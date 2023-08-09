An emerging free tool called the AI Risk Database is set to become a mainstream part of cybersecurity teams’ toolboxes in tackling AI supply chain risks. Created by the AI risk experts at Robust Intelligence, the database has been enhanced with new features and is now open-sourced on GitHub. The database aims to help the security community discover and report security vulnerabilities in public machine learning (ML) models, as well as track other factors that can threaten the reliability and resilience of AI systems, such as brittleness, ethical problems, and AI bias.

The tool addresses the potential supply chain problem in the world of AI systems, where open-source components are often used. Due to the reuse of models in collaborative innovation, a flaw in a single model can significantly impact a wide range of AI systems. Recognizing the need for AI supply chain security, the AI Risk Database has incorporated a new dependency graph feature developed by researchers at the Indiana University Kelley School of Business Data Science and Artificial Intelligence Lab (DSAIL). This feature scans GitHub repositories to find publicly reported flaws in models that exist upstream of the delivered model artifact.

Moreover, the database has partnered with MITRE, a leading organization in identifying threats and risks to AI, to enhance vulnerability research, classification, and risk scoring. This partnership closely ties the database to the MITRE ATLAS framework, which includes a list of adversary tactics and techniques based on real-world attack observations and AI red teaming.

The collaborative team from Robust Intelligence, MITRE, and Indiana University will demonstrate the enhanced AI Risk Database at Black Hat Arsenal this week. The demo will showcase the capabilities of the database in identifying risks and vulnerabilities in deploying specific types of AI-enabled systems. By providing organizations with a clearer understanding of their risks, the tool aims to inform risk assessment and mitigation priorities globally.