{"id":3596,"date":"2025-03-06T06:17:05","date_gmt":"2025-03-05T21:17:05","guid":{"rendered":"https:\/\/aireviewirush.com\/?p=3596"},"modified":"2025-03-06T06:17:05","modified_gmt":"2025-03-05T21:17:05","slug":"azure-ai-foundry-securing-generative-ai-fashions-with-microsoft-safety","status":"publish","type":"post","link":"https:\/\/aireviewirush.com\/?p=3596","title":{"rendered":"Azure AI Foundry: Securing generative AI fashions with Microsoft Safety"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>New generative AI fashions with a broad vary of capabilities are rising each week. On this world of speedy innovation, when selecting the fashions to combine into your AI system, it&#8217;s essential to make a considerate danger evaluation that ensures a stability between leveraging new developments and sustaining sturdy safety. At Microsoft, we&#8217;re specializing in making our AI growth platform a safe and reliable place the place you may discover and innovate with confidence.\u00a0<\/p>\n<p>Right here we\u2019ll discuss one key a part of that: how we safe the fashions and the runtime setting itself. How can we shield towards a nasty mannequin compromising your AI system, your bigger cloud property, and even Microsoft\u2019s personal infrastructure?\u00a0\u00a0<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-6a2b69f404bab\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-6a2b69f404bab\"  type=\"checkbox\" id=\"item-6a2b69f404bab\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/aireviewirush.com\/?p=3596\/#How_Microsoft_protects_information_and_software_program_in_AI_methods\" title=\"How Microsoft protects information and software program in AI methods\">How Microsoft protects information and software program in AI methods<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/aireviewirush.com\/?p=3596\/#Defending_and_governing_AI_fashions\" title=\"Defending and governing AI fashions\">Defending and governing AI fashions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/aireviewirush.com\/?p=3596\/#Utilizing_Microsoft_Safety_to_safe_AI_fashions_and_buyer_information\" title=\"Utilizing Microsoft Safety to safe AI fashions and buyer information\">Utilizing Microsoft Safety to safe AI fashions and buyer information<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/aireviewirush.com\/?p=3596\/#Study_extra_with_Microsoft_Safety\" title=\"Study extra with Microsoft Safety\">Study extra with Microsoft Safety<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"how-microsoft-protects-data-and-software-in-ai-systems\"><span class=\"ez-toc-section\" id=\"How_Microsoft_protects_information_and_software_program_in_AI_methods\"><\/span>How Microsoft protects information and software program in AI methods<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>However earlier than we set off on that, let me set to relaxation one quite common false impression about how information is utilized in AI methods. Microsoft does <em>not<\/em> use buyer information to coach shared fashions, nor does it share your logs or content material with mannequin suppliers. Our AI merchandise and platforms are a part of our normal product choices, topic to the identical phrases and belief boundaries you\u2019ve come to count on from Microsoft, and your mannequin inputs and outputs are thought of buyer content material and dealt with with the identical safety as your paperwork and e-mail messages. Our AI platform choices (<a href=\"https:\/\/azure.microsoft.com\/products\/ai-foundry\" target=\"_blank\" rel=\"noreferrer noopener\">Azure AI Foundry<\/a> and <a href=\"https:\/\/azure.microsoft.com\/products\/ai-services\/openai-service\" target=\"_blank\" rel=\"noreferrer noopener\">Azure OpenAI Service<\/a>) are 100% hosted by Microsoft by itself servers, with no runtime connections to the mannequin suppliers. We do supply some options, equivalent to mannequin fine-tuning, that will let you use your information to create higher fashions on your personal use\u2014however these are <em>your<\/em> fashions that keep in your tenant.\u00a0<\/p>\n<p>So, turning to mannequin safety: the very first thing to recollect is that fashions are simply software program, operating in <a href=\"https:\/\/azure.microsoft.com\/products\/virtual-machines\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Digital Machines<\/a> (VM) and accessed by way of an API; they don\u2019t have any magic powers to interrupt out of that VM, any greater than some other software program you may run in a VM. Azure is already fairly defended towards software program operating in a VM trying to assault Microsoft\u2019s infrastructure\u2014dangerous actors attempt to do this day-after-day, not needing AI for it, and AI Foundry inherits all of these protections. It is a \u201czero-trust\u201d structure: Azure companies don&#8217;t assume that issues operating on Azure are secure!\u00a0<\/p>\n<p>Now, it <em>is<\/em> attainable to hide malware inside an AI mannequin. This might pose a hazard to you in the identical means that malware in some other open- or closed-source software program may. To mitigate this danger, for our highest-visibility fashions we scan and take a look at them earlier than launch:\u00a0<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Malware evaluation<\/strong>: Scans AI fashions for embedded malicious code that would function an an infection vector and launchpad for malware.\u00a0<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>Vulnerability evaluation<\/strong>: Scans for widespread vulnerabilities and exposures (CVEs) and zero-day vulnerabilities concentrating on AI fashions.\u00a0<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>Backdoor detection<\/strong>: Scans mannequin performance for proof of provide chain assaults and backdoors equivalent to arbitrary code execution and community calls.\u00a0<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>Mannequin integrity<\/strong>: Analyzes an AI mannequin\u2019s layers, elements, and tensors to detect tampering or corruption.