ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Introduction to the Databricks AI Security Framework (DASF)
20

The Databricks AI Security Framework (DASF) is a comprehensive security framework designed to address the growing risks and vulnerabilities associated with integrating AI and machine learning technologies in organizations. With AI becoming a pivotal force in driving innovation and productivity, the framework provides a holistic approach to managing security risks throughout the AI lifecycle. It emphasizes the importance of responsible AI deployment, including safeguarding data, ensuring compliance with evolving regulations, and mitigating potential threats at each AI system development and operation stage.
21

DASF defines 12 critical components of AI systems, ranging from raw data and data preparation to machine learning models, model management, and AI platform security. It highlights the associated risks and threats while providing detailed, practical guidance on security controls to mitigate them. The framework is grounded in real-world scenarios, emphasizing how attackers can exploit vulnerabilities to compromise AI-driven systems.
22

The framework equips data, AI, and security teams with clear guidelines for securing AI systems, whether they are predictive models, generative AI, or external models integrated into the organization’s workflows. This cross-practice view fosters a structured approach to securing AI environments involving predictive models, generative AI, or external AI models.
23
Purpose of the Compendium Document
24

The compendium document is a flexible tool for practitioners to engage with the Databricks AI Security Framework (DASF) by organizing and applying its risks, threats, controls, and mapping to industry-recognized standards. This document is designed to give AI and security teams the ability to categorize and track risks throughout the AI lifecycle while also providing customizable controls to mitigate these risks in various environments. We’ve also created a companion instructional video that provides a guided walkthrough of the DASF and its compendium.
25

Beyond outlining risks, the compendium allows practitioners to tailor the DASF guidelines to fit their organization's AI security needs. By using this document, teams can:
26

- Assess and categorize risks across different AI system components, from raw data to machine learning models.
- Map relevant security controls to these risks, making it easier to implement targeted mitigations.
- Adapt controls for specific uses, such as regulatory compliance, internal audits, or governance requirements.
- Track the implementation of security measures, identifying any gaps that require further attention.
27
- Map risks and controls to industry-recognized standards, such as MITRE ATLAS and ATTACK, OWASP LLM and ML top 10, NIST, ISO, HITRUST, etc.
28

Most imporantly, we appreciate your commitment to securing AI systems by utilizing the Databricks AI Security Framework (DASF). By adopting this framework and the accompanying compendium, you are taking important steps to improve security of your organization's AI assets. Please be aware that implementing a specific DASF control does not guarantee compliance with any particular set of regulatory requirements. This document and the accompanying white paper are intended as educational resources and may contain inaccuracies or omissions. We reserve the right to update these materials at any time without prior notice. Readers are advised to consult with cybersecurity professionals and legal experts for guidance on proper implementation and regulatory compliance. Should you have any questions or need further assistance in implementing DASF, please don't hesitate to reach out to us at DASF@Databricks.com.
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100