Mihai Maruseac
Mihai Maruseac is a Staff Software Engineer at Google, where he leads the work on OSS AI Supply Chain Security as part of SAIF, as a member of Google’s OSS Security Team (GOSST). Previously, he helped in launching GUAC, an OpenSSF project to analyze and understand the software supply chain. Before joining GOSST, he worked on TensorFlow developer infrastructure and created the TensorFlow security team. Mihai has experience with AI, operating systems, differential privacy and functional programming – Haskell being his favorite programming language. He blogs at mihai.page, from time to time.
Sessions
When an AI model misbehaves (e.g., it tells you to put glue on pizza), you must investigate how this happened. Sometimes these are accidents caused by the training data, but these incidents can also be due to nefarious activities – we’ve seen ML malware deployed in 2024. At the end of the day AI is still software, so security needs to be established around its creation. The same transparency and accountability must be enforced as with other parts of the software supply chain. Utilizing SLSA (Supply Chain Levels for Software Artifacts) and GUAC (Graph for Understanding Artifact Composition), we can determine the provenance of each dataset and the composition of each model. In this talk, we dive into the anatomy of AI model attacks: identifying bad models, determining the root cause of badness, and finding the blast radius of models affected. Once the data is collected, we can create an SBOM and distribute with the AI model provenance to meet compliance and transparency requirements.