Hello everyone. My name is bu. As a DevSecOps and multi-cloud architect, I have spent the last 19 years helping companies architect secure and optimize their cloud infrastructures. I have had opportunity to lead some incredible projects from innovating gene based solutions for AIOps to re-engineering high performance payment systems. The topic I'm here to discuss today is one of the topic I'm deeply passionate about, securing our, a pipelines from development all the way to production as we. Op operationalize machine learning. We will creating we are creating a new kind of battlefield. The challenge is that our traditional DevSecOps practices, which we have relayed on for years simply fail to address the novel threats that ML ops introduces. We are facing an attack surface that extend beyond code to our data, our models. And our entire infrastructure today, we are going on a journey. We'll start with the reality that you have vulnerable ML models, but we won't stay there. We are going to move from a state of vulnerability to position of strength and creating what I call unbreachable pipelines. We will do this by looking at real proven security frameworks, seeing a security in action and leveraging battlefield tested strategies used by Fortune 500 companies. My goal is simple to show you how to stop playing defense and make your pipelines more robust. So how will. We get there. Here are our agenda for today. First we will define the problem by looking at the expanding ML apps attack surface. Then we will introduce the solution, adopting the zero trust mindset. The core idea of never trust, always verify. Then we will get the practical with the framework applying these principles across ML lifecycle. I will share the impact with the proven results and real world case studies. And finally I will leave you with the, with your roadmap actionable steps to get started on building truly secure MOPS environment. So let's start with the core problem. Machine learning pipelines have created a brand new security battlefield. The traditional DevSecOps practices we have relied on for years simply failed to address these challenges. Think of your ML ops pipelines. Like this hose in a practic, in perfect world clean. One valuable data flows through it, through, through it smoothly. But in reality this pipelines has multiple weak points. An attacker can target your training data, poisoning it stealing, seal it outright. They can go after the model itself. Tampering the tampering with its logic. And stealing intellectual property, they can compromise the underlying infrastructure where your model is trained, or they can attack the interface endpoints where your model makes live decisions leading to envision attacks, data leakage, the attack surface has expanded beyond just code. And we, we need a new strategy to defend it. So let's zoom in on this. Hidden threats. While we still worry about traditional code, vulnerables ML Labs brings a new and dangerous class of high risk threats to the forefront. Let's look at three major ML lab specific threats. First data poisoning, which has a staging sta staging 95 risk score. Imagine an attacker stop subscale feeds your fraud detection model. Bad data, turning your fraud detector into fraud enabler. Next is model theft with an 85 5% of risk score. This is a direct attack on your company, core business asset, your proprietary models. Finally, we have interface interference attacks, carrying 90% risk score. This is where an attacker manipulate a live model to get desired outputs or to extract confidential information. It was trained on. So how do we fight back? The solution is a fundamental shift in mindset called zero trust. The core principle is simple but powerful. Never trust, always verify. It's a security model built on maintaining strict access. Access controls, not trusting anyone by de default. Even if they are already inside your network. What does this means for ML apps? It means every single action is scrutinized. Every request to access data or deploy a model must be authenticated authorized and continuously verified. And the benefits is not just a theoretical adopting. This approach has. Shown a cause of 70 by 73% reduction in security instruments. This is not just about better security, it's about building a more resilient and trustworthy AI systems from ground up. So it's important to understand that applying zero trust is not a. Single action. It's a continuous practical practice applied at every stage of ML Labs pipelines. We are going to break down the implementation of zero trust into four key stages of machine learning life cycle. We'll start with the data and preparation where we securely gather and prepare our data. Then we will move to model training and validation. Ensure we train our models with a strict action access controls. After that, we will cover deployment and survey serving where we deploy models into secure environments. And then finally, we look at monitoring and governance. Where we continuously watch watch over our models to keep them in secure production. Let's start the start at the foundation Data inion. The goal here is to fortify your data foundation in machine learning. We all know the phrase, garbage in, garbage out, but from a security perspective, it's far worse. It's the poisoning and poison out, how do we apply zero trust? Here we build a SEC data security pyramid. At the base we'll use a strict identity and access management to enforce authentication for data sources. Next, we enforce data encryption for all data, both in transit addressed. Under trust. Finally, at the top we ensure data, lineage and integrity. We need to be able to track data origins and transformations using checksums to verify that the data has not been tampered with stage two model training and validation. So now. We move to stage two model training. This is where your secret SaaS is created, and our goal is to secure this environment at all cost. We do this in three key ways. First, we created fortified training zones. Think of this as a isolated every training job in a sandbox container. To prevent unauthorized access. We then server all, we serve all necessary network access and scan every dependency. Second, we enforce the principles of least p release. The A training script should only have absolute minimum permissions if needed. To function, read access to necessary data and right access to specific model artifact location. And the third, we focus