AIShield introduces Watchtower, an open-source SAST solution specifically for AI/ML developers, to address security vulnerabilities in the AI supply chain. The tool scans for threats, categorises risks, and aligns with industry standards, aiming to improve security measures in AI development.
AIShield Launches Watchtower to Enhance AI Supply Chain Security
Dubai, UAE – On April 23, 2024, AIShield introduced its new tool, Watchtower, aimed at improving the security of AI and machine learning (ML) systems. AIShield, recognised for its contributions to cybersecurity, developed Watchtower as an open-source Static Application Security Testing (SAST) solution tailored for AI/ML developers. This release is seen as a response to increasing concerns about security vulnerabilities within the AI supply chain.
Security Concerns in AI Supply Chains
The open-source nature of many AI/ML models allows widespread access and innovation but also presents varied security risks. The modular setup and reliance on third-party components mean that potential vulnerabilities can be introduced at multiple points in the development lifecycle, whether intentionally or unintentionally. These risks necessitate tools like Watchtower for proactive risk identification and mitigation.
Watchtower’s Features and Capabilities
Watchtower integrates into existing AI/ML development environments, conducting thorough scans of models and notebooks to identify and categorise potential security threats. The tool assesses vulnerabilities, including hard-coded secrets, personally identifiable information (PIIs), outdated libraries, model serialization attacks, and unsafe operations. It supports formats such as H5, Pickle, and SavedModel, and works with popular frameworks like PyTorch and TensorFlow.
The tool classifies risks into four levels: “low,” “medium,” “high,” and “critical.” This categorisation helps developers prioritise their security efforts based on the severity of detected vulnerabilities. The approach aligns with industry standards, including OWASP, MITRE, CWE, and the NIST AI Risk Management Framework (AI RMF), ensuring comprehensive security coverage.
Industry Context and Support
The development of Watchtower comes in the wake of increasing regulatory focus on AI security. Recent guidelines and best practices from organisations like NIST and OWASP highlight the growing need for robust security measures in AI. Additionally, an Executive Order issued by US President Joe Biden on October 30, 2023, set federal standards for AI development, concentrating on safety, security, and trust.
AIShield Watchtower also complements existing security initiatives by facilitating automatic discovery and continuous monitoring of AI/ML artifacts. This tool is designed to fit seamlessly into development workflows, enabling quick and efficient integration with platforms such as GitHub, Amazon S3, and Hugging Face.
Reception and Adoption
Watchtower has received validation and positive feedback from over 150 developers on GitHub. It has already been adopted by major technology, energy, and telecommunication companies within their enterprise environments, reinforcing its practical utility in real-world applications.
Mukul Dongre from AIShield expressed the company’s vision, noting, “AIShield Watchtower stands out for its user-friendliness and its alignment with our goals of enhancing open-source security stacks. It enriches our offerings by facilitating AI/ML model discovery and security testing, embodying the collaborative spirit within our community.”
Getting Started with Watchtower
AIShield invites AI/ML developers, risk managers, and cybersecurity engineers to explore Watchtower. The tool aims to improve the security of ML pipelines and data science environments without compromising creativity or performance.
For installation instructions, code samples, and documentation, users can visit the project on GitHub. Additional information about AIShield and Watchtower can be found on the company’s official website and LinkedIn page.
For further inquiries, Mukul Dongre at AIShield is available for contact.
This introduction of Watchtower marks a significant step forward in addressing the evolving risks of the AI supply chain, combining advanced technology with a collaborative approach to security.
Media Contact:
Mukul Dongre, AIShield
Tel: +91 8050163834
Email: [email protected]
Website: www.boschaishield.com
LinkedIn: AIShield on LinkedIn
