@DL144 thanks for pointing it out! Terminology is getting the better of me here—the resource you linked—and it is excellent—is more about AI safety than what I think of as securing an ML/LLM model as part of a larger product or software deployment. Things like securing the model build pipelines, figuring out how to safely use a model on a regulated environment, and all the other little things most orgs need to do to have some level of risk assurance.
AI safety work is an important part of this, but the operational deployment of such models is what I’m trying to pin down and develop some more guidance around. Thoughts?
Cybersecurity friends, I’m working on writing up a primer on securing “AI” (LLM and ML models, really, but everyone asks about “AI security”).
What do you want to know about AI security? What questions do you have trouble answering? There’s a lot of hard earned know-how out there that I’m trying to compile and knowing what the most common questions are will help me prioritize and organize stuff.
So who all is speaking at BSidesSF next year? :)
@foggyruins for a layman? Yeah. If they were a politically important person, celebrity, or similar, I’d probably suggest in finding an outfit that specializes in that kind of thing. e.g. https://www.k2integrity.com/en/services/investigations/private-client-services/ or similar.
There’s probably a middle ground here for someone who wants to learn how to better secure their own stuff, but when you’re talking about families and relatives it’s hard to get groups of folks to commit to things like security awareness training.
