Ensuring zero-trust principles and verifying that devices and GPUs are free from side-channel attacks is essential to maintaining model integrity.
sets the tone of "never trust, always verify," emphasizing the concepts of least privilege and continuous monitoring. This becomes especially important and relevant in the AI landscape, where model integrity plays a big role, as applications can be accessed from any device or network.
as important for zero trust: identity, device, network, workload and data. The data layer is the most critical for AI models and workloads that are spread across on-premises and cloud environments. Model training and inference rely on controlled and regulated datasets to ensure that there are no cases of misinformation, disclosure of sensitive information, copyright infringement or other ethical issues that must be addressed when defining model weights for these use cases. Model weights help businesses determine which models perform best with specific types of datasets. Ensuring zero-trust principles and verifying that devices and GPUs are free from side-channel attacks is essential to maintaining model integrity.As AI models become more power- and computation-intensive, the scope of what needs to be secured has evolved, from CPUs to GPUs and now to entire AI farms that support these workloads. With this evolution, securing computational workloads is becoming more important, not just at rest but also during computation. This has driven demand for secure, or confidential, compute. Trusted computing is essentially a trusted execution environment enforced via tamper-proof hardware and remote attestation. Most GPUs have a hardware root of trust, and when combined with CPU proofs, they create a single token that can be used to encrypt workloads during computation. Standards like SPDM are increasingly used for device authentication and key exchange. At the same time, PCIe IDE and CXL IDE standards are used to encrypt traffic between CPUs and GPUs. The key to this secrecy is how often new keys are generated, ensuring that each session is dedicated to a specific workload or user. With confidential compute, users can be confident that their workloads are protected from side-channel attacks, as the workloads remain encrypted even during computation.With GPUs getting more expensive and the data center industry facing power and capacity shortages, fractional GPUs or distributed computing are emerging as efficient ways for businesses to expand their computational capabilities. In a fractional GPU model, the number of cores available for computation is dynamically distributed across various workloads, which may be owned by different users. Once a workload has completed execution, those cores are released back into the open pool. One major security concern in this model is ensuring that cores and scratchpads are fully cleared before being allocated to the next workload. Malicious attackers have found ways to persist in scratchpads or previously allocated cores to tamper with or spy on workloads. Tools like Nvidia’s Multi-Instance GPU feature can help reduce cross-tenant interference to a large extent.Ensure that workload identities use keys derived from a combination of GPU and CPU proofs by leveraging standards like SPDM. Block access to model stores unless this verification is performed.Deploy zero-trust architecture components across the network perimeter, including API gateways, storage and device boundaries. Ensure access is per-session and context-aware.In addition to encrypting data at rest and in transit across the environment, use SPDM and PCIe IDE to encrypt workloads during computation.Separate training clusters and production environments into distinct, isolated trust zones based on data sensitivity and model trustworthiness.Map detections, such as model hallucinations, model theft, poisoning and data exfiltration, to the MITRE ATLAS framework, and create a threat profile based on the top attack vectors and mitigations to feed into SIEM/SOAR platforms. Develop a model theft playbook and automate key checks within the CI/CD pipeline to ensure security.Securing the AI data center relies heavily on implementing zero-trust architectures and applying encryption in the right way at the right points, from user to CPU, GPU, model and beyond. This ensures that you can scale the efficiency of fractional GPUs without increasing risk.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Why Your Company Needs a Chief Data, Analytics, and AI OfficerHow to define the role, provide a clear mandate, and ensure they’re positioned to deliver value for the company.
Read more »
GBP holds mid-range among G10 ahead of quiet Data weekThe Pound Sterling (GBP) is modestly lower ahead of Tuesday’s North American session, with limited domestic data leaving the market focused on Bank of England policy, Scotiabank's Chief FX Strategists Shaun Osborne and Eric Theoret report.
Read more »
You Can Protect Your Browsing Data At Work With This Hidden Android FeatureBriley Kenney has written about technology and consumer electronics for nearly two decades. Starting in the days of yore, covering Blackberry, he has a vast array of bylines.
Read more »
Scientists Release Data Backing Hepatitis B Vaccines for Newborns Ahead of Crucial Vaccine Panel VoteThe review was carried out and released by the Vaccine Integrity Project, which is dedicated to bolstering vaccines in the U.S.
Read more »
Should AI Run In Data Centers Or Personal Devices?The question of where AI should execute—whether in vast data centers or on personal devices—is a nuanced debate in this era.
Read more »
Nvidia GPUs: Here's Who Makes Them And Where They're ManufacturedBen has worked as a professional writer for the past five years, gaining his start writing consumer tech product descriptions for a major retailer. Since then, Ben has goes on to write hundreds of news reports, features, reviews, and guides covering computer components, laptops, tablets, and more.
Read more »