We use cookies to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.
PreferencesDecline AllAccept All

Your Cookie Preferences

We use different types of cookies to optimize your experience on our website. Click on the categories below to learn more about their purposes. You may choose which types of cookies to allow and can change your preferences at any time. Remember that disabling cookies may affect your experience on the website. You can learn more about how we use cookies by visiting our Privacy Policy.

Essential Cookies
Details

These cookies are necessary to the core functionality of our website and some of its features, such as access to secure areas.

Analytics and Customization Cookies
Details

These cookies collect information that can help us understand how our websites are being used. This information can also be used to measure effectiveness in our marketing campaigns or to curate a personalized site experience for you.

Advertising Cookies
Details

These cookies are used to enhance the performance and functionality of our websites but are nonessential to their use. However, without these cookies, certain functionality (like videos)may become unavailable.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Decline AllConfirm my Choices
Back

Essential Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
Back

Analytics and Customization Cookies

Name
Purpose
Marketo Munchkin
Marketo's custom JavaScript tracking code, called Munchkin, tracks all individuals who visit your website so you can react to their visits with automated marketing campaigns.
Name
Purpose
Google Tag
The Google tag (gtag.js) is a single tag you can add to a website to use a variety of Google products and services (e.g., Google Ads, Google Analytics, Campaign Manager, Display & Video 360, Search Ads 360).
Back

Performance and Functionality Cookies

Name
Purpose
LinkedIn Insight
The LinkedIn Insight Tag is a snippet of JavaScript code that loads a small library of functions you can use to track Linkedin ad-driven visitor activity on your website.
Back

Advertising Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
June 12, 2024
-
5
minute read

Automate AI vulnerability testing with Robust Intelligence and MLflow

Author
Authors
Emile Antone
Emile is a Senior Product Marketing Manager at Robust Intelligence.

The Databricks open-source platform MLflow has emerged as one of the leading MLOps solutions with a comprehensive set of tools designed to help teams across the entire AI lifecycle. It has several components to help simplify the complex development process and provide better traceability, consistency, and management at scale.

MLOps solutions like MLflow streamline machine learning experiment tracking, model development, and production readiness. In the era of generative AI, DevSecOps practices ensuring the validation of the safety and security vulnerabilities of AI systems are increasingly important. That’s why Robust Intelligence integrates with the MLflow Model Registry to bring seamless validation to machine learning workflows and help developers create more secure AI applications.

Let’s take a closer look at the integration between Robust Intelligence and MLflow, and discuss how teams can take advantage of automated red teaming to identify model vulnerabilities.

What are MLflow and the Model Registry?

MLflow is an open-source platform developed by Databricks that comprises a variety of tools to help simplify and support the complete AI lifecycle. These core components include Tracking, Evaluation, Prompt Engineering, and the Model Registry.

The MLflow Model Registry is the most widely used model registry today. It serves as a centralized model repository that facilitates better organization, management, collaboration, and documentation between developers and broader teams. Model registries provide significant operational benefits in terms of quality, consistency, and scalability, which is why so many enterprise machine learning teams have come to rely on them.

What is model validation, and why is it important?

Model validation is the process of identifying and addressing safety and security vulnerabilities in a model through file scanning and rigorous testing. It is a foundational practice of AI security and an explicit regulatory requirement outlined in policies like the EU AI Act and the White House Executive Order on AI.

Validation is also important to align with leading AI security standards. Popular standards include the OWASP Top 10 for LLM Applications, for which six of the ten highlighted security concerns can be measured or mitigated during pre-deployment validation.  Additionally, the  Databricks AI Security Framework contains sections on model evaluation (DASF 45), comparing LLM outputs (DASF 47), automating LLM evaluation (DASF 49), platform compliance (DASF 50), and source code control (DASF 52) that are critical steps addressed by model validation.

