Securing your AI model development pipeline
Key Takeaways
This video demonstrates securing AI model development pipelines using Google Cloud and open-source tools, covering topics such as data poisoning, model integrity, and binary authorization. It showcases tools like Vertex AI Pipelines, Binary Authorization, and Sixstore to mitigate risks throughout the AI development pipeline.
Full Transcript
[Music] hey AI play my favorite song shouldn't you be working what if your AI turned against you or imagine a mar detective model misclassifying multiple dangerous pieces of Court as harmless or your friendly llm chatboard spreading misinformation to avoid these seemingly dystopian but very real situations in this video we'll use Google's secure AI framework to understand the risks involved in AI model development we will also explore how to mitigate these risks using the security capabilities in Google cloud and open source software let's get started before diving into the solution let's understand a few critical risks in the AI development pipeline as always let's begin with the data sets in accurate training data whether introduced accidentally or intentionally makes the model predict biased or harmful content accidental data poisoning stems from poor data hygiene and life cycle management for instance if a data is not filtered properly the model May learn from unauthorized or sensitive sources similarly insufficient Automation and data monitoring can cause the model to utilize outdated data intentional or malicious data poisoning is done by carefully crafting data points into your training data set this forces the model to learn incorrect or harmful patterns data dat poisoning can occur at any stage of the model creation pipeline such as filtering storage trining Etc thus making it a critical concern for H data Handling Systems now moving beyond the data itself the model can also be a target for attack attackers can manipulate your model code or weights if your training environment is not hardened against supply chain attacks and tempering this could lead to model poisoning and compromise your model Integrity from inside out but even if your model is securely trained it can still be exfiltrated and tampered with if the model storage systems are not robust to attacks this could allow attackers to replace existing models with malicious ons similarly the model serving infrastructure can provide the attackers with access to production models in case of a successful attack the securing AI model development isn't just about the model itself but also safeguarding the development pipeline okay so now that we've seen the risks let's explore how to mitigate them by focusing on four key areas model and data security model Integrity transparency and verified model serving these should all be adopted in addition to hardening the individual components in the supply chain let's Dive Right In securing your AI development starts with a robust model and data security implementing F grained access controls through identity and access management or Google Cloud IAM ensures that only authorized personnel and services can can interact with your valuable AI assets to help you manage data set permissions at a more granular level bigquery and vertex AI also provide an additional level of access control mechanisms additionally Implement sensitive data protection or sdp to proactively identify and Safeguard sensitive information Within These data sets to prevent potential exfiltration remember a secure development environment is equally important The Notebook security scanner actively detects vulnerabilities introduced by open-source software in your managed notebooks providing actionable remediation advice these insights along with a comprehensive view of your security poster are readily available in the security Command Center the security Command Center also highlights findings specific to your AI workloads thus empowering you to identify and address potential threats across your AI development landscape next let's talk about model integrity we need to guarantee that the model deployed or served is exactly what was built and intended this is done through model signing just like signing traditional software release artifacts signing an AI model verifies its origin and ensures it hasn't been tampered with post training in simple terms signing an AI model is equalent to signing a software manifest one powerful tool for this is six store similar to how let's encrypt reeven revolutionized web security Sixto simplifies the process of signing software artifacts including AI models without having to manage key material originally a collaboration between red hat and Google's open source security team Sixt is now an open ssf project making it a robust and widely supported solution for verifying software Integrity when an AI model needs to be signed a workload identity token is sent to Sixto to authenticate the training environment this token requests a short Li certificate from a six store certificate Authority this certificate is valid for a short period of time and can be used to digitally sign the trained model crucially the short lifespan of the certificate limits the potential for misuse or abuse in case it gets exposed the certificate and signature are then recorded in a transparency log this up and Only log provides irrefutable proof of the signing event and makes any post signing alterations immediately detectable any downloading the model can verify the signature and be confident of the model Integrity to get started