Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

AI Pipeline Security

AI Pipeline Security

Section titled “AI Pipeline Security”

5 automated security scanners

Model Monitoring Governance

Section titled “Model Monitoring Governance”

Purpose: The Model Monitoring Governance Scanner is designed to monitor and evaluate the governance of machine learning models within an organization. It ensures compliance with security policies, incident response procedures, data protection measures, and access controls by identifying indicators related to these aspects in company documentation and public policy pages.

What It Detects:

  • Security Policy Indicators: Identifies the presence or absence of a formal security policy document, checks for references to incident response plans, verifies data protection policies are in place, and ensures access control mechanisms are described.
  • Maturity Indicators: Looks for SOC 2 compliance certifications, searches for ISO 27001 standards adherence, detects mentions of penetration testing activities, identifies vulnerability scanning or assessment procedures.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps maintain a robust security posture by ensuring that all machine learning models within the organization adhere to stringent security policies, incident response plans, and data protection measures. Compliance with these standards not only mitigates risks but also enhances trust among stakeholders.

Risk Levels:

  • Critical: The scanner identifies significant gaps in formal security policy documentation or absence of critical compliance certifications (e.g., SOC 2 Type II certification).
  • High: There are notable deficiencies in data protection policies, access controls, or mention of penetration testing/vulnerability assessments that do not meet industry standards.
  • Medium: The scanner detects some gaps in security documentation but does not significantly impact the overall risk profile if other mitigation measures are in place.
  • Low: Minor deviations from recommended practices exist without immediate operational risks.
  • Info: Informal mentions or suggestions for improvement in policies that do not pose an immediate threat to operations.

Example Findings:

  1. The scanner flags a notable absence of a formal security policy document on the company’s website, indicating a critical risk as it suggests inadequate foundational security practices.
  2. A high-risk finding is detected when the scanner identifies that none of the mentioned penetration testing activities have been conducted in accordance with recognized standards, which could lead to significant vulnerabilities remaining undetected.

Training Data Security

Section titled “Training Data Security”

Purpose: The Training Data Security Scanner is designed to ensure the integrity and quality of training data by detecting issues related to data provenance, tampering, and potential data quality problems. This helps maintain the reliability and effectiveness of AI models trained on this data.

What It Detects:

  • Data Provenance Verification: Identifies sources of training data to ensure they are legitimate and trustworthy, checking for documentation or references to data collection methods and origins, and verifying that data is sourced from reputable providers or internal processes.
  • Data Tampering Indicators: Detects anomalies in data distribution or patterns that suggest tampering, looking for signs of data manipulation such as unexpected outliers or inconsistencies, and identifying unauthorized modifications or additions to the dataset.
  • Data Quality Checks: Evaluates the completeness and accuracy of training data, checking for missing values, errors, or inconsistencies within the dataset, and assessing the relevance and appropriateness of the data for the intended use case.
  • Security Policies Review: Examines company security documentation to ensure robust data protection measures are in place, verifying compliance with relevant standards and certifications (e.g., SOC 2, ISO 27001), and checking for incident response plans and access control policies related to training data.
  • Compliance Certifications and Trust Center Information: Reviews public policy pages and trust center information for mentions of data security practices, identifying certifications that demonstrate adherence to industry standards, and ensuring compliance certifications are up-to-date and relevant to data handling processes.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: Ensuring the integrity and quality of training data is crucial for maintaining the reliability and effectiveness of AI models, which can directly impact decision-making processes in critical sectors such as healthcare, finance, and autonomous vehicles. Poor data quality can lead to incorrect predictions, operational disruptions, and potential safety risks.

Risk Levels:

  • Critical: Findings that indicate a direct threat to the integrity or availability of training data, potentially leading to significant financial losses or legal repercussions.
  • High: Issues that pose a high risk of compromising data security or compliance with regulatory standards, requiring immediate attention and mitigation efforts.
  • Medium: Problems that may lead to suboptimal model performance or increased operational costs but do not directly compromise critical systems.
  • Low: Minor issues that can be addressed through minor adjustments in data handling practices without significant impact on overall operations.
  • Info: Informative findings that provide insights into best practices and areas for improvement, which are valuable for continuous enhancement of data security measures.