Companies need to ultimately trust that their models are secure and safe. AI security is concerned with protecting sensitive data and computing resources from unauthorized access or attack, such as prompt injection and data poisoning attacks. AI safety is concerned with preventing harms caused by unintended consequences of an AI application by its designer, such as hallucinations and toxic content. Both present business risk and require mitigation.

This pertains to the hundreds of thousands of open-source models on HuggingFace, closed-source models from AI providers, and proprietary models. Testing should occur every time a change is made to the model, as well as at regular time intervals. As new vulnerabilities can emerge throughout model development and in production, model validation must be seen as a continuous and necessary initiative to protect the business, align on security measures across stakeholders, and demonstrate compliance with internal standards and regulatory requirements.

AI application development is often hampered by security concerns. Model validation is a first step in decoupling AI development from AI security, which can help unblock a company’s AI transformation.

Integrating the Robust Intelligence platform with MLflow

Integrating Robust Intelligence’s AI Validation offering with the MLflow model registry makes the important step of model validation an automatic and unobtrusive part of machine learning development.

Adopting this shift-left approach to testing enables developers to ascertain the security and safety vulnerabilities of a given model early on, identify malicious inclusions in their supply chain, and better understand how actions like fine-tuning adversely impact alignment. It also streamlines communication with other teams like security and compliance, who can then independently verify that models have undergone rigorous validation and comply with relevant standards.

“Companies need to ensure that the models they rely on have undergone rigorous validation for safety and security,” said Omar Khawaja, VP Security and Field CISO at Databricks. “Not only does the integration between Robust Intelligence and MLflow make security a built-in piece of the model development lifecycle, it also improves communication between AI stakeholders across data science, security, and GRC teams.”

When you integrate both platforms, the registration of a new model in the MLflow Model Registry will automatically and discreetly initiate Robust Intelligence AI Validation testing. Our algorithmic red-teaming evaluates model susceptibility to over 150 security and safety categories across four primary failure types. This identifies vulnerabilities to malicious actions, such as prompt injection and data poisoning, and unintentional outcomes. If left unchecked, these vulnerabilities can jeopardize your users, sensitive data, and ultimately the security of your organization.

  • Abuse failures such as toxicity, bias, hate speech, and malicious code.
  • Privacy failures such as PII leakage, data loss, model info leakage, and privacy infringement.
  • Integrity failures such as factual inconsistencies, hallucination, off-topic, and off-policy responses.
  • Availability failures such as denial of services and increased resource or cost consumption.

These tests can be repeated periodically to identify new vulnerabilities that emerge in development, after instances of fine-tuning, or after the model is deployed in a production AI application.

Historical results are available for review in the Robust Intelligence platform and within MLflow as model artifacts, providing centralized and continuous assurance that models in use have undergone thorough testing and adhere to any internal standards and regulatory requirements. Results from AI Validation map directly to leading AI security standards from NIST, MITRE, and OWASP, making it easier to measure and demonstrate compliance. We also auto-generate model cards that translate the test results into an easy-to-read report that is mapped to industry and regulatory standards.

Automating model validation saves teams a tremendous amount of time and expertise that would otherwise be required to manually and routinely test models. Manual, ad hoc testing often falls short in terms of coverage and consistency, as it’s performed with individual discretion in an arbitrary and unstandardized manner. 

After identifying the vulnerability profile of your model, AI Validation automatically recommends custom guardrails when used in conjunction with the Robust Intelligence AI Firewall. This ensures that protections are precisely tailored to cover the gaps that exist in your AI applications before bad actors can exploit them.

Ready to bring seamless, automated model testing to your AI development process? You can learn more about AI Validation and our integration with the MLflow Model Registry here.

Author
Authors
Emile Antone
Emile is a Senior Product Marketing Manager at Robust Intelligence.
Share article
Social

Follow us on LinkedIn

Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.

