Gary McGraw

Please read this BIML report on #MLsec. It is free, published under the creative commons, and no longer reg walled.

BIML is a completely independent, non-profit 501(c)3 #ML lab working on #AI security.

https://berryvilleiml.com/results/no-security-meter-ai.pdf

No Security Meter for AI

...

May 20 at 3:38pmWeb
Show threadAnkh-Morpork Zoning Dept 🌱2d ago

RE: https://sigmoid.social/@cigitalgem/116607647772040338

I'm not very far into this, but the foundational principles for the discussion are excellent.

e.g., "Measuring security is non-trivial, because security is a system-wide emergent property."

Show threadGary McGraw2d ago

@coreysnipes thank you.

I have been at this for a while ...both as a security guy who helped get #swsec and #appsec going 28 years ago and as a student of Doug Hofstader's with a Ph.D. in #cogsci. BIML has been spearheading independent #MLsec since 2019.

Show threadDavi Ottenheimer1d ago
@cigitalgem Nice! Very good stuff. Knostic's filename-leakage point is what I see running a multi-pass scanner. The labels create a false measure if a benchmark rewards reading them instead of the code.
Show threadGary McGraw1d ago

@flyingpenguin lots of issues with benchmarks...and that is an important one.

I hope the overall point about developing a meter for security (or not) shines through.

Please share with everyone you know.