Skip to main content

Security & Trust Center

Your data security is our top priority

 

 

AI Security

Best practices for mitigating the risks associated with AI models

AI security refers to the practices, measures and strategies implemented to protect artificial intelligence systems, models and data from unauthorized access, manipulation or malicious activities. Organizations must implement robust security protocols, encryption methods, access controls and monitoring mechanisms to safeguard AI assets and mitigate potential risks associated with their use. 

The Databricks Security team works with our customer base to deploy AI and machine learning (ML) on Databricks securely with the appropriate features that meet customers’ architecture requirements. We also work with dozens of experts internally at Databricks and in the larger ML and GenAI community to identify security risks to AI systems and define the controls necessary to mitigate those risks. 

Understanding AI systems

What components make up an AI system and how do they work together?

AI systems are composed of data, code and models. A typical end-to-end AI system has 12 foundational architecture components, broadly categorized into four major stages:

  1. Data operations include ingesting and transforming data and ensuring data security and governance. Good ML models depend on reliable data pipelines and secure infrastructure.
  2. Model operations include building custom models, acquiring models from a model marketplace or using software-as-a-service (SaaS) large language models (LLMs), such as OpenAI. Developing a model requires a series of experiments and a way to track and compare the conditions and results of those experiments. 
  3. Model deployment and serving consists of securely building model images, isolating and securely serving models, automated scaling, rate limiting and monitoring deployed models. 
  4. Operations and platform include platform vulnerability management and patching, model isolation and controls to the system and authorized access to models with security in the architecture. It also consists of operational tooling for CI/CD. It ensures the complete lifecycle meets the required standards by keeping the distinct execution environments — development, staging and production — secure for MLOps.   

The below image highlights the 12 components and how they interact across an AI system.

ai system components and associated risks transparent

Understanding AI security risks

What are the security threats that may arise when adopting AI?

In our analysis of AI systems, we identified 62 technical security risks across the 12 foundational architecture components. In the table below, we outline these basic components, which align with steps in any AI system, and highlight some examples of security risks. The full list of 62 technical security risks can be found in the Databricks AI Security Framework.

AI system stage

AI system components

Potential security risks

Data operations

1. Raw data 

2. Data preparation 

3. Datasets

4. Catalog and governance

20 specific risks such as:

  • Insufficient access controls
  • Missing data classification
  • Poor data quality
  • Lack of data access logs
  • Data poisoning

Model operations

5. ML algorithm

6. Evaluation

7. Model build

8. Model management

15 specific risks such as:

  • Lack of tracking and reproducibility of experiments
  • Model drift
  • Hyperparameters stealing
  • Malicious libraries
  • Evaluation data poisoning

Model deployment and serving

9. Model Serving — inference requests

10. Model Serving — inference responses

19 specific risks such as:

  • Prompt inject
  • Model inversion
  • Denial of service (DOS)
  • LLM hallucinations
  • Black-box attacks

Operations and platform

11. ML operations 

12. ML platform

8 specific risks such as:

  • Lack of vulnerability management
  • Lack of penetration testing and bug bounty
  • Unauthorized privileged access
  • Poor software development lifecycle (SDLC)
  • Lack of compliance

What controls are available for mitigating AI security risks?

There are 64 prescriptive controls for mitigating the identified 62 AI security risks. These controls include:

  • Cybersecurity best practices such as single sign-on, encryption techniques, library and source code controls and network access controls with a defense-in-depth approach to managing risks
  • Data and AI governance–specific controls such as data classification, data lineage, data versioning, model tracking, data and model asset permissions and model governance
  • AI-specific controls like model serving isolation, prompt tools, auditing and monitoring models, MLOps and LLMOps, centralized LLM management, fine-tuning and pretraining your models

If you are interested in getting an in-depth overview of the security risks associated with AI systems and what controls should be implemented for each risk, we invite you to download our Databricks AI Security Whitepaper.

Best practices for securing AI and ML models

Data and security teams must actively collaborate to pursue their goal of improving AI systems’ security. Whether you are implementing traditional machine learning solutions or LLM-driven applications, Databricks recommends taking the following steps as outlined in the Databricks AI Security Whitepaper.

icon-orange-Broader-Business-Insights

Identify the AI business use case

Always remember your business goals. Ensure there is a well-defined use case with your stakeholders, whether already implemented or in the planning phases. We recommend leveraging Databricks Solution Accelerators, which are purpose-built guides to speed up results across your most common and high-impact AI and ML use cases.

icon-orange-auto-ml

Determine the AI deployment model

Choose an appropriate model such as a traditional custom tabular model, SaaS LLM, retrieval augmented generation (RAG), fine-tuned model or external model. Each deployment model has a varying shared responsibility split across the 12 AI system components and among your organization, the Databricks Data Intelligence Platform and any partners involved. 

icon-orange-Compliance

Select the most pertinent risks

From our documented list of 62 security risks, pinpoint the most relevant to your organization based on its deployment model.

Observable Metrics

Enumerate threats for each risk

Identify the specific threats linked to each risk and the targeted AI component for every threat.

Icon Data Lakes

Choose and implement controls

Select controls that align with your organization’s risk appetite. The responsibility for the implementation of these controls may be shared among your organization, your cloud provider and your data and AI vendor(s). You can leverage the Databricks AI Security Framework compendium (Google Sheets, Excel) to help you map this out.

FAQs

AI Security Resources