Zero-Trust Artificial Intelligence Model Security Based on Moving Target Defense and Content Disarm and Reconstruction

--This paper examines the challenges in distributing AI models through model zoos and file transfer mechanisms. Despite advancements in security measures, vulnerabilities persist, necessitating a multi-layered approach to mitigate risks effectively. The physical security of model files is critical, requiring stringent access controls and attack prevention solutions. This paper proposes a novel solution architecture composed of two prevention approaches. The first is Content Disarm and Reconstruction (CDR), which focuses on disarming serialization attacks that enable attackers to run malicious code as soon as the model is loaded. The second is protecting the model architecture and weights from attacks by using Moving T arget Defense (MTD), alerting the model structure, and providing verification steps to detect such attacks. The paper focuses on the highly exploitable Pickle and PyT orch file formats. It demonstrates a 100% disarm rate while validated against known AI model repositories and actual malware attacks from the HuggingFace model zoo. The swift evolution of Artificial Intelligence (AI) technology has made it a top priority for cybercriminals looking to obtain confidential information and intellectual property. These malicious individuals may try to exploit AI systems for their own gain, using specialized tactics alongside conventional IT methods. Given the broad spectrum of potential attack strategies, safeguards must be extensive. Experienced attackers frequently employ a combination of techniques to execute more intricate operations, which can render layered defenses ineffective. While adversarial AI model security [1, 2], privacy [3] and operational security aspects of AI receive much attention [4, 5], it's equally important to address the physical file security aspects of AI models.