Protect AI, an AI cybersecurity startup, has disclosed details of eight vulnerabilities discovered in the open-source supply chain used to develop in-house AI and machine learning models.
All have CVE numbers, one with critical severity and seven with high severity. The nature and vulnerability of open-source code are well known. SBOMs are designed and used to provide security assurance when developing standard code with OSS libraries. However, SBOMs do not work with open-source software for AI/ML development.
Also read: Six Methods to Strengthen Supply Chain Cybersecurity in 2024
Without this AI/ML BOM, in-house developers must rely on their own or third-party expertise to identify how vulnerabilities can be exploited within the hidden machine learning pipeline.
Read More: Eight Vulnerabilities Disclosed in the AI Development Supply Chain