explore six door model transparency GitHub reposter it provides outof thebox CA commands which simplify the process of both signing and verifying your AI models next up let's talk about model and data transparency the AI model itself is a bit like a mysterious blackbox it can make predictions in decisions but it doesn't inherently reveal why or how it arrived at those outputs to truly understand and Trust an AI model we need to shed light on its inner workings that's where model and data transparency comes in it captures a model's origin how it was created training data source and its Transformations which source code was used what dependencies or pre-trained models were leveraged and the environment it was trained on all this information is captured in a Provence document it helps identify potential biosis catches any attempts at data or model poisoning and maintains Integrity it also ensures Regulatory Compliance and enables effective audits Google Cloud's vertex AI provides a comprehensive Suite of mlops tools to manage the endtoend ml workflow within verx AI the ml metadata service helps track the lineage of your models and data sets providing a detailed record of the model's development Journey this comprehensive Providence data Fosters transparency and accountability you can also use six door model transparency GitHub repo to learn how to generate your own prominence data for AI models check it out to learn more the final step in securing your AI development pipeline is robust model validation before serving a Model A verification tool should ensure that only authorized and validated models reach production to achieve this Google Cloud provides a powerful tool called binary authorization it's a security control tool that can block deployments of a binary artifact if it doesn't pass the defined checks for AI models these checks could be verifying the model has been signed a complete and signed Providence record has been generated for both data and models on ensuring organization security poster requirements are met implementing these TXS is simple Define your yaml roles integrate them into your AI development buil Pipeline and binary authorization takes care of the rest make this your final verification step before serving your amazing AI models in this video we explored the potential risks in a typical AI development pipeline we also saw how to mitigate those risks through adopting model and data security practices model Integrity via model signing developing transparency via model and data Providence and finally verified model serving to gate bad or compromised models congratulations on taking this crucial step towards secure AI development but the journey doesn't stop here remember to integrate core security practices like I encryption and continuous monitoring throughout your AI development life cycle to learn more check out the resources and best practices linked below happy coding [Music] he [Music]
Original Description
Vertex AI Pipelines → https://goo.gle/41IIBSZ
Binary Authorization → https://goo.gle/3VOTAGL
Vertex AI Pipeline demo → https://goo.gle/4ghaHJE
Are you concerned about AI models going rogue? Secure your AI development pipeline using Google Cloud and open-source tools to mitigate risks throughout the model lifecycle. From data security to model integrity, watch along and learn how to build robust and trustworthy AI systems on Google Cloud.
Chapters:
0:00 - Intro
0:45 - Understanding critical risks in AI development
2:47 - Google Cloud IAM
4:00 - Model integrity with model signing
5:48 - Model & data transparency
7:15 - Verified model serving
8:13 - Recap
More resources:
Model Signing & Provenance → https://goo.gle/49G0tjw
Google SAIF → https://goo.gle/3Dbfg9s
AI Supply Chain Whitepaper → https://goo.gle/3ZRZf15
Watch more AI Guide for Cloud Developers → https://goo.gle/AtoZforAI
Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#GoogleCloud #AIforDevelopers
Speaker: Sita Lakshmi Sangameswaran
Products Mentioned: Vertex AI, AI Infrastructure, Identity and Access Management, Google Cloud Security, Security Command Center,Sensitive Data Protection, Binary Authorization
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Google Cloud Tech · Google Cloud Tech · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
I’m going for it #GoogleCloudCertified
Google Cloud Tech
I had to get #GoogleCloudCertified
Google Cloud Tech
Be better overall at what you do #GoogleCloudCertified
Google Cloud Tech
Cloud Monitoring on our radar #Analysis #Uptime
Google Cloud Tech
Introduction to Generative AI Studio
Google Cloud Tech
How to use Github Actions with Google's Workload Identity Federation
Google Cloud Tech
Introduction to Responsible AI
Google Cloud Tech
Networking updates and CDMC-certified architecture
Google Cloud Tech
Create and use a Cloud Storage bucket
Google Cloud Tech
How to digitize text from documents
Google Cloud Tech
Faster analytical queries with AlloyDB
Google Cloud Tech
Next ‘23 sessions and FaaS Wave
Google Cloud Tech
Introduction to Assured Open Source Software
Google Cloud Tech
BigQuery Cost Optimization: Storage
Google Cloud Tech
BigQuery Cost Optimization: Compute
Google Cloud Tech
BigQuery Cost Optimization: Select Queries
Google Cloud Tech
Remote Field Equipment Management with Manufacturing Data Engine
Google Cloud Tech
Supercharging your applications with Cloud SQL Enterprise Plus
Google Cloud Tech
Vector Support on our radar #GenAI
Google Cloud Tech
Architecting a blockchain startup with Google Cloud
Google Cloud Tech
Kubernetes and multitasking updates!
