Whitelisting
Allowing only pre-approved data sources, libraries, or model components in AI pipelines to reduce risk from unvetted or malicious elements.
Definition
A restrictive security control where only explicitly authorized artifacts—dataset URIs, Python packages, container images—are permitted in training and inference workflows. Governance maintains a central whitelist registry with approval workflows for additions and periodic reviews to remove obsolete entries, ensuring all pipeline components meet organizational security and compliance standards.
Real-World Example
A financial-services firm configures its MLOps environment so that only Docker images from the internal “approved-images” registry can run training jobs. Any attempt to use unlisted images is automatically blocked, preventing introduction of unvetted code or vulnerabilities.
.svg)
