Securing AI Factories

The “Runtime Microsegmentation” use case provides process-aware network rules, egress control, and automated containment. This allows for more granular isolation to be enforced between workloads. This capability helps prevent lateral movement, which is a key risk of weak tenant isolation in Kubernetes.

The “Notebook Sandbox & Guardrails” feature actively blocks unsafe mounts and prevents Remote Code Execution (RCE). Furthermore, it enforces session timeouts and quotas as part of its protective measures for notebook environments.

This feature operates by granting CUDA access only to approved and verified runtimes. By restricting access at this level, it effectively stops miners and rogue kernels from hijacking GPU resources for unauthorized activities like cryptomining.

The AI Model Cards provide continuous security with live SBOMs and vulnerability scanning for all model components. They also offer automated validation via sandbox-driven red teaming to check for bias and toxicity, assigning a dynamic risk score. Finally, they enable runtime observability and fencing to monitor behavior, detect policy violations, and ensure data isolation.

The platform supports a range of common tools, including NVIDIA CUDA & Drivers, JupyterHub / Notebooks, Run:AI / Kubeflow, PyTorch / TensorFlow, and Hugging Face / Transformers. It also provides support for TF Serving / Triton, Kubernetes (K8s), and Model Hubs such as HF (Hugging Face) and S3.

As a key differentiator, the platform offers out-of-the-box Compliance and GRC coverage for several major standards. These include the EU AI ACT, NIST, MITRE, and OWASP, among others.

The demo video covers hardening JupyterNotebooks to prevent crypto miners and preventing data poisoning attacks within Kubeflow pipelines. It also shows the hardening of inference engines to prevent a reverse shell in an sklearn engine. Finally, it demonstrates the prevention of lateral movement within the Kubeflow cluster.