Securing the foundations of AI applications with Chainguard Images

Putting modern AI frameworks into production in 2024 means dealing with unremediated Common Vulnerabilities and Exposures (CVEs), bloated runtime environments, slow release cycles, and the dreaded version agony. Given the speed of AI development and the time commitment associated with maintaining a secure AI infrastructure, we are providing a new way to minimize cyber attacks with pre-built, minimal, secure container images that will allow organizations to protect the data, model execution, and application layers of the Machine Learning stack.

‍

Today, Chainguard is announcing the general availability of Chainguard AI Images, a growing suite of CPU and GPU-enabled container images, including PyTorch, Conda, Kafka, that are hardened, minimal, and optimized for efficient software development.

‍

To support the adoption of Chainguard AI Images and increase knowledge of security issues across the machine learning pipeline, we're also excited to announce our latest Chainguard Academy course, Securing the AI/ML Supply Chain. This immersive, hands-on training covers the basics of safeguarding the AI supply chain to help equip your team with the skills needed to mitigate security risks in machine learning development and production without slowing the pace of innovation.

‍

Introducing Chainguard AI Images

‍

ML and GenAI apps are built on a new type of stack that includes unstructured data, machine learning frameworks, and other components that power predictive models. GenAI introduces additional complexity with GPUs rather than CPUs being used for training and inference. Both Traditional ML and GenAI have data, model execution, and application layers that run open-source software and must be secured.

‍

While AI/ML applications offer incredible potential, building and securing them can be a daunting challenge for many organizations. That’s why we developed Chainguard AI Images, specifically tailored to address the unique needs of our customers who are focused on business innovation without sacrificing security. By simplifying and securing the AI/ML stack, we empower businesses to harness the power of these technologies without the added burden of managing intricate infrastructure.

‍

“As we champion the acceleration of AI technologies, we equally emphasize the critical need for cutting-edge security solutions to safeguard these advancements,” said Jacob Rideout, CTO of HiddenLayer. "We have adopted Chainguard Images to reduce the burden of vulnerability triage on our developers so they can focus on building and establishing a secure avenue for the broad adoption of AI technologies. We are thrilled to see Chainguard expand its offering to include AI and ML workloads and look forward to working together to bring secure AI innovation to the forefront.”

‍

With Chainguard AI Images, organizations can now confidently meet AI security compliance requirements (including our forthcoming FIPS variants), streamline vulnerability scanning, and boost developer efficiency. The solution offers optimized GPU-enabled images, including drivers and libraries to secure the deployment and management of GPU-accelerated AI applications with low-to-zero vulnerabilities and hardened configurations.

‍

An example of a GPU-enabled image in the catalog is the new PyTorch Chainguard Image which provides a secure basis for training and inference workloads in a wide variety of domains, from predictive business applications such as fraud detection to tasks in classification and generative AI.

‍

A number of these new GPU-enabled images join a growing lineup of secure runtimes for developing and deploying AI-powered applications and tools — including secure Python and Node — for accessing AI services over API and Kubeflow for managing and deploying AI frameworks over Kubernetes.

‍

Advantages of Chainguard Images for AI

‍

Handling the intricacies of AI workloads can be overwhelming. From setting up environments to ensuring seamless operation, tasks associated with AI can drain valuable resources and time. Constant vigilance is required to manage and patch vulnerabilities, which becomes exponentially more challenging as new components are integrated and applications scale with rapid innovation and hyper growth.

‍

The current runtime release of the official PyTorch image on Docker Hub contains 1 critical, 23 high, 1,189 medium, and 72 low CVEs according to the Grype vulnerability scanner as run on July 24, 2024. Unfortunately, this alarming situation is not at all unusual. The size and complexity of modern AI frameworks lead to slow build cycles (typically over one month) and an enormous attack surface, a situation that guarantees a large number of known vulnerabilities.

‍

By contrast, the Chainguard AI Image for PyTorch has zero CVEs as of today, and any new CVEs will be rapidly patched, frequently within hours not days. What makes our Images so special?

‍

• Fresh — Chainguard Images are rebuilt daily. Mitigations are often applied to packages in our upstream Wolfi distro within hours of public release, ready for inclusion in the next day's build.

‍

• Minimal — Because we aim for zero CVEs, we're serious about keeping bloat out of Chainguard Images, and that goes double for our Chainguard Images for large AI frameworks.

‍

• Full cycle — Chainguard Images provide both development and runtime versions of images. Development images have all the tools you need for training or dev, while production images are ideal for tasks such as inference.

‍

• Lightweight — Chainguard Images are smaller on disk than comparable official images. This can matter when it comes to ultra-large frameworks and libraries that tend to break infrastructure such as automated container scanners.

‍

• Transparent — Every Chainguard Image comes with an included Software Bill of Materials (SBOM) itemizing all included software artifacts. Chainguard Images are also reproducible from their attestations (signed build configurations).

‍

Getting started with Chainguard AI Images

‍

The :latest versions of our PyTorch and other GPU Enabled images are available to pull for evaluation in the Chainguard Images Directory.

‍

For a comprehensive overview of the current state of security in modern AI development and deployment that includes information on getting started with Chainguard AI Images, consider jumping into our new course, Securing the AI/ML Supply Chain.

‍

This course contains detailed modules on the current threat landscape for machine learning, standards and governance, vulnerability management for AI frameworks, supply chain transparency, and AI artifacts (such as model) integrity. On completion, this Chainguard- and Credly-backed credential can be displayed on your LinkedIn profile.

In addition to this course, Chainguard Academy hosts detailed guides on Getting Started with the PyTorch Chainguard Image, and we have an upcoming Chainguard Learning Labs session on Chainguard AI Images on August 27th.

‍

Safe source for AI

‍

We don’t need to shift left on AI, we can start left. Chainguard AI Images represent a significant step forward in securing AI infrastructure, providing the simplicity, and performance needed to thrive in today's competitive landscape. In the coming months, look for Chainguard AI Images for additional machine learning frameworks, such as Triton Inference Server as well as other components being deployed for GenAI and other non-generative machine learning applications. You can also look out for more on secure AI deployment and Chainguard AI Images at PyTorch 2024 and SwampUP 2024. In the meantime, consider adopting secure Chainguard AI Images, and stop sacrificing security for velocity at your organization.

‍

Get started with our Chainguard AI Images today or sign up for the course, Securing the AI/ML Supply Chain. If you’re interested in learning more about our AI security offerings, reach out to our team.