI supply chain
risks landscape. The imperative for responsible AI utilization
underscores the need for categorization, evaluation, and mitigation
of identified risks. Organizations need a tool for mitigating such
risks of ML supply chain attacks, and for hardening the trust
boundaries during the model training and development phase.
Watchtower enriches our AppSec and
open-source security initiatives by integrating AI/ML model
discovery and security testing. It stands as a user-friendly,
innovative tool, strengthening our technology stacks and embodying
the collaborative spirit of our community.
The accessibility of open-source models, driving the
democratization of Artificial Intelligence and Machine Learning
(AI/ML), is instrumental for a myriad of AI applications across
organizations. Yet, this accessibility brings forth security
vulnerabilities throughout the supply chain. Given the AI/ML
ecosystem's modular configuration, and dependency on the
open-source models, application behaviors can be influenced by
numerous dispersed configuration files and utilities, introducing
risks—whether intentional, accidental, or malicious.
The sector acknowledges the necessity for hardened security by
considering guidelines/best practices such as the NIST AI RMF,
OWASP Top 10 Vulnerabilities for ML, and the EU AI Act, which
underscore AI systems' security perils and advocate for a
risk-based mitigation strategy. The Executive Order by US President
Joe Biden on October 30, 2023, which calls for federal
standards in AI development addressing safety, security, and trust,
further accentuates this need. A Secure SDLC approach to AI models
requires adding security testing at each development stage, from
design to development, to deployment and beyond. AI development
teams can gain confidence in their models with continuous, built-in
security scanning. Developers worldwide are constantly seeking
innovative tools and frameworks that simplify complex tasks,
accelerate development, and enhance the security posture of AI
models.
To address the critical requirement for enhanced security and
trust during model training and development and bring greater
control over the security of inventoried AI artifacts, AIShield
presents Watchtower. This open-source tool enables developers to
conduct thorough scans for unsafe code within models and notebooks,
directly within their development environments. Diverging from
traditional SAST tools, Watchtower's scope spans automated,
extensive vulnerability assessments of both models and notebooks in
repositories, targeting risks like hard-coded secrets, PIIs,
outdated/unsafe libraries, model serialization attacks, and custom
unsafe operations. Supporting formats such as H5, Pickle, and
SavedModel, Watchtower is compatible with major frameworks like
PyTorch and TensorFlow, promising broader applicability in the
future. AIShield Watchtower stands out with its capability to
categorize scans into four distinct risk levels: "low," "medium,"
"high," and "critical." This classification equips organizations
with the ability to tailor their security efforts to the level of
risk detected. Its adaptive approach and meticulous risk
categorization significantly bolster security efforts, fortifying
them effectively. Watchtower's alignment with industry standards
such as OWASP (specifically ML06:2023 AI Supply Chain Attacks),
MITRE, CWE, and NIST AI RMF MAP functions further enhances its
market standing by providing advanced security solutions.
Watchtower offers zero-cost AI/ML asset discovery and risk
identification, coupled with insightful, actionable reporting that
enables developers to reinforce their models against
vulnerabilities. With a focus on smooth, efficient integration,
AIShield Watchtower ensures that incorporating security into AI/ML
development workflows is a seamless process. AIShield Watchtower
introduces seamless integration with AI/ML repositories hosted on
platforms such as GitHub, Amazon S3, or Hugging Face, marking a new
benchmark in AI security practices. AIShield Watchtower is
validated by customers and developers and distinguished by its
rigorous testing and real-world application complementing the
SecureAIx Platform for extensive AI/ML threat surface visibility in
organizations. Watchtower has been applauded by over 150+
developers (Github Stars).
Watchtower has already been adopted by the world's leading
technology, energy, and telecommunication companies with their
enterprise wrappers.
The following are key features of Watchtower:
- Automated discovery of AI models and related artifacts within
repositories.
- In-depth vulnerability assessment to identify and address
potential risks.
- Dynamic monitoring of model changes to trigger timely
assessments.
- Comprehensive risk identification including hardcoded secrets,
outdated libraries, and more.
- Alignment with top industry standards like OWASP, MITRE, NIST
AI RMF MAP function, and CWE.
"AIShield's Watchtower stands out as a user-friendly tool,
effortlessly fitting into our next-gen AppSec Threat Models and
security assessment playbooks initiative, our comprehensive
umbrella for open-source security projects and tools, aimed at
enhancing security assessments and fortifying open-source
technology stacks. Watchtower enriches our toolkit by facilitating
AI/ML model discovery and security testing, perfectly embodying the
collaborative and innovative spirit we champion within our
community."
Head of Emerging Cybersecurity Tech and Risk Services Business,
Leading Global Technology Services and Consulting Firm
(>$10Bn Revenue, >200,000
Employees)
AIShield invites AI/ML developers, risk managers, and
cybersecurity engineers to leverage the tool and become part of the
AIShield Watchtower community. AIShield Watchtower can seamlessly
improve the security posture of your ML pipelines, inference
endpoints (at any stage), and data science environments without
restricting creativity or performance. Implementation can be done
in just a few minutes. Here's a short video to help you get started
- https://youtu.be/5hKrmo76ytY.
For the latest installation instructions, code samples, and
documentation check out the project on GitHub:
https://github.com/bosch-aisecurity-aishield/watchtower
For more information visit us on the website and follow us on
LinkedIn.
Media Contact
Mukul
Dongre, AIShield, 91 8050163834, mukul.dongre@bosch.com,
https://www.boschaishield.com/
Twitter, LinkedIn
View original content to download
multimedia:https://www.prweb.com/releases/aishield-announces-watchtower-the-open-source-tool-to-supercharge-ai-supply-chain-security-302124051.html
SOURCE AIShield