An inventory list of software components and dependencies associated with an AI system. The AI profile contains information about software components and dependencies associated with artificial intelligence and machine learning (AI/ML) models and systems. This inventory includes the software frameworks, libraries, and other components used to build or deploy the AI system, along with relevant information about their versions, licenses, and useful security references. Including ethical and security.
Definition
Personas
- Developers and Data Scientists: are responsible for designing, development and maintaining the AI system by understanding the list of components.
- System Administrators: manage the deployment and operation of the AI system. They use AI Profile SBOM to identify and address any security or ethical vulnerabilities.
- Security Officers: focus on the security aspects of the AI software components used including ones provided by suppliers. They assess potential vulnerabilities, evaluate security controls, and ensure that the supplier follows secure development practices to minimize security risks.
- Ethicists: focus on identifying and mitigating potential ethical risk in the AI system. They would leverage the AI Profile SBOM to assess and track any reported ethics vulnerabilities.
- Compliance Officers and Auditors: ensure that the AI system adheres to applicable regulations, standards, and licensing requirements.
- Procurement officers: are involved in the purchasing and procurement of AI software components from the supplier. They evaluate pricing, negotiate contracts, and ensure that the supplier meets the organization’s procurement policies and procedures.
- Legal Counsel: represent the legal department within the organization. They review contracts, terms of service, and licensing agreements to ensure legal compliance and mitigate any potential legal risks associated with the AI software components provided by the supplier.
- Supplier Managers: represent the individual responsible for managing the supplier relationship. They oversee the supplier’s performance, contracts, and deliverables. Their primary focus is ensuring compliance and maintaining a positive supplier relationship.
- Privacy officers: responsible for managing and monitoring compliance with the organization’s privacy policy.
Use Cases
Vulnerability Management
AI profile SBOM can provide a comprehensive inventory of software components and versions used in an AI system. An example like Model Evasion Attacks which aim to manipulate the training data or the model itself to deceive the AI system. Attackers try to exploit weaknesses in the model’s algorithms, such as bias or blind spots, to bypass security measures or generate false outputs. By creating an AI profile sBOM, these types of issues would be quickly identified.
Compliance and Licensing
AI systems often use open-source libraries or third-party components, which may have specific licensing requirements. With an AI profile SBOM, organizations can easily track the licenses of the AI software components used, ensuring compliance licensing analysis, and avoiding legal issues related to intellectual property.
System Transparency and Auditability
The AI Profile SBOM provides a detailed list of AI software components used in an AI system. It identifies the specific versions, dependencies, and configurations of each component. This transparency enables auditors and stakeholders to understand.
System Integration and Interoperability
When integrating AI systems with other software or platforms, an AI profile SBOM helps identify compatibility issues, overlapping dependencies, or version conflicts. This facilitates smoother integration and interoperability.
Benefits
Creating an AI profile SBOM offers numerous benefits, including enhanced security, risk mitigation, compliance, supply chain management, transparency, efficient maintenance, incident response, and improved collaboration. It empowers organizations to effectively manage and secure their AI systems throughout their lifecycle.
