SOSS Fusion 2024

We are seeing an increase in the number of AI powered applications. At the same time, we are seeing that AI software repeats the same security mistakes as traditional software, but at an accelerated time frame and with higher risks. In this talk -- planned as a tutorial --, we aim to show how AI applications can be developed in a safe way, starting with datasets and software dependencies, building a secure software supply chain, and only accepting models in production that have clear, untampered provenance (both SLSA but also analyzing the capabilities of the models to eliminate future risks). For example, we want to be able to trace back from a bad inference in production to the potential poisoned input in the training dataset. We will show how we can reduce cost of retraining models in the event of an ML framework compromise by analyzing the blast radius and only retraining impacted models. To keep the audience engaged, we will follow the development story of an ML model from data collection and training all the way to deploying the model in production. At each stage, we will go over the supply chain security risks and show how these can be mitigated.