Related articles

September 6, 2024
-
4
minute read

AI Governance Policy Roundup (August 2024)

For:
August 27, 2024
-
5
minute read

AI Cyber Threat Intelligence Roundup: August 2024

For:
August 20, 2024
-
5
minute read

Bypassing OpenAI's Structured Outputs: Another Simple Jailbreak

For:
+   More Articles

Related articles

May 28, 2024
-
5
minute read

Fine-Tuning LLMs Breaks Their Safety and Security Alignment

For:
December 5, 2023
-
5
minute read

Using AI to Automatically Jailbreak GPT-4 and Other LLMs in Under a Minute

For:
December 13, 2022
-
4
minute read

Robust Intelligence Partners with Databricks to Deliver Machine Learning Integrity Through Continuous Validation

For:
Data Science Leaders
+   More Articles

Ready to learn more?

See why we’re the enterprise choice for AI application security.
Get a Demo
June 12, 2024
-
5
minute read

Automate AI vulnerability testing with Robust Intelligence and MLflow

Author
Authors
Emile Antone
Emile is a Senior Product Marketing Manager at Robust Intelligence.

The Databricks open-source platform MLflow has emerged as one of the leading MLOps solutions with a comprehensive set of tools designed to help teams across the entire AI lifecycle. It has several components to help simplify the complex development process and provide better traceability, consistency, and management at scale.

MLOps solutions like MLflow streamline machine learning experiment tracking, model development, and production readiness. In the era of generative AI, DevSecOps practices ensuring the validation of the safety and security vulnerabilities of AI systems are increasingly important. That’s why Robust Intelligence integrates with the MLflow Model Registry to bring seamless validation to machine learning workflows and help developers create more secure AI applications.

Let’s take a closer look at the integration between Robust Intelligence and MLflow, and discuss how teams can take advantage of automated red teaming to identify model vulnerabilities.

What are MLflow and the Model Registry?

MLflow is an open-source platform developed by Databricks that comprises a variety of tools to help simplify and support the complete AI lifecycle. These core components include Tracking, Evaluation, Prompt Engineering, and the Model Registry.

The MLflow Model Registry is the most widely used model registry today. It serves as a centralized model repository that facilitates better organization, management, collaboration, and documentation between developers and broader teams. Model registries provide significant operational benefits in terms of quality, consistency, and scalability, which is why so many enterprise machine learning teams have come to rely on them.

What is model validation, and why is it important?

Model validation is the process of identifying and addressing safety and security vulnerabilities in a model through file scanning and rigorous testing. It is a foundational practice of AI security and an explicit regulatory requirement outlined in policies like the EU AI Act and the White House Executive Order on AI.

Validation is also important to align with leading AI security standards. Popular standards include the OWASP Top 10 for LLM Applications, for which six of the ten highlighted security concerns can be measured or mitigated during pre-deployment validation.  Additionally, the  Databricks AI Security Framework contains sections on model evaluation (DASF 45), comparing LLM outputs (DASF 47), automating LLM evaluation (DASF 49), platform compliance (DASF 50), and source code control (DASF 52) that are critical steps addressed by model validation.

Companies need to ultimately trust that their models are secure and safe. AI security is concerned with protecting sensitive data and computing resources from unauthorized access or attack, such as prompt injection and data poisoning attacks. AI safety is concerned with preventing harms caused by unintended consequences of an AI application by its designer, such as hallucinations and toxic content. Both present business risk and require mitigation.

This pertains to the hundreds of thousands of open-source models on HuggingFace, closed-source models from AI providers, and proprietary models. Testing should occur every time a change is made to the model, as well as at regular time intervals. As new vulnerabilities can emerge throughout model development and in production, model validation must be seen as a continuous and necessary initiative to protect the business, align on security measures across stakeholders, and demonstrate compliance with internal standards and regulatory requirements.

AI application development is often hampered by security concerns. Model validation is a first step in decoupling AI development from AI security, which can help unblock a company’s AI transformation.

