Product update follows surge in demand from IriusRisk customers for guidance on how to analyse and secure AI & ML systems

IriusRisk, the industry-leading platform for automated threat modeling, today announces it is launching a new AI/ML Security Library, so that its customers can use it to effectively threat model the security of their AI or ML systems. 

The Library is a first of its kind innovation in the sector and has been developed in response to a surge in interest from the company’s client base in how to analyse and secure AI & ML systems. The new resource from IriusRisk allows organisations to model their planned ML software, and quickly understand what the security risks are, as well as understand what they need to do to mitigate each of those risks.

The decision by IriusRisk to publish the AI & ML Security Library – which is immediately available to customers and users of the company’s community edition – also follows commentary from the Cybersecurity Infrastructure and Security Agency (CISA) who stated in August; Software Must Be Secure by Design, and Artificial Intelligence Is No Exception

The Security Library was inspired by insights from Dr Gary McGraw, who sits on IriusRisk’s advisory board, is the co-founder of the Berryville Institute of Machine Learning, and has pioneered and published a taxonomy of ML threats as well as an architectural risk assessment of typical ML components.

McGraw, who also contributed to establishing the field of application security says: “Seems like everyone thinks we can pen test our way out of the ML security problem with a magical red team. We can’t. Instead, we need to design our ML systems for security in the first place. Threat modeling plays a central role in properly securing ML. And IriusRisk leads the world in threat modeling for ML.”

IriusRisk is the market-leading threat modeling tool that allows non-security users – as well as security teams –  to quickly and easily understand what security risks are posed to their software at the design phase.

Stephen de Vries, CEO of IriusRisk says: “We have seen a surge in interest from our customers in the finance and technology sectors for guidance on how to analyze, and secure design ML systems. Since these are often new projects that are still in the design phase, performing threat modeling here adds a lot of value, because those teams will very quickly understand where the security goalposts are – and what they need to do in order to get there.”

Ken Pentimonti, Principal and European Manager, Paladin Capital Group, and IriusRisk board member adds: “IriusRisk’s step forward in securing AI is significant. We cannot build the new technologies and industries of tomorrow, and apply machine learning at scale, without being able to manage development risks effectively. By allowing software vulnerabilities to be addressed in the design phase, IriusRisk’s automated solution is going to open up the potential of machine learning for a huge range of applications.”

This is the first release of the Library, and IriusRisk aims to rapidly iterate on this as we receive feedback from our customers and users of our free Community Edition  


About IriusRisk 

IriusRisk is the industry leader in automated threat modeling and secure software design, working with clients that include four of the top 10 Globally Systemically Important Banks (G-SIBs).

Every sector of the global economy is being transformed by software, yet vulnerabilities are too often exposed by increasingly sophisticated cyber-attacks. By identifying security flaws in software architecture at the design phase, threat modeling makes it possible to fix issues before code is written.

IriusRisk’s platform automates the threat modeling process, enabling developers to design and build secure software. At scale.