Closed guerilla7 closed 10 months ago
Thank you! Many thanks for reaching out to us also.
Great suggestion, I will get this enhacement added to the next round and ACK back shortly.
Examples of centralized ML model registries include MLFlow, Iterative.ai, GCP Vertex AI Model Registry, and AWS SageMaker Model Registry.
I will stray away from this, as we do not want to directly reference vendors, models or make any distinctions that could lead towards bias
AML.TA0000 ML Model Access - MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) ATT&CK Framework
Happy to include this as a reference
Hi Team,
Congrats on the first iteration!
I was hunting for either a "registry" or "inventory" word on the document and could not find one.
Based on my experience in threat modeling internally-developed ML/LLM applications, development teams are prone to storing the actual ML model or bits and pieces of related artifacts (documents, code, and other data that can be used to understand the purpose of the model) on their local machine, personal code repo, etc., contributing to LLM10 - Model Theft.
Under Prevention, I would like to propose adding the following entry:
Examples of centralized ML model registries include MLFlow, Iterative.ai, GCP Vertex AI Model Registry, and AWS SageMaker Model Registry.
References: