Ask HN: Deploying AI service on client's server without exposing model and code?
Is there a way to deploy my application without allowing the client to simply copy my model from the container? I assume this can't be an unique situation because a lot of AI companies have clients with sensitive data (e.g. hospitals, banks etc.)
What I've thought of now is to first embed a kill-switch to delete files from container (since the customer is trialing our product for a limited time). As for how to prevent them from directly attaching to the container and copying everything:
1) Restrict access to the docker container somehow (From further research it seems this is not possible with docker)
2) Embed some sort of script into the container such that every time user tries to attach the container, the model and source code files get deleted. We will have removed the image from the server after container creation so they won't be able to run directly run commands from CLI of the host. (is this feasible?)
3) Compile script into C/C++ code and obfuscate (this is not ideal since it will take a lot more work and if they can still copy the contents of the container and they may still be able to access the model).
4) Other options (any recommendations? maybe a more suitable technology than docker?)
I feel like this shouldn't be an isolated situation since a lot of deep learning applications have data privacy concerns. There is always the traditional way of compiling the code, obfuscating, and using product key but most deep learning models still run on python.
I know there is no fool-proof way but just anything to make it harder for them to simply rip us off.
0 comments
[ 3.6 ms ] story [ 11.5 ms ] threadNo comments yet.