In this episode of "What's in the SOSS," we welcome back Sarah Evans, Distinguished Engineer at Dell Technologies and a key figure in the OpenSSF's AI/ML working group. Sarah discusses the critical work being done to extend secure software development practices to the rapidly evolving field of AI. She dives into the AI Model Signing project, the groundbreaking MLOps white paper developed in partnership with Ericsson, and the crucial work of identifying and addressing new personas in AI/ML operations. Tune in to learn how OpenSSF is shaping the future of AI security and what challenges and opportunities lie ahead.

Episode Chapters:

• 0:00 Welcome and Introduction to Sarah Evans
• 0:48 Sarah Evans: Role at Dell Technologies and Involvement in OpenSSF
• 1:38 The OpenSSF AI/ML Working Group: Genesis and Goals
• 3:37 Deep Dive: The AI Model Signing Project with Sigstore
• 4:28 AI Model Signing: Benefits for Developers
• 5:20 Transition to the MLSeCOps White Paper
• 5:49 The Mission of the MLSecOps White Paper: Addressing Industry Gaps
• 7:00 Collaboration with Ericsson on the MLEC Ops White Paper
• 8:15 Identifying and Addressing New Personas in AI/ML Ops
• 10:04 The Power of Open Source in Extending Previous Work
• 10:15 Future Directions for OpenSSF's AI/ML Strategy
• 11:21 OpenSSF's Broader AI Security Focus
• 12:08 Sneak Peek: New Companion Video Podcast on AI Security
• 12:31 Sarah's Personal Focus: The Year of the Agents (2025)
• 13:00 Security Concerns: Bringing Together Data Models and Code in AI Applications
• 14:00 Conclusion and Thanks

Episode links:

• Sarah Evans LinkedIn page
• OpenSSF AI/ML Security Working Group
• OpenSSF Blog: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
• OpenSSF Whitepaper: Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
• Get involved with the OpenSSF
• Subscribe to the OpenSSF newsletter
• Follow the OpenSSF on LinkedIn