
AI/ML systems security
AI/ML is essential for modern businesses. It includes analysing customer behaviour and using data processing methods to deliver new value to customers. Novel technologies bring novel threats or exacerbate existing ones, and since they’re data-related and math-heavy, we’re often asked by our customers to help tackle them.
We design and build cryptographic solutions for AI/ML-driven businesses, including ML model security, DRM-like schemes and protecting ML models against reverse engineering attacks.
Typical challenges for AI/ML security
Hard to balance
Data engineers want more real-world data to train their models, to run analytics. While security team wants to use minimum production data.
Protecting ML models
When a unique competitive advantage is condensed in the ML model or any sophisticated data processing contraption, it becomes a sensitive security asset which requires protection.
Customer privacy rights
ML-driven products often deal with sensitive consumer data and trigger privacy concerns that require tweaking ML architecture to get it right.
Data security concerns
ML needing to operate on sensitive data under complex security constraints requires building security inside ML infrastructure and around it.
Modern solutions
ML model security
DRM security schemes for ML models to run only on authorized applications without risks of leakage.
Differential privacy
Applying various privacy models (differential privacy, K-anonymity) to practical goals requires careful planning, implementation and validation.
Inference/statistical security
Understanding statistical security consequences and other indirect security risks and building data processing that mitigates those risks.
Tools and services we offer

To be announced
There's a product that we're preparing to address ML models security – Please stay tuned for further announcements.
Read moreThemis
A cross-platform cryptographic library for mobile, web, and server platforms, which solves 90% of typical data protection use cases that are common for most apps. Themis helps to integrate application level encryption fast and easy.
Read moreDRM-like ML-models protection
We’ve designed, implemented and co-maintained encryption-based protection with backend authorization for ML models that run on mobile applications, using CoreML, pytorch, TensorFlow.
Differential privacy systems
We’ve designed differential privacy and statistical security-based data protection systems that respect individual GDPR rights while performing data processing.
Protection against statistical attacks
We assist building anonymous de-identification schemes that enable statistical security against traditional and ML classification efforts with huge datasets.
Pragmatic security
Oftentimes, tools and methods are well-known, but having enough security experience to choose appropriate controls is what sets good ML security from "we've tried something".
Have a question? Get a human to answer it!
How we make a difference
Vast experience and expertise
As a cryptographic R&D team, we've built custom data security controls in different contexts, and have vast expertise in understanding practical threat models and failure scenarios, and designing sound security controls against them.
Relevant experience in ML
We’ve done security for award-winning ML products that are used by tens of millions of users, sophisticated industrial data-mining solutions and planet-wide services.
Built to last
Our approach is based on backwards compatibility, maintainability and support. You never lose encrypted data because some npm package became outdated.
For innovators, by innovators
We've started Cossack Labs to develop new tools and methods for protecting the data and enabling novel solutions to emerging problems — so that at the edge of your innovation, you’ve already got fitting tools handy.
Contact us
There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:
Relevant blogposts

Security of React Native libraries: the bad, the worse and the ugly
How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries – check our research of the React Native ecosystem security.

Secure Search Over Encrypted Data
What is searchable encryption and how to perform secure search over encrypted data.

Security logs: cryptographically signed audit logging for data protection
Why crypto signed audit logs are essential for security software and how we’ve built-in secure audit logging in Acra for defense in-depth.