Example Findings:

  • “The training dataset references a source that has been flagged as untrustworthy due to lack of transparency in data collection methods.”
  • “There are indications that the dataset has undergone unauthorized modifications, suggesting potential tampering.”

This structured approach helps users understand the scope and severity of issues detected by the scanner, enabling targeted actions to enhance data security practices.

Model Deployment Security

Section titled “Model Deployment Security”

Purpose: The Model Deployment Security Scanner is designed to identify and report on a range of potential security vulnerabilities in container deployments, API configurations, authentication mechanisms, and network settings. Its primary objective is to ensure robust protection against unauthorized access and data breaches by detecting issues such as public S3 bucket access, overly permissive IAM policies, insecure APIs, default credentials usage, and misconfigured security groups.

What It Detects:

  • Container Security Issues:

    • Identifies S3 buckets with public ACLs that allow unrestricted access.
    • Checks for the absence of server-side encryption on stored objects, which can lead to unauthorized data exposure.
    • Detects permissions granted to AllUsers or AuthenticatedUsers, potentially exposing sensitive information.

  • IAM Policy Vulnerabilities:

    • Uncovers policies that allow all actions ("Action": "*"), which are overly permissive and pose a significant security risk.
    • Identifies the use of the root account in IAM roles, which can lead to complete compromise if compromised.
    • Detects IAM accounts created more than a year ago, which might indicate legacy or unused credentials that could be targeted for attack.

  • API Security Flaws:

    • Scans for APIs accessible without proper authentication, posing risks of data leakage and unauthorized access.
    • Checks the absence of CloudTrail logging on critical resources, making it difficult to track and audit API usage.

  • Authentication Weaknesses:

    • Identifies services that use default or easily guessable credentials, which can be exploited by malicious actors.
    • Detects the use of weak encryption algorithms in API communications, compromising data integrity and confidentiality.

  • Network Security Misconfigurations:

    • Scans for open ports on systems that should be restricted to minimize attack vectors.
    • Identifies EC2 security groups with overly permissive rules, allowing unnecessary traffic that could lead to unauthorized access.

Inputs Required:

  • domain (string): The primary domain under analysis, such as acme.com, which helps in identifying potential breach disclosure statements and misconfigurations related to public accessibility.
  • aws_account_id (string): The AWS account ID is crucial for API access and permission checks within the specified account.
  • aws_region (string): Specifies the geographical region where the scan operations are conducted, affecting how resources are accessed and managed in that area.

Business Impact: This scanner plays a critical role in safeguarding enterprise assets by proactively identifying potential security flaws before they can be exploited by cyber threats. The findings from this scanner directly impact the integrity and confidentiality of sensitive data, as well as the overall trustworthiness and compliance with industry standards for organizations using AWS services.

Risk Levels:

  • Critical: Overly permissive IAM policies allowing all actions ("Action": "*"), use of default credentials in API communications, and public access to S3 buckets are considered critical risks as they can lead directly to unauthorized data exposure or system compromise.
  • High: The misuse of the root account in IAM roles and misconfigured security groups that allow unrestricted traffic pose significant high-risk vulnerabilities that could be exploited by malicious users.
  • Medium: While not as severe, the use of weak encryption algorithms and APIs without proper authentication mechanisms are considered medium-risk issues due to their potential impact on data protection and system usability.
  • Low: Informational findings such as open ports or unencrypted S3 objects can be mitigated through configuration adjustments but still need attention for better security posture.

Example Findings:

  1. An S3 bucket with the name example-bucket has public access enabled, which could lead to unauthorized data exposure.
  2. A policy named example-policy within an AWS account allows all actions ("Action": "*"), posing a significant security risk by providing broad permissions that can be misused.

Model Update Security

Section titled “Model Update Security”

Purpose: Ensures robust model update processes by detecting the presence of version control, rollback mechanisms, and proper update procedures. This helps in maintaining system integrity and facilitating quick recovery from potential issues introduced during updates.

