MLSecOps: Bridging security and AI development processes

As security practitioners, we know that securing an organization isn't necessarily a monolithic exercise: We don't -- literally can't -- always focus equally on every part of the business.

This is normal and natural, for many reasons. Sometimes, we have more familiarity in one area versus others -- for example, an operational technology environment, such as industrial control systems, clinical healthcare devices or IP-connected lab equipment -- might be less directly visible. Other times, focus might be purposeful -- for example, when one area has unmitigated risks requiring immediate attention.

Shifts in attention like this aren't necessarily a problem. Instead, the problem arises later, when -- for whatever reason -- portions of the environment don't ever get the attention and focus they need. Unfortunately, this is increasingly common on the engineering side of AI system development.

Specifically, more and more organizations are either training machine learning (ML) models, fine-tuning large language models ...