Protect AI emerged from stealth with $13.5 million seed funding and its first product, NB Defense.
NB Defense addressess vulnerabilities in a core component used at the beginning of the machine learning supply chain – Jupyter Notebooks. This is a rapidly growing security issue which is increasing significantly annually as more organizations move machine learning into production environments. Today, there are over 10M publicly accessible notebooks, growing by 2M+ annually, with many more in private repositories.
The company was founded by a proven leadership team who have led some of the largest and most successful AI businesses from AWS and Oracle, with strong track records of creating new market categories and launching successful startups in the ML space.
The round was co-led by successful cybersecurity investors Acrew Capital and boldstart ventures. Mark Kraynak and Ed Sim, respectively, join the Protect AI Board of Directors. Additional investors include Knollwood Capital, Pelion Ventures, Avisio Ventures, and experienced cybersecurity leaders Shlomo Kramer, Nir Polak, and Dimitri Sirota.
“As enterprises put AI/ML in production it must be protected commensurate with the value it delivers. I have seen more than one hundred thousand customers deploy AI/ML systems, and realized they introduce a new and unique security threat surface that today’s cybersecurity solutions in the market do not address,” said Ian Swanson, co-founder and CEO, Protect AI.
“This is why we founded Protect AI. ML developers and security teams need new tools, processes, and methods that secure their AI systems. Since nearly all ML code begins with a notebook, we thought that’s the most logical place to start so that we can accelerate a needed industry transition. We are launching a free product that helps usher in this new category of MLSecOps to build a safer AI-powered world, starting now. But, we have many more innovations that will be released quickly across the entire ML supply chain.”
As MLOps has helped increase the velocity of machine learning being used in production, opportunities for security incidents have increased and new vulnerabilities have been created in the enterprise ML supply chain. Some of the novel security risks in the ML software supply chain include Jupyter Notebooks that are incompatible with existing static code analyzers, arbitrary code execution in serialized models, poisoned training data, and model evasion using adversarial ML techniques.
The need for MLSecOps (machine learning + security + operations)
MLSecOps is a new and much needed practice in application security that involves introducing security earlier in the ML model development life cycle.
“ML is an entirely new class of applications and underlying infrastructure, just like mobile web, IOT, and Web3. Security for new application ecosystems follow the same arc: knowledge of vulnerabilities, followed by the ability to find them, then adding contextual understanding and prioritization, then finally automated remediation. Protect AI will enable this end to end arc for AI systems,” said Mark Kraynak, founding partner, Acrew Capital. “We are excited about this first step, with NB Defense, and look forward to working with the leadership team as there is a lot more to come.”
Improving the security of a core component used by ML practitioners – Jupyter Notebooks
ML practitioners use notebooks to create and share documents that contain live code, equations, visualizations, data, and text. Notebooks can introduce security risks within an organization and current cybersecurity solutions aren’t addressing this space.
In fact, Protect AI used NB Defense to scan over 1000 public Jupyter Notebooks and found many examples of secrets being exposed, personally identifiable information leaked, and critical vulnerabilities that could be exploited by an attacker to compromise cloud systems including gaining access to sensitive databases. Current cybersecurity solutions do not provide coverage of this commonly-used tool.
This gap in coverage means that a critical portion of an enterprise’s code base could contain unseen vulnerabilities, creating zero-day exploit risks. “Unfortunately, having worked with hundreds of customers, I’ve learned that ML code is not commonly scanned today in enterprises. Furthermore, ML specific scanning and AI vulnerability remediation is not yet a priority for most CISOs,” said Dan Plastina, former VP of AWS Security Services and advisory member to Protect AI. “This is because tools have not existed to target this specific need while catering to both AI builders and cybersecurity professionals, until now. Protect AI addresses that gap.”
What is NB Defense and how does it work
NB Defense is a solution for Jupyter Notebooks. NB Defense creates a translation layer from traditional security capabilities to enable scans of Jupyter Notebooks, then communicates findings back natively in the notebook or via easy-to-read reports with context specific links to problematic areas within the notebook for remediation. NB Defense security scans of a notebook check for:
- Common vulnerabilities and exposures in ML open-source frameworks, libraries, and packages
- Authentication tokens and other credentials over a host of services and products
- Non permissive licenses in ML open source frameworks, libraries, and packages
- Sensitive data and personally identifiable information
Critically, NB Defense will work across MLOps tools, effectively meeting enterprises where they do machine learning today. “Every customer’s Machine Learning process includes Jupyter as a key workbench for their data scientists, this does not change if they are on AWS, Azure, GCP, or other solutions,” said Chris King, Head of Product, Protect AI.
“It was vital that we built NB Defense to work with all of these platforms, meeting their data scientists where they work, empowering them to improve the security posture of their workloads without curbing their productivity or creativity. Securing a notebook is just the first step, and customers can expect a rapid pace of products and solutions that help them secure their ML environments in an end to end fashion.”
NB Defense is available today under a free license. Users can easily install NB Defense and use the JupyterLab Extension or Command Line Interface (CLI). The product was also designed to be embedded in ML development workflows with pre-commit hook support that allows a user to run a scan before any changes enter a repository. NB Defense security scans can also be scheduled via GitHub Action or any other CI/CD process.