What It Detects:

  • Version Control Indicators: Check for references to version control systems (e.g., Git, SVN), verify commit history mentions, and detect branch management practices.
  • Rollback Mechanisms: Identify rollback procedures and protocols, look for automated rollback capabilities, and verify manual rollback instructions.
  • Update Process Documentation: Search for detailed update process documentation, check for pre-update and post-update checks, and verify change management policies.
  • Security Policy Indicators: Detect mentions of security policies related to updates, verify incident response plans for failed updates, and check for data protection measures during updates.
  • Compliance Certifications: Identify references to relevant compliance certifications (e.g., SOC 2, ISO 27001), look for penetration test results and vulnerability assessments, and verify adherence to industry standards.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: Ensuring robust model update processes is crucial for maintaining the integrity of systems and facilitating quick recovery from potential issues introduced during updates, which directly impacts security posture by reducing vulnerabilities and enhancing incident response capabilities.

Risk Levels:

  • Critical: Conditions that could lead to significant system disruptions or data loss, such as lack of version control or absence of detailed update process documentation.
  • High: Conditions that may cause partial functionality loss or hinder troubleshooting during updates, such as missing rollback mechanisms or inadequate security policies.
  • Medium: Conditions that might require additional manual checks or adjustments in the update procedures, like incomplete compliance certifications or vague update processes.
  • Low: Informal mentions or minor gaps in documentation that do not significantly impact system operations but are still recommended to be addressed for best practices adherence.
  • Info: General references or non-critical findings that provide supplementary information about the company’s security and compliance posture without immediate risk.

Example Findings:

  • The absence of any version control indicators could lead to difficulties in tracking changes, potentially compromising the integrity of system updates (Critical).
  • Inadequate mention of rollback mechanisms might leave the system vulnerable to errors or malicious actions during updates, risking data loss or operational disruption (High).

Model Development Security

Section titled “Model Development Security”

Purpose: The Model Development Security Scanner is designed to identify and address various security vulnerabilities and compliance issues within a development environment, codebase, and access controls. Its primary objective is to ensure robustness and adherence to best practices by detecting outdated dependencies, exposing sensitive information, insecure APIs, hard-coded credentials, SQL injection vulnerabilities, improper error handling, inadequate user permissions, unauthorized access, lack of MFA implementation, and compliance with company security policies.

What It Detects:

  • Development Environment Vulnerabilities:

    • Outdated or insecure libraries and dependencies.
    • Exposed sensitive information in configuration files.
    • Unsecured APIs and endpoints.

  • Code Security Practices:

    • Presence of hard-coded credentials.
    • SQL injection vulnerabilities.
    • Improper error handling that may leak sensitive information.

  • Access Controls:

    • User permissions and RBAC configurations.
    • Unauthorized access to critical systems and data.
    • Implementation of MFA.

  • Policy Compliance:

    • Indicators of security policy, incident response, data protection, and access control within company documentation.
    • Compliance with standards such as SOC 2, ISO 27001, penetration testing, and vulnerability scanning.

  • Trust Center Information:

    • Public policy pages and trust center information for compliance certifications.
    • Transparency in security practices and incident response procedures.

Inputs Required:

  • domain (string): The primary domain to analyze, which helps in searching the company’s website for relevant security documents.
  • company_name (string): The name of the company is used when searching for specific statements related to its security practices and policies.

Business Impact: This scanner plays a crucial role in maintaining the security posture of an organization by proactively identifying potential vulnerabilities that could be exploited, thereby mitigating risks associated with data breaches, unauthorized access, and compliance violations.

Risk Levels:

  • Critical: Conditions that directly lead to significant risk, such as exposure of sensitive information or critical system failures.
  • High: Conditions that pose a high risk but are not as severe as critical issues, such as outdated dependencies or exposed APIs without proper protection.
  • Medium: Conditions that may indicate potential risks if left unaddressed, requiring attention for improvement in security practices.
  • Low: Informal findings that do not significantly impact the overall security posture but can be improved for better compliance and operational efficiency.
  • Info: Non-critical issues that provide informational value but do not pose immediate risk or compliance concerns.

Example Findings:

  1. A critical vulnerability in a widely used library could lead to unauthorized access, data leakage, and significant business impact.
  2. Inadequate error handling in API endpoints can expose sensitive information to potential attackers, leading to trust and legal issues for the company.