Integrating the Robust Intelligence platform with MLflow

Integrating Robust Intelligence’s AI Validation offering with the MLflow model registry makes the important step of model validation an automatic and unobtrusive part of machine learning development.

Adopting this shift-left approach to testing enables developers to ascertain the security and safety vulnerabilities of a given model early on, identify malicious inclusions in their supply chain, and better understand how actions like fine-tuning adversely impact alignment. It also streamlines communication with other teams like security and compliance, who can then independently verify that models have undergone rigorous validation and comply with relevant standards.

“Companies need to ensure that the models they rely on have undergone rigorous validation for safety and security,” said Omar Khawaja, VP Security and Field CISO at Databricks. “Not only does the integration between Robust Intelligence and MLflow make security a built-in piece of the model development lifecycle, it also improves communication between AI stakeholders across data science, security, and GRC teams.”

When you integrate both platforms, the registration of a new model in the MLflow Model Registry will automatically and discreetly initiate Robust Intelligence AI Validation testing. Our algorithmic red-teaming evaluates model susceptibility to over 150 security and safety categories across four primary failure types. This identifies vulnerabilities to malicious actions, such as prompt injection and data poisoning, and unintentional outcomes. If left unchecked, these vulnerabilities can jeopardize your users, sensitive data, and ultimately the security of your organization.

  • Abuse failures such as toxicity, bias, hate speech, and malicious code.
  • Privacy failures such as PII leakage, data loss, model info leakage, and privacy infringement.
  • Integrity failures such as factual inconsistencies, hallucination, off-topic, and off-policy responses.
  • Availability failures such as denial of services and increased resource or cost consumption.

These tests can be repeated periodically to identify new vulnerabilities that emerge in development, after instances of fine-tuning, or after the model is deployed in a production AI application.

Historical results are available for review in the Robust Intelligence platform and within MLflow as model artifacts, providing centralized and continuous assurance that models in use have undergone thorough testing and adhere to any internal standards and regulatory requirements. Results from AI Validation map directly to leading AI security standards from NIST, MITRE, and OWASP, making it easier to measure and demonstrate compliance. We also auto-generate model cards that translate the test results into an easy-to-read report that is mapped to industry and regulatory standards.

Automating model validation saves teams a tremendous amount of time and expertise that would otherwise be required to manually and routinely test models. Manual, ad hoc testing often falls short in terms of coverage and consistency, as it’s performed with individual discretion in an arbitrary and unstandardized manner. 

After identifying the vulnerability profile of your model, AI Validation automatically recommends custom guardrails when used in conjunction with the Robust Intelligence AI Firewall. This ensures that protections are precisely tailored to cover the gaps that exist in your AI applications before bad actors can exploit them.

Ready to bring seamless, automated model testing to your AI development process? You can learn more about AI Validation and our integration with the MLflow Model Registry here.

Author
Authors
Emile Antone
Emile is a Senior Product Marketing Manager at Robust Intelligence.
Share article
Newsletter

Subscribe to our newsletter

Thank you!
You have successfully subscribed to our list
Oops! Something went wrong while submitting the form.
Blog

Related articles

June 21, 2023
-
5
minute read

Generative AI Risk Assessment: Dolly 2.0

For:
May 3, 2021
-
5
minute read

Is your AI model ready for production?

For:
Model Compliance Assessment
September 13, 2021
-
6
minute read

How NTT DATA Uses RIME to Increase Model Performance by 70%

For:
May 28, 2024
-
5
minute read

Fine-Tuning LLMs Breaks Their Safety and Security Alignment

For:
December 5, 2023
-
5
minute read

Using AI to Automatically Jailbreak GPT-4 and Other LLMs in Under a Minute

For:
December 13, 2022
-
4
minute read

Robust Intelligence Partners with Databricks to Deliver Machine Learning Integrity Through Continuous Validation

For:
Data Science Leaders
+   More Articles

Achieve AI Integrity Today

Request a Demo