Analyzing the Security of Machine Learning Research Code

Originally published at:

The NVIDIA AI Red Team is focused on scaling secure development practices across the data, science, and AI ecosystems. We participate in open-source security initiatives, release tools, present at industry conferences, host educational competitions, and provide innovative training. Covering three years and totaling almost 140GB of source code, the recently released Meta Kaggle for Code…

Since the pickle serialization issue is listed as top concern, worth noting that python native library has a signature option via the hmac module that mitigates risk of unpickling files. see eg The ultimate guide to Python pickle | Snyk

As an update, I just published a tutorial notebook the the Automunge GitHub demonstrating the integration of a hmac signature into a pickle workflow as well as some alternate conventions using the dill library.