Quick Notes - DOMAIN 7: AWS Certified AI Practitioner

If you are prepping for the AWS Certified AI Practitioner https://aws.amazon.com/certification/certified-ai-practitioner/, these notes should be enough to get the fundamentals for the exam.

Domain 7: Security, Compliance, and Governance for AI Solutions

Amazon Web Services (AWS) provides a comprehensive set of tools, services, and partner solutions to build and secure artificial intelligence (AI) systems. These resources help achieve compliance objectives, such as protecting data, and apply governance to manage risk and accelerate business outcomes.

This blog helps you understand some common issues of around security, compliance, and governance associated with artificial intelligence (AI) solutions. You will learn how to recognize governance and compliance requirements for AI systems. You will also learn about various Amazon Web Services (AWS) services and features that will help you apply governance controls and achieve your compliance objectives. Finally, you will be introduced to AWS services that can help you secure your AI systems.

Concepts of security, governance, and compliance in organizations:

Security, governance, and compliance might seem like the same function. The following are examples of the primary goals of each:

• Security: Ensure that confidentiality, integrity, and availability are maintained for organizational data and information assets and infrastructure. This function is often called information security or cybersecurity in an organization.

• Governance: Ensure that an organization can add value and manage risk in the operation of business.

• Compliance: Ensure normative adherence to requirements across the functions of an organization.

Defense in depth for AI on AWS

AWS Services that helps in DoD:

• Security Hub

• AWS KMS

• GuardDuty

• AWS Shield Advanced

AWS has many services and features to assist with governance and regulation compliance. The following is a brief description of some of the key services.

• AWS Config provides a detailed view of the configuration history of AWS resources in your AWS account.

• Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure.

• AWS Audit Manager helps you continually audit your AWS usage to streamline how you manage risk and compliance with regulations and industry standards. 

• AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, PCI reports, and SOC Reports. 

• AWS CloudTrail logs all the API calls in AWS.

• AWS Trusted Advisor helps you optimize costs, increase performance, improve security and resilience, and operate at scale in the cloud. 

Data governance Strategies:

• Data quality and integrity

• Data protection and privacy

• Data lifecycle management

• Responsible AI

• Governance Structures and roles

• Data Sharing and collaboration

Monitoring of AI System: is necessary to ensure its performance, reliability, and compliance with the intended use case. Effective monitoring can help identify issues, optimize system performance, and maintain overall system health. 

Key Aspect to consider:

• Performance Metrics

• Infra Monitoring

• Monitoring of bias and fairness

• Monitoring for comliance and responsible AI

Generative AI Security Scoping Matrix is to assist you with application security scoping efforts. This matrix summarizes the key security disciplines that you should consider based on your generative AI solution.

It is also used as a framework that you can use to classify generative AI use cases. You can use the framework to determine the level of ownership required for a use case and to prioritize security concerns.

Security Considerations:

• Threat Detection

• Vulnerability Management

• Infrastructure Protection

• Prompt Injection

• Data encryption

The OWASP Top 10 for LLMs:

AWS Shared Responsibility Model:

Amazon SageMaker Model Cards

You can use Amazon SageMaker Model Cards to document critical details about your ML models in a single place for streamlined governance and reporting. It includes:

• Provide guidance on how a model should be used.

• Support audit activities with detailed descriptions of model training and performance.

• Communicate how a model is intended to support business goals.

Best Practices for Secure Data Engineering

Review of data usage in generative AI:

Securing Data Engineering:

• Assessing Data Quality

• Implementing privacy-enhancing technologies

• Dara Access Control

• Data Integrity

References:

https://aws.amazon.com/ai/generative-ai/security/

https://aws.amazon.com/products/security/

https://skillbuilder.aws/

For Domain 8 -> https://www.bansalonsecurity.com/post/quick-notes-domain-8-aws-certified-ai-practitioner