Open mik0w opened 7 months ago
sagarbhure
commented
7 months ago In my view it should be in ML06, However is should be better renamed with ML from AI supply chain i believe to keep ourself distinct, How would you recommend adding these in the existing ML06, keeping the attacks generic to other packages
shsingh
commented
6 months ago Hi @mik0w I definitely think we should look at including the ecosystem of MLOps software. I am not sure that it all falls within supply chain though. Keen to hear your thoughts on this.
shsingh
commented
2 months ago Hi @mik0w I agree we should look at renaming this from the current "AI Supply Chain"... the renaming was done as feedback (ref: #85 ) but in the cleanup perhaps we could have chosen something more apt. I think "Machine Learning Supply Chain Attacks" is more apt.
What are your thoughts?
Type
Suggestions for Improvement
What would you like to report?
Context One of the parts of the supply chain in modern ML systems is MLOps software - like i.e. MLFlow, Prefect etc. Those systems are vulnerable to classic web based attacks and they seem to be "misconfured by default". I've described it here: https://hackstery.com/2023/10/13/no-one-is-prefect-is-your-mlops-infrastructure-leaking-secrets/ or here: https://github.com/logspace-ai/langflow/issues/1145
Suggestion for improvement I'd suggest including MLOps-related vulnerabilities in the ML06 (or maybe in some other categories as well? I am open for suggestions).
Code of Conduct