MITRE and Robust Intelligence Tackle AI Supply Chain Risks in Open-Source Models

MCLEAN, Va.--(BUSINESS WIRE)--MITRE is collaborating with Robust Intelligence, an AI solutions provider, to enhance a free tool to help organizations assess the supply chain risks of publicly available artificial intelligence (AI) models online today. The collaboration also includes work with Indiana University to develop automated risk assessment tools.

The availability of sophisticated models in public repositories has made it easier for organizations to incorporate AI into their systems. However, there are few tools for independent testing to examine risk.

In response, Robust Intelligence created the AI Risk Database in March 2023 as a community resource. After enhancing it further in collaboration with MITRE, a new open-source version is now available on GitHub with a long-term plan to host it under the broader set of MITRE ATLAS™ tools.

ATLAS is a globally accessible knowledge base that includes a list of adversary tactics and techniques based on real-world attack observations and AI red teaming. ATLAS also includes links to other tools that allow for the emulation of attacks.

The Robust Intelligence and MITRE collaboration will result in the characterization and operationalization of risks, such as risk scores, software vulnerabilities, and related CVEs. Those characterizations will help create increased awareness of risks and vulnerabilities that may arise when users use open-source AI models.

“This collaboration and release of the AI Risk Database can directly enable more organizations to see for themselves how they are directly at risk and vulnerable in deploying specific types of AI-enabled systems,” said Douglas Robbins, MITRE vice president, engineering and prototyping. “As the latest open-source tool under MITRE ATLAS, this capability will continue to inform risk assessment and mitigation priorities for organizations around the globe.”

Researchers at Indiana University’s Kelley’s Data Science and Artificial Intelligence Lab are also incorporating an ability to scan GitHub repositories used to create models available on third-party platforms, allowing users to spot publicly reported software vulnerabilities that exist upstream of the delivered model artifact.

“Most organizations today acknowledge that AI supply chain risk is an important yet unmanaged aspect of their AI stack. We are thrilled to partner with MITRE to further advance our goal of helping organizations easily assess the security, ethical, and operational risk of public models,” explained Yaron Singer, CEO and co-founder of Robust Intelligence. “MITRE ATLAS is the ideal steward for the AI Risk Database. Our joint expertise and breadth will empower the safe use of open-source models in the years to come.”

MITRE, Robust Intelligence, and the broader AI security and assurance community will continue working together to expand the impact and utility of the AI Risk Database as a free and community-supported resource.

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

About Robust Intelligence

Robust Intelligence is the leader in end-to-end AI risk management and prevention. The company’s platform performs continuous validation using hundreds of automated tests on models and data throughout the AI lifecycle to proactively mitigate security, ethical, and operational vulnerabilities. Robust Intelligence gives organizations the confidence to use any type of model and simplifies AI governance. The company is backed by Sequoia Capital and Tiger Global, and trusted by leading companies including ADP, JPMorgan Chase, Expedia, Deloitte, PwC, and the U.S. Department of Defense.