Introduction#
Securing the AI Software Stack: A Critical Need#
The field of Artificial Intelligence (AI) is constantly evolving, and the software stack that supports it is becoming increasingly complex. Open-source software (OSS) is playing a critical role in driving AI adoption forward at an unprecedented pace. The State of the Octoverse 2023 report revealed that there are now over 65,000 public generative AI-related projects on GitHub - a 248% year-over-year growth. This surge highlights the importance of the OSS community in ushering in the AI era. However, the vast number of OSS contributions also introduces significant challenges in maintaining a robust, enterprise-grade AI software stack.
The dynamic nature of the AI field presents additional challenges as security vulnerabilities become more numerous, requiring continuous vigilance. A recent report by Synopsys on open-source security and risk analysis revealed a 236% increase in high-risk attack patterns in OSS vulnerabilities across big data, AI, Business Intelligence, and machine learning over the past five years.
NVIDIA AI Enterprise for Production AI#
To help address these challenges, NVIDIA introduced NVIDIA AI Enterprise, an end-to-end, cloud-native software platform that accelerates data science pipelines and streamlines the development and deployment of production-grade AI. Built on open source and curated, optimized, and supported by NVIDIA, the NVIDIA AI Enterprise software platform enables developers to focus on building and deploying new AI services. NVIDIA AI Enterprise includes three supported branches: feature branches, production branches, and long-term support branches. Customers have access to all three branches and can use any combination of them.
Note
The release cadence of each NVIDIA AI Enterprise release branch type is provided for general guidance only. The actual security update and release cadence can change at NVIDIA’s discretion.
Feature branches include the top-of-tree software updates; ideal for AI developers who want the faster-moving, latest development environment. Released monthly.
Production branches ensure API stability and regular security updates; ideal for deploying AI in production when stability is required. Released every 6 months with a 9-month lifecycle.
Long-term support branches are ideal for highly regulated industries. Released every 2.5 years with a lifecycle of 3 years.
Ensuring Enterprise Container Security#
NVIDIA recognizes that ensuring the security of container images involves more than just securing the software components they contain. It covers the entire container development process, which requires following security-leading practices.
The following sections outline NVIDIA’s methods to strengthen container security in the NVIDIA AI Enterprise software stack, emphasizing our dedication to protecting enterprise AI applications.