Skip to content

l4tr0d3ctism/MLSecOps

Repository files navigation

MLSecOps Practical Reference Guide

Open-source MLSecOps handbook for AI security, LLM/RAG, and secure MLOps.

Status Version DOI Documentation License: CC BY-SA 4.0

MLSecOps Practical Reference Guide is an open-source handbook for AI security, machine learning security, and secure MLOps across the full ML lifecycle — from data and training through deployment, runtime monitoring, SOC, and governance.

It covers LLM security, RAG security, agentic AI, MCP, AI supply chain security, and DevSecOps patterns for production AI systems. Use it as a practitioner reference — not a product manual or an official OWASP, NIST, or ISO standard.

Read online (recommended) l4tr0d3ctism.github.io/MLSecOps
Source repository github.com/l4tr0d3ctism/MLSecOps
Latest release v1.1.0
Cite (DOI) 10.5281/zenodo.21206781

Who is this for?

Security engineers, ML/MLOps teams, architects, and risk owners who need a practical MLSecOps reference aligned with OWASP AI Exchange, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, OpenSSF Secure MLOps, and CSA MAESTRO — with operational controls, evidence, and rollout guidance.


What this guide adds

This guide synthesizes OWASP, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, OpenSSF Secure MLOps, and CSA MAESTRO. Its operational additions are:

  1. Ten lifecycle control points — one thread from change initiation through monitoring
  2. Explicit release decisions — separate evidence-producing steps from blocking gates (control points 4, 7, 8) and integrity at 9
  3. Evidence Pack — auditable output bundle per release
  4. Implementation Reference — architecture cards, decision matrix, templates, playbooks

Learn more: Chapter 1 — What this guide adds.


Topics covered

Area Chapters / focus
MLSecOps & threat modeling Scope, risk, autonomous AI threats
Data security & privacy Training data, PII, augmentation confidentiality
AI / ML supply chain Model artifacts, provenance, signing
Secure ML pipeline Ten control points, CI/CD gates, Evidence Pack
LLM security & RAG Gateway, guardrails, prompt injection, retrieval ACL
Agentic AI & MCP Tool policy, Intent Gate, scoped execution
Runtime & SOC Monitoring, detection, incident response
Governance & compliance Evidence, maturity roadmap, Kubernetes patterns

Why MLSecOps?

Traditional DevSecOps does not fully address model artifacts, training data, LLMs, RAG, agents, or runtime AI risks.

MLSecOps extends existing security practices with lifecycle-specific controls, evidence generation, and AI-focused governance — without replacing your CI/CD or MLOps platform.


Key features

  • Ten-point lifecycle control model and release decision points
  • Evidence Pack methodology per release
  • Implementation Reference — architecture cards, templates, playbooks
  • Threat / control / tool mapping (Ch.12)
  • LLM, RAG, Agent, and MCP security (Ch.7 · Ch.8)
  • AI supply chain and model artifact security (Ch.5)
  • Kubernetes reference patterns (Ch.16)
  • SOC integration, governance, case studies, and maturity roadmap

Quick start

Read online Documentation site — full guide, search, TOC
Markdown Table of Contents · Chapter 1
Role-based paths GETTING-STARTED.md
Contribute CONTRIBUTING.md · Issues · Discussions
Role Start here
Executive / risk Ch.1Ch.2Ch.14
Security engineer Ch.2Ch.6Ch.12
ML / MLOps Ch.6Ch.5
LLM / RAG / Agent Ch.7Ch.8
Production rollout Appendix ECh.6

Project status, roadmap, and governance: GOVERNANCE.md · CHANGELOG.md.


Architecture

Executive lifecycle (detail in Chapter 6):

MLSecOps lifecycle control model — ten control points from change initiation through monitoring and release decisions

Coverage: classic ML · LLM · RAG · managed AI APIs · agents · MCP · Shadow AI · supply chain · runtime · SOC · governance · Kubernetes patterns.


Downloads

Latest release: v1.1.0 · Zenodo DOI

Format Link
Documentation site l4tr0d3ctism.github.io/MLSecOps
Markdown chapters-en/ in this repository
Source (ZIP) v1.1.0 archive
PDF GitHub Releases
DOCX GitHub Releases

All releases: GitHub Releases.

Build DOCX yourself

You can generate the printable Word edition from the markdown sources in this repository:

pip install -r scripts/requirements-docx.txt
python scripts/build-docx.py --render-mermaid

Output: dist/MLSecOps-Practical-Reference-Guide-v{version}.docx (version read from CITATION.cff).

Option Purpose
--render-mermaid Render missing diagram PNGs from assets/diagrams/source/*.mmd (uses system Chrome or Edge)
--reference path/to/file.docx Override the Word style template
--output path/to/file.docx Custom output path
--skip-validate Skip post-build content checks

The build uses Pandoc with the project Word template (scripts/templates/reference.docx, or auto-download from the v1.0.0 Release DOCX on first run). Template details: scripts/templates/README.md. Maintainer checklist: RELEASING.md.


Frequently asked questions

Question Answer
What is MLSecOps? Security practices for the ML/AI lifecycle — extending DevSecOps with model, data, LLM, RAG, agent, and runtime controls.
Is this an official OWASP or NIST document? No. It references those frameworks but is an independent open-source guide (CC BY-SA 4.0).
Where should I start reading? Documentation site or Chapter 1.
How do I cite this work? Use the Zenodo DOI or CITATION.cff.

Repository structure

MLSecOps/
├── chapters-en/          # Guide chapters (English)
├── assets/diagrams/      # Diagram PNGs and Mermaid source (.mmd)
├── scripts/              # DOCX build (build-docx.py, mermaid_to_png.py)
├── dist/                 # Local DOCX output (gitignored)
├── GETTING-STARTED.md    # Role-based reading paths
├── CITATION.cff          # Citation metadata (DOI)
├── CHANGELOG.md
└── .github/workflows/    # Pages deploy, releases

Community feedback

We welcome review from practitioners.

If you review the guide and agree to be listed, we can add your name under Community reviewers (with your permission only).

Share this project: linking from LinkedIn, blog posts, OWASP community threads, Dev.to, or internal security wikis helps others discover the guide and improves search visibility for MLSecOps and MLSecOps Practical Reference Guide.


Cite this work

See CITATION.cff for machine-readable metadata.

Haghighian, M. (2026). MLSecOps Practical Reference Guide (v1.1.0).
Zenodo. https://doi.org/10.5281/zenodo.21206781

Frameworks referenced

  • OWASP AI Exchange (https://owaspai.org/)
  • OWASP LLM Top 10 (2025)
  • OWASP ML Top 10 (draft)
  • OWASP Agentic / MCP
  • MITRE ATLAS
  • NIST AI RMF
  • ISO/IEC 42001 · ISO/IEC 23894
  • EU AI Act
  • OpenSSF MLSecOps Whitepaper
  • CSA MAESTRO
  • CSA AARM — AARM Alignment (agentic runtime; complementary mapping)

Contributing · License

CONTRIBUTING.md How to contribute
LICENSE CC BY-SA 4.0
SECURITY.md Report issues in this repo
CODE_OF_CONDUCT.md Community standards

Questions: Issues · Discussions.