AI/ML systems security

AI/ML is essential for modern businesses. It includes analysing customer behaviour and using data processing methods to deliver new value to customers. Novel technologies bring novel threats or exacerbate existing ones, and since they’re data-related and math-heavy, we’re often asked by our customers to help tackle them.

We design and build cryptographic solutions for AI/ML-driven businesses, including ML model security, DRM-like schemes and protecting ML models against reverse engineering attacks.

Typical challenges for AI/ML security

Hard to balance

Data engineers want more real-world data to train their models, to run analytics. While security team wants to use minimum production data.

Protecting ML models

When a unique competitive advantage is condensed in the ML model or any sophisticated data processing contraption, it becomes a sensitive security asset which requires protection.

Customer privacy rights

ML-driven products often deal with sensitive consumer data and trigger privacy concerns that require tweaking ML architecture to get it right.

Data security concerns

ML needing to operate on sensitive data under complex security constraints requires building security inside ML infrastructure and around it.

Modern solutions

ML model security

DRM security schemes for ML models to run only on authorized applications without risks of leakage.

Differential privacy

Applying various privacy models (differential privacy, K-anonymity) to practical goals requires careful planning, implementation and validation.

Inference/statistical security

Understanding statistical security consequences and other indirect security risks and building data processing that mitigates those risks.

Our offerings

// Relevant products

Themis

A CROSS PLATFORM CRYPTO LIBRARY

A cross-platform cryptographic library for mobile, web, and server platforms, which solves 90% of typical data protection use cases that are common for most apps. Themis helps to integrate application level encryption fast and easy.

To be announced

There's a product that we're preparing to address ML models security – Please stay tuned for further announcements.

Check available products

// Custom design and implementation

DRM-like ML-models protection

We’ve designed, implemented and co-maintained encryption-based protection with backend authorization for ML models that run on mobile applications, using CoreML, pytorch, TensorFlow.

Differential privacy systems

We’ve designed differential privacy and statistical security-based data protection systems that respect individual GDPR rights while performing data processing.

Security layers for complex use cases

We build data security layers for complicated use cases: encrypted CRDT-based data collaboration, multi-device & multi-user synchronisation, DRM-like protections for TensorFlow ML models, UX-friendly security for apps that work on millions of devices.

// Consulting

Protection against statistical attacks

We assist building anonymous de-identification schemes that enable statistical security against traditional and ML classification efforts with huge datasets.

Pragmatic security

Oftentimes, tools and methods are well-known, but having enough security experience to choose appropriate controls is what sets good ML security from "we've tried something".

Product security strategy

It's tricky to correlate security matters to your product growth plan when you're aspiring for a business. Good security strategy mitigates cybersecurity risks without compromising on the usability and flexibility of your solutions.

Cryptographic IP protection for AI/ML product

ML & TensorFlow

AI/ML

Cryptographic IP protection for AI/ML product

Protecting unique IP (ML models) against leakage and misuse using multi-layered encryption on ephemeral keys.

Read story

Have a question? Get a human to answer it!

How we make a difference

Vast experience and expertise

As a cryptographic R&D team, we've built custom data security controls in different contexts, and have vast expertise in understanding practical threat models and failure scenarios, and designing sound security controls against them.

Relevant experience in ML

We’ve done security for award-winning ML products that are used by tens of millions of users, sophisticated industrial data-mining solutions and planet-wide services.

Built to last

Our approach is based on backwards compatibility, maintainability and support. You never lose encrypted data because some npm package became outdated.

For innovators, by innovators

We've started Cossack Labs to develop new tools and methods for protecting the data and enabling novel solutions to emerging problems — so that at the edge of your innovation, you’ve already got fitting tools handy.

There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:

Interesting blogposts

Security of React Native libraries: the bad, the worse and the ugly

How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries – check our research of the React Native ecosystem security.

Implementing End-to-End encryption in Bear App

Helping Bear app implement note encryption for their vast existing user base. Balancing usability, security, and mobile platforms' restrictions.

Audit logs security: cryptographically signed tamper-proof logs

Why crypto signed audit logs are essential for security software and how we’ve built-in secure audit logging in Acra for defense in-depth.

All products

Themis, a cross-platform crypto library

Acra, a database security suite

Hermes, end-to-end secure data storage

Documentation server

By org challenge

By use case

By tech challenge

By industry

Blog

Documentation

Conferences & events

Whitepapers & research

Smart contract security audit: tips & tricks

About

Customer stories

Partners

Jobs & internship

Join us! We have cookies.