\u00a0<\/li>\n<\/ul>\n<p>You&#8217;ll be able to determine which fashions have been scanned by the indication on their mannequin card\u2014no buyer motion is required to get this profit. For particularly high-visibility fashions like <a href=\"https:\/\/ai.azure.com\/explore\/models\/DeepSeek-R1\/version\/1\/registry\/azureml-deepseek\" target=\"_blank\" rel=\"noreferrer noopener\">DeepSeek R1<\/a>, we go even additional and have groups of specialists tear aside the software program\u2014inspecting its supply code, having crimson groups probe the system adversarially, and so forth\u2014to seek for any potential points earlier than releasing the mannequin. This larger degree of scanning doesn\u2019t (but) have an express indicator within the mannequin card, however given its public visibility we needed to get the scanning executed earlier than we had the UI components prepared.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"defending-and-governing-ai-models\"><span class=\"ez-toc-section\" id=\"Defending_and_governing_AI_fashions\"><\/span>Defending and governing AI fashions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In fact, as safety professionals you presumably notice that no scans can detect all malicious motion. This is similar downside a company faces with some other third-party software program, and organizations ought to handle it within the typical method: belief in that software program ought to come partially from trusted intermediaries like Microsoft, however above all must be rooted in a company\u2019s personal belief (or lack thereof) for its supplier.\u00a0\u00a0<\/p>\n<p>For these wanting a safer expertise, when you\u2019ve chosen and deployed a mannequin, you should utilize the complete suite of Microsoft\u2019s safety merchandise to defend and govern it. You&#8217;ll be able to learn extra about how to do this right here: <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2025\/02\/13\/securing-deepseek-and-other-ai-systems-with-microsoft-security\" target=\"_blank\" rel=\"noreferrer noopener\">Securing DeepSeek and different AI methods with Microsoft Safety<\/a>.<\/p>\n<p>And naturally, as the standard and habits of every mannequin is completely different, it&#8217;s best to consider any mannequin not only for safety, however for whether or not it matches your particular use case, by testing it as a part of your full system. That is a part of the broader strategy to learn how to safe AI methods which we\u2019ll come again to, in depth, in an upcoming weblog.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"using-microsoft-security-to-secure-ai-models-and-customer-data\"><span class=\"ez-toc-section\" id=\"Utilizing_Microsoft_Safety_to_safe_AI_fashions_and_buyer_information\"><\/span>Utilizing Microsoft Safety to safe AI fashions and buyer information<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In abstract, the important thing factors of our strategy to securing fashions on <a href=\"https:\/\/azure.microsoft.com\/products\/ai-foundry\" target=\"_blank\" rel=\"noreferrer noopener\">Azure AI Foundry<\/a> are:\u00a0<\/p>\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Microsoft carries out a wide range of safety investigations for key AI fashions earlier than internet hosting them within the <a href=\"https:\/\/azure.microsoft.com\/products\/ai-model-catalog\" target=\"_blank\" rel=\"noopener\">Azure AI Foundry Mannequin Catalogue<\/a>, and continues to watch for adjustments which will influence the trustworthiness of every mannequin for our clients. You should use the knowledge on the mannequin card, in addition to your belief (or lack thereof) in any given mannequin builder, to evaluate your place in the direction of any mannequin the best way you&#8217;d for any third-party software program library.\u00a0<\/li>\n<\/ol>\n<ol start=\"2\" class=\"wp-block-list\">\n<li>All fashions hosted on Azure are remoted inside the buyer tenant boundary. There is no such thing as a entry to or from the mannequin supplier, together with shut companions like OpenAI.\u00a0<\/li>\n<\/ol>\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Buyer information <a href=\"https:\/\/learn.microsoft.com\/legal\/cognitive-services\/openai\/data-privacy\" target=\"_blank\" rel=\"noreferrer noopener\">isn&#8217;t used to coach fashions<\/a>, neither is it made out there exterior of the Azure tenant (until the client designs their system to take action).\u00a0<\/li>\n<\/ol>\n<h2 class=\"wp-block-heading\" id=\"learn-more-with-microsoft-security\"><span class=\"ez-toc-section\" id=\"Study_extra_with_Microsoft_Safety\"><\/span>Study extra with Microsoft Safety<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To study extra about Microsoft Safety options, go to our\u202f<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noreferrer noopener\">web site.<\/a>\u202fBookmark the\u202f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Safety weblog<\/a>\u202fto maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Safety<\/a>) and X (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>)\u202ffor the newest information and updates on cybersecurity.\u00a0<\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script>\n\t\tfunction facebookTracking() {\n\t\t\t!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n\t\t\t\tn.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;\n\t\t\t\tn.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;\n\t\t\t\tt.src=v;t.type=\"ms-delay-type\";t.setAttribute('data-ms-type','text\/javascript');\n\t\t\t\ts=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,\n\t\t\t\tdocument,'script','https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n\t\t\tfbq('init', '1770559986549030');\n\t\t\t\t\t\tfbq('track', 'PageView');\n\t\t\t\t\t}\n\t<\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New generative AI fashions with a broad vary of capabilities are rising each week. On this world of speedy innovation, when selecting the fashions to combine into your AI system, it&#8217;s essential to make a considerate danger evaluation that ensures a stability between leveraging new developments and sustaining sturdy safety. At Microsoft, we&#8217;re specializing in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3598,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-3596","post","type-post","status-publish","format-standard","has-post-thumbnail","category-cloud-computing"],"_links":{"self":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/3596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3596"}],"version-history":[{"count":1,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/3596\/revisions"}],"predecessor-version":[{"id":3597,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/3596\/revisions\/3597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/media\/3598"}],"wp:attachment":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}