Supply Chain Attacks
AI supply chain attacks occur when an attacker modifies or replaces a machine learning library or model used by a system. This can also encompass alterations to the data associated with these machine learning models. To start Working with the APIs, view the <POST> Supply Chain Attacks.
Features
- Model and Notebook Detection
- The system automatically recognizes AI/ML models and notebooks within a specified repository.
- Supported model file formats include h5, pickle, saved model (.pb), safetensor model (.safetensor), and PyTorch model files (.pt and .pth).
- Additionally, it supports Jupyter Notebooks (.ipynb), Python scripts (.py), and requirements files (.requirements.txt).
- Scanning
- The system conducts comprehensive scans of models and notebooks to identify potential safety and security concerns.
- Report Generation
- The system generates detailed reports that classify the scanned files based on risk levels: "low," "medium," "high," and "critical."
- Supported Repositories
- AIShield Watchtower supports integration with GitHub and Hugging Face, enabling automated scanning of Git repositories and Hugging Face to detect potential risks.
- User Interface (UI)
- Offers an intuitive user interface for conducting repository scans.
Parameter
Parameter | Data Type | Description | Remark |
---|---|---|---|
repo_type | String | The name of the repository that needs to be scanned. | Please provide the name of the repository that needs to be scanned. accepted values are 'github', 'huggingface'. |
repo_url | String | Please provide the URL of the repository to be cloned. | For huggingface you can provide either repository name or full url of repository. |
branch_name | String | Please specify the branch of the repository to be analyzed | If no branch is specified, the default branch 'main' will be used for the analysis. |
depth | Integer | Please specify the depth for cloning the repository | The default depth is 1, which indicates that only the latest commit will be cloned. |
upload_file | String | Please specify 'yes' to upload files for vulnerability scanning; otherwise, specify 'no'. The default value is 'no'. | If this parameter is set to 'yes', the 'model_files' parameter is required. |
model_id | String | Please provide the model ID to upload files to the correct location | The "model ID" is obtained during model registration. |
model_file | String | Please provide the filenames you want to upload, separated by commas. | The model filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided. |
files | String | Please provide the filenames you want to upload, separated by commas. | The filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided. |
API Usage
The API serve Dual Purposes
- When parameters such as 'repo_type', 'repo_url', 'branch_name', and 'depth' are provided, the API returns a JSON response containing two lists: detected_files and detected_models. These lists include all the models and files detected in the repository.
- When additional parameters such as 'upload_file', 'model_id', 'model_files', and 'files 'are included along with the above parameters, the API will upload the selected files to storage, allowing you to start model analysis.
Note: When 'upload_file' is set to 'yes', the 'model_id' and 'model_files' parameters are required. 'model_files' and 'files' parameters value to be selected from 'detected_files' and 'detected_models' list only.
Limitation
- AIShield Watchtower currently supports only public Git and Huggingface repositories.
- If a model fails to load, the associated risk is automatically classified as LOW.
- Currently, we are unable to load PyTorch models that incorporate custom objects. This limitation specifically impacts models that have been designed with custom layers or functions not included in the standard PyTorch library.
- If you encounter a timeout error due to a repository link taking more than 29 seconds to clone, please wait for 5 minutes before proceeding to the next steps. Alternatively, you can try cloning a smaller repository. This issue is expected to be resolved in the next release.
- We are unable to load all models from the safetensors or transformer-based categories. However, models that can be loaded from the following list are supported and function correctly. We plan to expand this list as we incorporate more model types:
To access all sample artifacts, please visit Artifacts.
- For specific artifact details, refer