Protect
AI, a cybersecurity company focused on the security of
artificial intelligence and machine learning systems, emerged from stealth
today with $13.5 million seed funding and its first product, NB Defense. The
free product is the industry's first security solution to address
vulnerabilities in a core component used at the beginning of the machine
learning supply chain - Jupyter Notebooks. This is a rapidly growing security
issue which is increasing significantly annually as more organizations move
machine learning into production environments. Today, there are over 10M
publicly accessible notebooks, growing by 2M+ annually, with many more in
private repositories.
The company was founded by a proven leadership team who have led
some of the largest and most successful AI businesses from AWS and Oracle, with
strong track records of creating new market categories and launching successful
startups in the ML space. The
round was co-led by successful cybersecurity investors Acrew Capital and
boldstart ventures. Mark Kraynak and Ed Sim, respectively, join the Protect AI
Board of Directors. Additional investors include Knollwood Capital, Pelion
Ventures, Avisio Ventures, and experienced cybersecurity leaders Shlomo Kramer,
Nir Polak, and Dimitri Sirota.
"As enterprises put AI/ML in production it must be protected commensurate
with the value it delivers. I have seen more than one hundred thousand
customers deploy AI/ML systems, and realized they introduce a new and unique
security threat surface that today's cybersecurity solutions in the market do
not address," said Ian Swanson, co-founder and CEO, Protect AI. "This is why we
founded Protect AI. ML developers and security teams need new tools, processes,
and methods that secure their AI systems. Since nearly all ML code begins with
a notebook, we thought that's the most logical place to start so that we can
accelerate a needed industry transition. We are launching a free product that
helps usher in this new category of MLSecOps to build a safer AI-powered world,
starting now. But, we have many more innovations that will be released quickly
across the entire ML supply chain."
As MLOps has helped increase the velocity of machine learning
being used in production, opportunities for security incidents have increased
and new vulnerabilities have been created in the enterprise ML supply chain.
Some of the novel security risks in the ML software supply chain include
Jupyter Notebooks that are incompatible with existing static code analyzers,
arbitrary code execution in serialized models, poisoned training data, and
model evasion using adversarial ML techniques.
The Need for MLSecOps (Machine Learning + Security + Operations)
MLSecOps
is a new and much needed practice in application security that involves
introducing security earlier in the ML model development life cycle.
"ML is an entirely new class of applications and underlying
infrastructure, just like mobile web, IOT, and Web3. Security for new
application ecosystems follow the same arc: knowledge of vulnerabilities,
followed by the ability to find them, then adding contextual understanding and
prioritization, then finally automated remediation. Protect AI will enable this
end to end arc for AI systems," said Mark Kraynak, founding partner, Acrew
Capital. "We are excited about this first step, with NB Defense, and look forward
to working with the leadership team as there is a lot more to come."
Improving the Security of a Core Component Used by ML
Practitioners - Jupyter Notebooks
ML practitioners use notebooks to create and share documents that
contain live code, equations, visualizations, data, and text. Notebooks can
introduce security risks within an organization and current cybersecurity
solutions aren't addressing this space. In fact, Protect AI used NB Defense to
scan over 1000 public Jupyter Notebooks and found many examples of secrets
being exposed, personally identifiable information leaked, and critical
vulnerabilities that could be exploited by an attacker to compromise cloud
systems including gaining access to sensitive databases. Current cybersecurity
solutions do not provide coverage of this commonly-used tool.
This gap in coverage means that a critical portion of an
enterprise's code base could contain unseen vulnerabilities, creating zero-day
exploit risks. "Unfortunately, having worked with hundreds of customers, I've
learned that ML code is not commonly scanned today in enterprises. Furthermore,
ML specific scanning and AI vulnerability remediation is not yet a priority for
most CISOs," said Dan Plastina, former Vice President of AWS Security Services and
advisory member to Protect AI. "This is because tools have not existed to
target this specific need while catering to both AI builders and cybersecurity
professionals, until now. Protect AI addresses that gap."
What is NB
Defense and How Does it Work
NB
Defense is an industry-first security solution for Jupyter Notebooks. NB
Defense creates a translation layer from traditional security capabilities to
enable scans of Jupyter Notebooks, then communicates findings back natively in
the notebook or via easy-to-read reports with context specific links to
problematic areas within the notebook for remediation. NB Defense security
scans of a notebook check for:
- Common vulnerabilities and exposures in ML open-source
frameworks, libraries, and packages
- Authentication
tokens and other credentials over a host of services and products
- Non
permissive licenses in ML open source frameworks, libraries, and packages
- Sensitive data and personally identifiable information
Critically, NB Defense will work across MLOps tools, effectively
meeting enterprises where they do machine learning today. "Every customer's
Machine Learning process includes Jupyter as a key workbench for their data
scientists, this does not change if they are on AWS, Azure, GCP, or other
solutions," said Chris King, Head of Product, Protect AI. "It was vital that we
built NB Defense to work with all of these platforms, meeting their data
scientists where they work, empowering them to improve the security posture of
their workloads without curbing their productivity or creativity. Securing a
notebook is just the first step, and customers can expect a rapid pace of
products and solutions that help them secure their ML environments in an end to
end fashion."
NB Defense is available today under
a free license. Users can easily install NB Defense and use the
JupyterLab Extension or Command Line Interface (CLI). The product was also
designed to be embedded in ML development workflows with pre-commit hook
support that allows a user to run a scan before any changes enter a repository.
NB Defense security scans can also be scheduled via GitHub Action or any other
CI/CD process.