on mold model artifact security. Every model that is trained should be digitally signed and versioned. Those models are then stored in a secure and audited model registry. With its own strict access controls stage three deployment and serving. In stage three, we focus on deployment and serving. This is where the model meets the real world, interfacing with users and other systems. So our goal is to hard these live endpoints. We start with the runtime protection model should be deployed on hardened minimal container images using network policies to restrict all unnecessary traffic. Then we secure the A PA endpoint endpoints. Every single interface request must require authentication and authorization. We also need to implement a practical defense like rate limiting. And input validation. Finally, we need a secure configuration management, things like a PA key keys and database credentials should never be hardcoded. They must be stored in a managed, in a dedicated secret manager like HashiCorp Walt or a W Secret manager. Monitoring and governance. Our final stage is monitoring and governance. Here, our mindset has to shift. Our goal is to assume breach and to be continuously look looking for threats. Security is not a static, it's a living cycle. It start with the continuous monitoring. We need to log every request, response, and access event across entire pipeline analysis. With that data, we perform behavioral analysis. We actu, we actively look for anomalies like model performance drift, and data skew, which can indicate a subtile attack. When anomaly detected, we trigger automated response. Instead of waiting for a human, we have automated workflows to mitigate threats such as review, taking access, alerting the security team for further investigation. So what is the ultimate impact of all this work? Adopting zero trust framework does not, does more than just, we just reduce the risk. It's a fundamental build resiliency by design, you shift your entire secure security posture. You move from reacting to threats to a building, a pipeline, secure pipeline that expects and ies them. By verifying every action and enforcing the principles of least privileged access, you harden your systems agonist, both external internal threats. The result is a dramatically lowering of your organization overall risk profile, and leading to that proven 73% reduction in breaches we talked about earlier. So let's look at how this works in real world. Let first FinTech leader, so they challenge was immense. They need to be protected and sensitive financial data, proprietary fraud detection models by implementing a zero trust strategy. Their solution was. To implement a strict IEM and sign all model artifacts, the result they eliminate, they eliminated all major audit findings on data access controls and reduce the time they team spent on manual com compliance reporting by 40%. Next consider a healthcare platform. The challenge was complying with hipaa while using a patient data for a diagnostics. Their solution was to deploy models in isolated environments with their token based a PA authentication. The outcome was a huge success. They achieved a HIPAA compliance, and most importantly, secure sensitive patient healthcare information. So this might seem like a lot, but you can begin with journey today with four actionable steps. This is your roadmap to zero test ML Labs, the first assess and baseline identify all. Components in your ML pipeline and map current access controls to find high risk areas. Second, implement a strong identity, assign unique identity to all users and services and enforce multifactor authentication. Third, enforce least privileged access grant only minimal. Permissions required for each task. Use just in time access where it is possible. And fourth, monitor and respond. Implement continuous logging and anom anomaly detection to identify and contain threats in real time. The good news is. You don't have to build all the, all this from scratch. There is a rich ecosystem of security tools you can leverage to implement this framework for identity and access management. You have tools like Okta, Azure active Directory, HashiCorp Vault, and AWS or GCP, secret Manager for code and container security. You can use scanners like sync. Three V and dependent bot for networks and runtime security services. Service mesh O are linker can handle encryption and policies where while Falco can detect runtime threats. And finally, for data model governance tools like DVC can track data lineage. While ML flow or clear ML can provide secure model, as you start on this path, there are like, there are a few common pitfalls I wanted to avoid first. Don't ignore the human element. If you create so much friction, your data scientist will. Build insecure shadow IT workflows. The solution is to automate security within the CACD pipeline and prove secure by default project templates. Second, the set. The set, set and forget mentality. Zero. Trust is continuous process, not a one time setup. You must regularly logs, rotate credentials, and perform automated security drills. Finally, remember to treat models differently than regular code. A signed container is good, but it doesn't prevent a model from being stolen and poisoned. You need model specific controls like digital signature for. The artifact themself and actively monitor for performance drift. So as we wrap up, I wanted to leave you with the core four takeaways, which you can think of as the MLF security pyramid at the base. I understand that ML maps attack surface is unique. It extends beyond code to data models, infrastructure requiring a specialized approach. The next layer is embracing the zero trust mindset. Never trust, always verify is the guiding principle to effectively secure modern AA systems. Building on that, remember that securities security is a life cycle, not checkbox. You must apply zero trust controls at every stage from data ingestion to production monitoring, and finally, at the top know the results are proven. Adopting this framework is a strategic investment that. Secure and reduce the secure and reduce security incidents. So that brings to me end of my presentation. We have covered unique threats facing ML lops and laid out a comprehensive proven framework to make your a pipelines unbreachable. Thanks for your time. I would like to be happy to answer any questions. You can reach out to me in my LinkedIn or like my email. Id. Thank you guys. Okay.