Open-source MLSecOps handbook for AI security, LLM/RAG, and secure MLOps.
MLSecOps Practical Reference Guide is an open-source handbook for AI security, machine learning security, and secure MLOps across the full ML lifecycle — from data and training through deployment, runtime monitoring, SOC, and governance.
It covers LLM security, RAG security, agentic AI, MCP, AI supply chain security, and DevSecOps patterns for production AI systems. Use it as a practitioner reference — not a product manual or an official OWASP, NIST, or ISO standard.
| Read online (recommended) | l4tr0d3ctism.github.io/MLSecOps |
| Source repository | github.com/l4tr0d3ctism/MLSecOps |
| Latest release | v1.1.0 |
| Cite (DOI) | 10.5281/zenodo.21206781 |
Security engineers, ML/MLOps teams, architects, and risk owners who need a practical MLSecOps reference aligned with OWASP AI Exchange, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, OpenSSF Secure MLOps, and CSA MAESTRO — with operational controls, evidence, and rollout guidance.
This guide synthesizes OWASP, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, OpenSSF Secure MLOps, and CSA MAESTRO. Its operational additions are:
- Ten lifecycle control points — one thread from change initiation through monitoring
- Explicit release decisions — separate evidence-producing steps from blocking gates (control points 4, 7, 8) and integrity at 9
Evidence Pack— auditable output bundle per release- Implementation Reference — architecture cards, decision matrix, templates, playbooks
Learn more: Chapter 1 — What this guide adds.
| Area | Chapters / focus |
|---|---|
| MLSecOps & threat modeling | Scope, risk, autonomous AI threats |
| Data security & privacy | Training data, PII, augmentation confidentiality |
| AI / ML supply chain | Model artifacts, provenance, signing |
| Secure ML pipeline | Ten control points, CI/CD gates, Evidence Pack |
| LLM security & RAG | Gateway, guardrails, prompt injection, retrieval ACL |
| Agentic AI & MCP | Tool policy, Intent Gate, scoped execution |
| Runtime & SOC | Monitoring, detection, incident response |
| Governance & compliance | Evidence, maturity roadmap, Kubernetes patterns |
Traditional DevSecOps does not fully address model artifacts, training data, LLMs, RAG, agents, or runtime AI risks.
MLSecOps extends existing security practices with lifecycle-specific controls, evidence generation, and AI-focused governance — without replacing your CI/CD or MLOps platform.
- Ten-point lifecycle control model and release decision points
Evidence Packmethodology per release- Implementation Reference — architecture cards, templates, playbooks
- Threat / control / tool mapping (Ch.12)
- LLM, RAG, Agent, and MCP security (Ch.7 · Ch.8)
- AI supply chain and model artifact security (Ch.5)
- Kubernetes reference patterns (Ch.16)
- SOC integration, governance, case studies, and maturity roadmap
| Read online | Documentation site — full guide, search, TOC |
| Markdown | Table of Contents · Chapter 1 |
| Role-based paths | GETTING-STARTED.md |
| Contribute | CONTRIBUTING.md · Issues · Discussions |
| Role | Start here |
|---|---|
| Executive / risk | Ch.1 → Ch.2 → Ch.14 |
| Security engineer | Ch.2 → Ch.6 → Ch.12 |
| ML / MLOps | Ch.6 → Ch.5 |
| LLM / RAG / Agent | Ch.7 → Ch.8 |
| Production rollout | Appendix E → Ch.6 |
Project status, roadmap, and governance: GOVERNANCE.md · CHANGELOG.md.
Executive lifecycle (detail in Chapter 6):
Coverage: classic ML · LLM · RAG · managed AI APIs · agents · MCP · Shadow AI · supply chain · runtime · SOC · governance · Kubernetes patterns.
Latest release: v1.1.0 · Zenodo DOI
| Format | Link |
|---|---|
| Documentation site | l4tr0d3ctism.github.io/MLSecOps |
| Markdown | chapters-en/ in this repository |
| Source (ZIP) | v1.1.0 archive |
| GitHub Releases | |
| DOCX | GitHub Releases |
All releases: GitHub Releases.
You can generate the printable Word edition from the markdown sources in this repository:
pip install -r scripts/requirements-docx.txt
python scripts/build-docx.py --render-mermaidOutput: dist/MLSecOps-Practical-Reference-Guide-v{version}.docx (version read from CITATION.cff).
| Option | Purpose |
|---|---|
--render-mermaid |
Render missing diagram PNGs from assets/diagrams/source/*.mmd (uses system Chrome or Edge) |
--reference path/to/file.docx |
Override the Word style template |
--output path/to/file.docx |
Custom output path |
--skip-validate |
Skip post-build content checks |
The build uses Pandoc with the project Word template (scripts/templates/reference.docx, or auto-download from the v1.0.0 Release DOCX on first run). Template details: scripts/templates/README.md. Maintainer checklist: RELEASING.md.
| Question | Answer |
|---|---|
| What is MLSecOps? | Security practices for the ML/AI lifecycle — extending DevSecOps with model, data, LLM, RAG, agent, and runtime controls. |
| Is this an official OWASP or NIST document? | No. It references those frameworks but is an independent open-source guide (CC BY-SA 4.0). |
| Where should I start reading? | Documentation site or Chapter 1. |
| How do I cite this work? | Use the Zenodo DOI or CITATION.cff. |
MLSecOps/
├── chapters-en/ # Guide chapters (English)
├── assets/diagrams/ # Diagram PNGs and Mermaid source (.mmd)
├── scripts/ # DOCX build (build-docx.py, mermaid_to_png.py)
├── dist/ # Local DOCX output (gitignored)
├── GETTING-STARTED.md # Role-based reading paths
├── CITATION.cff # Citation metadata (DOI)
├── CHANGELOG.md
└── .github/workflows/ # Pages deploy, releases
We welcome review from practitioners.
- Bug or typo: Open an issue
- Suggestion / discussion: GitHub Discussions
- Pull request: see CONTRIBUTING.md
If you review the guide and agree to be listed, we can add your name under Community reviewers (with your permission only).
Share this project: linking from LinkedIn, blog posts, OWASP community threads, Dev.to, or internal security wikis helps others discover the guide and improves search visibility for MLSecOps and MLSecOps Practical Reference Guide.
See CITATION.cff for machine-readable metadata.
Haghighian, M. (2026). MLSecOps Practical Reference Guide (v1.1.0).
Zenodo. https://doi.org/10.5281/zenodo.21206781
- OWASP AI Exchange (https://owaspai.org/)
- OWASP LLM Top 10 (2025)
- OWASP ML Top 10 (draft)
- OWASP Agentic / MCP
- MITRE ATLAS
- NIST AI RMF
- ISO/IEC 42001 · ISO/IEC 23894
- EU AI Act
- OpenSSF MLSecOps Whitepaper
- CSA MAESTRO
- CSA AARM — AARM Alignment (agentic runtime; complementary mapping)
| CONTRIBUTING.md | How to contribute |
| LICENSE | CC BY-SA 4.0 |
| SECURITY.md | Report issues in this repo |
| CODE_OF_CONDUCT.md | Community standards |
Questions: Issues · Discussions.
