Enhancing Security and Compliance in ML Applications: JFrog’s Partnership with Qwak

CXOToday has engaged in an exclusive interview with Prasanna Raghavendra, Senior Director, R&D, JFrog

Can you briefly describe the core mission and services of JFrog, especially focusing on the aspects that align with this new integration with Qwak?

Machine Learning (ML) models are rapidly becoming standard components in modern software applications. Bringing model development and management into the traditional software development lifecycle (SDLC) and software supply chain is essential for security, traceability, and trust of the software being released. JFrog is already seen as the gold standard for artifact management and DevSecOps processes, thus collaborating with Qwak to bring ML Model management, Model Security and compliance, into a unified software supply chain platform is a natural next step for helping developers, data scientists, and security teams deliver trusted software at scale in the era of AI.

What was the primary motivation behind partnering with Qwak for this integration?

Modern AI applications are having a dramatic impact on our industry, but there are still certain hurdles when it comes to bringing ML models to production. The process of building ML models can be complex and time-intensive, which prevents many data scientists from turning concepts into production-ready models. Bridging the gap between MLOps and DevSecOps workflows is key to advancing the next generation of AI applications, which is why we chose to partner with Qwak to deliver an end-to-end platform for building and releasing AI applications faster, with minimal risk and less cost.

How does the new integration specifically streamline and accelerate the delivery of ML applications at scale?

Building ML pipelines can be complicated, time-consuming, and costly to organizations looking to scale their MLOps capabilities. These homegrown solutions are not equipped to manage and protect the process of building, training, and tuning ML models at scale with little to no audibility. By uniting JFrog Artifactory and JFrog Xray with Qwak’s ML Platform brings ML apps alongside all other software development components in a modern DevSecOps and MLOps workflow, enabling data scientists, ML engineers, Developers, Security, and DevOps teams to easily build ML apps quickly, securely, and in compliance with all regulatory guidelines.

How does the integration address the previously siloed nature of ML models and traditional software development processes?

Today, Data Scientists, ML Engineers, and DevOps teams do not have a common process for delivering software. This can often introduce friction between teams, difficulty in scaling processes, and a lack of standards in management and compliance across enterprise systems. Organizations need to securely govern their artifacts (ML models) in a trusted location where they can control access to their data to ensure the secure management of models from development to production and that is what our integration with Qwak delivers: a complete MLSecOps solution that helps bridge the MLOps/DevSecOps-gap by bringing ML models in-line with established software development processes, creating a single source of truth for all software components so companies can build and release AI-powered applications faster.

Given the discovery of malicious ML Models in widely used repositories, as mentioned in the announcement, how does this integration enhance security and compliance for ML applications?

The discoveries made by the JFrog Security Research team underscore the need for companies to have a single system of record that helps automate the development of ML Models with a documented chain of provenance and security record so they can develop with peace of mind knowing they are secure and compliant. Additionally, real-time analysis of dependencies ensures that data scientists, ML engineers, developers, and compliance stakeholders clearly understand the components influencing their models. Our integration with Qwak empowers users to make informed decisions by integrating the advanced MLOps capabilities of Qwak with advanced scanning capabilities powered by JFrog.

What measures have been put in place to ensure end-to-end software supply chain visibility and governance through this partnership?

By uniting JFrog Artifactory and Xray with Qwak’s ML Platform we’re enabling ML apps to be monitored alongside all other software components in a modern MLSecOps workflow, enabling data scientists, ML engineers, Developers, Security, and DevOps teams to easily build ML apps quickly, securely, and in compliance with all regulatory guidelines. The native Artifactory integration connects JFrog’s universal ML Model registry with a centralized MLOps platform so users can easily build, train, and deploy models with greater visibility, governance, versioning, and security. Using a centralized platform for ML model deployment also allows users to focus less on infrastructure and more on their core data science tasks.

How does this integration redefine the roles and workflows of data scientists, ML engineers, and DevOps teams in building ML applications?

This integration in no way redefines the roles of each of the stated teams. Rather it unites them with a single source of truth and common workflow that provides full transparency of software assets at every stage of development to ensure consistency, help mitigate risk, and align development practices with organizational guidelines. This business partnership and technology integration will help advance our industry through the secure delivery of AI applications at scale.