Platform guide
Analyze your models

Supply Chain Attacks

3min

AI supply chain attacks occur when an attacker modifies or replaces a machine learning library or model used by a system. This can also encompass alterations to the data associated with these machine learning models. To start Working with the APIs, view the <POST> Supply Chain Attacks.

Features

  • Model and Notebook Detection
    • The system automatically recognizes AI/ML models and notebooks within a specified repository.
    • Supported model file formats include h5, pickle, saved model (.pb), safetensor model (.safetensor), and PyTorch model files (.pt and .pth).
    • Additionally, it supports Jupyter Notebooks (.ipynb), Python scripts (.py), and requirements files (.requirements.txt).
  • Scanning
    • The system conducts comprehensive scans of models and notebooks to identify potential safety and security concerns.
  • Report Generation
    • The system generates detailed reports that classify the scanned files based on risk levels: "low," "medium," "high," and "critical."
  • Supported Repositories
    • AIShield Watchtower supports integration with GitHub and Hugging Face, enabling automated scanning of Git repositories and Hugging Face to detect potential risks.
      
  • User Interface (UI)
    • Offers an intuitive user interface for conducting repository scans.

Parameter

Parameter

Data Type

Description

Remark

repo_type

String

The name of the repository that needs to be scanned.

Please provide the name of the repository that needs to be scanned. accepted values are 'github', 'huggingface'.

repo_url

String

Please provide the URL of the repository to be cloned.

For huggingface you can provide either repository name or full url of repository.

branch_name

String

Please specify the branch of the repository to be analyzed

If no branch is specified, the default branch 'main' will be used for the analysis.

depth

Integer

Please specify the depth for cloning the repository

The default depth is 1, which indicates that only the latest commit will be cloned.

upload_file

String

Please specify 'yes' to upload files for vulnerability scanning; otherwise, specify 'no'. The default value is 'no'.

If this parameter is set to 'yes', the 'model_files' parameter is required.

model_id

String

Please provide the model ID to upload files to the correct location

The "model ID" is obtained during model registration.

model_file

String

Please provide the filenames you want to upload, separated by commas.

The model filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided.

files

String

Please provide the filenames you want to upload, separated by commas.

The filename must be selected from the API response when only repo_type, repo_url, branch_name, and depth are provided.



API Usage

The API serve Dual Purposes

  • When parameters such as 'repo_type', 'repo_url', 'branch_name', and 'depth' are provided, the API returns a JSON response containing two lists: detected_files and detected_models. These lists include all the models and files detected in the repository.
Text

  • When additional parameters such as 'upload_file', 'model_id', 'model_files', and 'files 'are included along with the above parameters, the API will upload the selected files to storage, allowing you to start model analysis.
Text


Note: When 'upload_file' is set to 'yes', the 'model_id' and 'model_files' parameters are required. 'model_files' and 'files' parameters value to be selected from 'detected_files' and 'detected_models' list only.

Limitation

  1. AIShield Watchtower currently supports only public Git and Huggingface repositories.
  2. If a model fails to load, the associated risk is automatically classified as LOW.
  3. Currently, we are unable to load PyTorch models that incorporate custom objects. This limitation specifically impacts models that have been designed with custom layers or functions not included in the standard PyTorch library.
  4. If you encounter a timeout error due to a repository link taking more than 29 seconds to clone, please wait for 5 minutes before proceeding to the next steps. Alternatively, you can try cloning a smaller repository. This issue is expected to be resolved in the next release.
  5. We are unable to load all models from the safetensors or transformer-based categories. However, models that can be loaded from the following list are supported and function correctly. We plan to expand this list as we incorporate more model types:
Python






To access all sample artifacts, please visit Artifacts.



Updated 01 Aug 2024
Doc contributor
Did this page help you?