<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Securing on Compile My Mind</title>
		<link>https://www.compilemymind.com/tags/securing/</link>
		<description>Recent content in Securing on Compile My Mind</description>
		<generator>Hugo</generator>
		<language>en</language>
		
		
		
		
			<lastBuildDate>Mon, 13 Jul 2026 23:48:43 +0300</lastBuildDate>
		
			<atom:link href="https://www.compilemymind.com/tags/securing/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>Securing the AI Supply Chain on GKE: Introducing k8s-aibom for Automated AI BOMs</title>
				<link>https://www.compilemymind.com/posts/securing-the-ai-supply-chain-on-gke-introducing-k8s-aibom-for-automated-ai-boms-pr/</link>
				<pubDate>Mon, 13 Jul 2026 23:48:43 +0300</pubDate>
				<guid>https://www.compilemymind.com/posts/securing-the-ai-supply-chain-on-gke-introducing-k8s-aibom-for-automated-ai-boms-pr/</guid>
				<description>&lt;p&gt;The rapid democratization of Artificial Intelligence (AI) and Machine Learning (ML) has fundamentally shifted how development teams build applications. Today, a developer can spin up a state-of-the-art large language model (LLM) locally or on a Kubernetes cluster in minutes using open-source runtimes like vLLM, Triton Inference Server, Ollama, or Hugging Face Text Generation Inference (TGI).&lt;/p&gt;&#xA;&lt;p&gt;However, this speed introduces a massive governance challenge: &lt;strong&gt;Shadow AI&lt;/strong&gt;. Workloads deployed by developers without formal registration often evade traditional security scanners. Security teams are left in the dark, unable to answer fundamental questions: &lt;em&gt;What models are running in our production clusters? Where did those model weights originate? Are they subject to licensing, bias, or security vulnerabilities?&lt;/em&gt;&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
