SOSS Community Day Europe 2024

AI developers are experts at building AI models. Security people know how to secure traditional software. But how do we secure software that contains AI? This is not a theoretical question: We have executive orders for strengthening the supply chain and secure AI development, we have NIST SP 800-218A for secure usage of GenAI. What is lacking is a deep dive into how people can use OSS technologies to secure software using AI. This is what we are planning to do in this talk. We will present every possible step that can be taken to train models in a secure way. This will cover securing the data from ingestion to using it during training, and evaluation. It also covers fine-tuning foundational models and model quantization. It aims to be the most complete and comprehensive resource in securing AI powered application from the point of view of the software supply chain. Then, it will include items about securing AI outputs, securing AI deployments. This is really important to do, because we see the same security concerns from traditional software being repeated in AI world, but at an accelerated pace. As threat landscape evolves, we are should building on stable, secure foundations.