Introduction#
Securing the AI Software Stack: A Critical Need#
The field of Artificial Intelligence (AI) is constantly evolving, and the software stack that supports it is becoming increasingly complex. Open-source software (OSS) is playing a critical role in driving AI adoption forward at an unprecedented pace. The Octoverse 2024 report revealed that there are now over 137,000 public generative AI-related projects on GitHub - a 98% year-over-year growth. This surge highlights the importance of the OSS community in ushering in the AI era. However, the vast number of OSS contributions also introduces significant challenges in maintaining a robust, enterprise-grade AI software stack.
The dynamic nature of the AI field presents additional challenges as security vulnerabilities become more numerous, requiring continuous vigilance. A recent report by Synopsys on open-source security and risk analysis revealed a 236% increase in high-risk attack patterns in OSS vulnerabilities across big data, AI, Business Intelligence, and machine learning over the past five years.
To address these challenges, NVIDIA introduced NVIDIA AI Enterprise, an end-to-end, cloud-native software platform that accelerates data science pipelines and streamlines the development and deployment of production-grade AI. Built on open source and curated, optimized, and supported by NVIDIA, the NVIDIA AI Enterprise software platform enables developers to focus on building and deploying new AI services.
Software Branches for Use Case Flexibility#
NVIDIA works to actively patch vulnerabilities as they are identified and publish updates in a timely manner. However, we recognize that different types of software are used in different ways. So, we have organized the way we publish software to give customers flexibility while still maintaining security.
NVIDIA AI Enterprise software is split into two categories: Application software and Infrastructure software.
Figure 1 NVIDIA AI Enterprise Software Branches#
The Infrastructure software enables and optimizes the use of NVIDIA GPUs and Networking. It includes hardware and virtualization drivers, K8s operators, and Base Command Manager Essentials software for cluster management.
The Application software includes NVIDIA NIM microservices, as well as AI and data science frameworks, libraries, and SDKs. This software is published in Kubernetes containers, which are updated monthly with the latest top-of-tree features, in what are known as Feature Branchs.
For foundation AI tools and frameworks, we also create a Production Branch. This is done by designating a specific software version as the production branch version and maintaining that version for 9 months. Customers can use production branch software as part of production applications. They can benefit from regular security updates without having to worry about API changes that could break their application.
Long-term support branch software follows a similar principle to production branch software, except it is a smaller subset of the foundations AI tools and frameworks and includes a stable version of the infrastructure software collection. It is targeted at highly regulated industries such as health care and government.
Through the NVIDIA AI Enterprise subscription, enterprises have access to all branches, providing them with peace of mind. They have the flexibility to choose the branch that is best for their development and deployment without compromising on security. For more information on these various software branches, see the NVIDIA AI Enterprise Lifecycle Policy.
Ensuring Enterprise Container Security#
NVIDIA recognizes that ensuring the security of container images involves more than just securing the software components they contain. It covers the entire container development process, which requires following security-leading practices.
The following sections outline NVIDIA’s methods to strengthen container security in the NVIDIA AI Enterprise software stack, emphasizing our dedication to protecting enterprise AI applications.