Launch Week Day 4: Introducing our new AI inventory
With our new AI Inventory, you can now discover the AI services in use across AWS, Google Cloud and Microsoft Azure. We provide coverage for popular services like Amazon SageMaker, Azure Machine Learning, and Google Cloud Vertex AI, along with managed AI services such as AWS Bedrock, Azure OpenAI Service, and Google Cloud Language AI.
What is an AI Inventory?
An AI Inventory provides visibility into the AI and machine learning services running across your cloud environments. It’s an inventory that maps out the list of services in use and their relationships to corresponding assets like storage buckets, databases and access keys.
Why use an AI Inventory?
Cloud security teams face a new challenge, and that’s securing the growing number of AI workloads. Like every other cloud service, AI services come with their own configuration options and posture risks. Without a clear inventory of AI services, cloud security engineers can’t assess their risk exposure or ensure compliance with AI governance policies.
For example, unmonitored AI services may process sensitive data, operate with excessive permissions, or run vulnerable model versions. That’s why security teams need to know which AI services are deployed, who has access to them, and what data they process.
Understanding AI-SPM
AI Security Posture Management (AI-SPM) is an emerging category focused on securing AI and machine learning workloads in the cloud. An AI Inventory forms the foundation of AI-SPM with the baseline visibility required to implement security controls, assess risks, and maintain compliance. Without knowing what AI assets exist in your environment, implementing security measures becomes impossible.
Key features of our new AI Inventory
Discovery and visibility
Our AI Inventory automatically discovers AI services across AWS, Google Cloud, and Azure. We’ve introduced a new service category “Machine Learning & AI” that includes platform services like SageMaker, Vertex AI and Azure Machine Learning, as well as as chatbot services like Amazon Q and API services like Amazon Bedrock.
For a full list of the AI services our AI Inventory supports check out our docs and the data models for AWS, Google Cloud and Azure.
Understand AI services
Since AI is the next battleground in the cloud, the list of AI services the cloud providers offer just keeps growing. Soon, if not already, it will be impossible to know for a cloud security engineer to know what exactly these individual services do and how they work. That’s why we’ve included a description of each service, as well as a link to the corresponding product documentation.
Get full-stack visibility
With our inventory graph and its neighorbood view, you can see exactly how a specific AI resource is connected with other cloud services, in particular with data sources such as an S3 bucket, or access roles like IAM role. We also tell you where in the world (quite literally) your data resides and where your models run, by showing the region and cloud accounts.
The neighborhood view provides visibility into your AI supply chain with some cool new use cases:
Data source mapping: Which storage buckets and databases contain training data?
Access patterns: Which identities and access keys can interact with AI services?
Network connectivity: What other services can communicate with AI endpoints?
Regulatory compliance: In which region do I run my training, and where do my data assets reside
So what does this mean for my AI security? Here are a few risks that you may have lurking in your infrastructure without this visibility:
Data exposure through misconfigured storage permissions
Unauthorized access to AI endpoints
Compliance violations from undocumented data usage
Expanded AI attack surface through unknown service exposure
These are just some examples, and we’re working on providing an opinionated view on these uses cases in our dashboard.
Write AI policies
Part of Fix Security’s differentation is our unified data model that normalizes resource kinds across different clouds. It can be tedious to know how resource kinds and attributes are named. For custom compliance policies such as "no unencrypted storage volumes" or "every compute instance must have a cost center tag", you don't want to rewrite those checks for every cloud provider.
That’s why we use “base resources” that describe services common to all clouds (firewall, database, etc.). These base resources make it easier to write policies that discover and categorize certain cloud services.
For AI, we’ve introduced three new base resources:
AI Resource: Any type of AI resource across AWS, GCP, Azure
AI Model: Any type of AI model, e.g. an AWS Bedrock Foundational Model
AI Job: Any type of Job, e.g. a GCP Vertex AI Batch Prediction Job
These three base resources make it easy to start with writing searches and policies for your AI Inventory, regardless of if you’re securing a single or multi-cloud environment.
Summary
Our new AI Inventory provides you with full-stack visibility into the AI services that run in your cloud infrastructure. An AI Inventory is the first step towards implementing AI-SPM (AI Security Posture Management). With our base kinds for AI, you can also start writing your first AI-related security policies.
Our AI Inventory is now generally available to all users in your Fix Security dashboard. Head on over, or sign up for a free trial.
Subscribe to my newsletter
Read articles from Lars Kamp directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by