"MITRE and Robust Intelligence Tackle AI Supply Chain Risks in Open-Source Models"

MITRE is collaborating with Robust Intelligence, a provider of Artificial Intelligence (AI) solutions, to improve a free tool that helps organizations assess the supply chain risks of publicly available AI models online. Indiana University is also involved in the collaboration to develop automated risk assessment tools. The availability of sophisticated models in public repositories has facilitated the incorporation of AI into enterprise systems. However, there are few independent testing tools for assessing risk. Therefore, Robust Intelligence created the AI Risk Database as a community resource in March 2023. After its further development in collaboration with MITRE, a new open-source version is now available on GitHub, with a long-term plan to integrate it into the set of MITRE ATLAS tools. ATLAS is a knowledge base containing a list of adversary tactics and techniques based on real-world attack observations and AI red teaming. It includes links to other tools that enable attack emulation. The collaboration between Robust Intelligence and MITRE will lead to the characterization and operationalization of risks, including risk scores, software vulnerabilities, and associated CVEs. These characterizations will help raise awareness of potential risks and vulnerabilities associated with open-source AI models. This article continues to discuss the collaboration aimed at tackling AI supply chain risks in open-source models. 

MITRE reports "MITRE and Robust Intelligence Tackle AI Supply Chain Risks in Open-Source Models"