Google Cloud Tech
GKE: Using Kubernetes Events
Google Cloud Tech
How to configure firewall rules for Cloud Composer
Google Cloud Tech
Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Google Cloud Tech
Geospatial analytics on our radar #EarthEngine #BigQuery
Google Cloud Tech
Ensuring requests are set in Kubernetes
Google Cloud Tech
Cloud Next 2023, Google research program, and more!
Google Cloud Tech
How to migrate projects between organizations with Resource Manager
Google Cloud Tech
How to run #MySQL in Google Cloud
Google Cloud Tech
#GenerativeAI for enterprises and #Next2023
Google Cloud Tech
How Google Photos scales to store 4 trillion photos and videos
Google Cloud Tech
Google Cross-Cloud Interconnect (Demo 2)
Google Cloud Tech
GKE Cost Optimization Golden Signals: Introduction
Google Cloud Tech
GKE Cost Optimization Golden Signals: Workload Rightsizing
Google Cloud Tech
GKE Load Balancing: Overview
Google Cloud Tech
GKE Load Balancing: Best Practices
Google Cloud Tech
Disaster Recovery in GKE
Google Cloud Tech
How to configure IP masquerade agent in GKE Standard clusters
Google Cloud Tech
Enable and use GKE Control plane logs
Google Cloud Tech
Compliance in Australia with Assured Workloads
Google Cloud Tech
Creating budgets and budget alerts in Google Cloud #FinOps
Google Cloud Tech
Cloud SQL Enterprise Plus on our radar #mySQL
Google Cloud Tech
What's Next for Google Cloud?
Google Cloud Tech
How Loveholidays scaled with Contact Center AI
Google Cloud Tech
What is fleet team management in GKE?
Google Cloud Tech
Troubleshoot VPC Network Peering
Google Cloud Tech
Introduction to DocAI and Contact Center AI
Google Cloud Tech
Cloud Run Direct VPC egress explained
Google Cloud Tech
Database deployment options in GKE
Google Cloud Tech
Analyze cloud billing data with #BigQuery
Google Cloud Tech
Tips to becoming a world-class Prompt Engineer
Google Cloud Tech
Serverless is simple. Do I need CI/CD?
Google Cloud Tech
Accelerating model deployment with MLOps
Google Cloud Tech
How Hawaii's Department of Human Services scaled with CCAI
Google Cloud Tech
Pricing API on our #Radar
Google Cloud Tech
How Recommendations AI for Media can boost customer retention
Google Cloud Tech
Troubleshooting: Node Not Ready Status
Google Cloud Tech
One weekend until Cloud Next 2023!
Google Cloud Tech
#GoogleCloudNext starts tomorrow!
Google Cloud Tech
#GoogleCloudNext will be demand!
Google Cloud Tech
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
AI Will Not Save You from Thinking: Why Polymathy Is Becoming the Real Career Advantage
Medium · AI
The Apple Intelligence Compromise: Why China is Forcing Apple to Use Local AI Models
Medium · AI
Everything You Know About AI Needs an Urgent Upgrade
Medium · Programming
AI Chatbots Aren’t Replacing the News. They’re Deciding How Visible It Is.
Medium · AI
Chapters (7)
Intro
0:45
Understanding critical risks in AI development
2:47
Google Cloud IAM
4:00
Model integrity with model signing
5:48
Model & data transparency
7:15
Verified model serving
8:13
Recap
🎓
Tutor Explanation
DeepCamp AI