DevSecMLOps: Security-by-Design for Trustworthy Machine Learning Pipelines

Context

Machine Learning Operations (MLOps) has become essential to managing the lifecycle of machine learning (ML) models, enabling continuous delivery, automation, and reproducibility. However, the rapid adoption of MLOps has advanced more quickly than the integration of robust security practices. Traditional software security practices—such as static analysis, dynamic scans, and vulnerability assessments—are well established, but ML pipelines present additional unique security concerns [1] [2]. For instance, ML systems face risks like adversarial attacks, model poisoning, training data compromise, drift, and injection attacks [3]. Additionally, privacy and compliance challenges—such as protecting personally identifiable information (PII) during data ingestion and model training—introduce further complexity that traditional security methods often overlook [4]. This suggests that machine learning models require security controls tailored to their lifecycle, from data collection to training, deployment, and monitoring. Current MLOps practices lack comprehensive built-in security mechanisms tailored to ML-specific risks and are fragmented: they either target specific threats, lack end-to-end traceability across the pipeline, or introduce prohibitive overhead that undermines the agility promised by MLOps. This has given rise to the emerging field of DevSecMLOps, which aims to extend the principles of DevSecOps [5, 6] to machine learning systems, ensuring both agility and security in AI-based applications.

The core problem is therefore the absence of a unified, systematic, and pipeline-wide approach to integrate security-by-design into MLOps pipelines. We lack frameworks that can:

Embed security requirements explicitly into ML workflows from the start,

Continuously enforce and monitor these requirements across all pipeline stages, and

Adapt to evolving threats without slowing down the pace of deployment.

Without such an approach, organizations risk deploying AI systems that are performant but fragile, exposing them to critical security and privacy breaches.

Objectives

The PhD will investigate the foundations and practical mechanisms of DevSecMLOps. The specifics of security in MLOps will mainly concern privacy. Users of ML-based solutions are legitimately concerned about the future of their data (e.g., where it is stored and who has access to it), and data anonymization is a key concern. The other facet of security (e.g., who is responsible in the event of a security problem?, how to ensure that ML models are robust against attacks and cannot be used maliciously) will also have to be taken into account. The research will focus on embedding security requirements directly into ML workflows, ensuring that threats such as data poisoning, adversarial manipulation, and privacy leakage are anticipated and mitigated early. It will also explore AI-driven automation to support continuous security checks, balancing the rigour of security with the agility of continuous delivery. The expected result is a methodological and technical framework that operationalizes security for ML pipelines, enabling organizations to deploy AI systems that are both performant and trustworthy.

Mission

The PhD candidate will conduct a comprehensive study of vulnerabilities across ML lifecycles, identify the security issues associated with current MLOPs practices, and analyze how existing DevSecOps principles can be extended to MLOps. The candidate will design security-by-design mechanisms tailored to ML workflows, from data ingestion and preprocessing to model training and deployment. These mechanisms should be developed, while acknowledging that those systems evolve rapidly. The candidate will also explore the use of machine learning for automating security checks, generating adversarial tests, and detecting pipeline anomalies. Finally, the proposed solutions will be validated through industrial case studies (from Softeam Group), demonstrating their effectiveness in mitigating threats while maintaining reproducibility and delivery speed.

References

[1] X. Zhang, ‘Conceptualizing, Applying and Evaluating SecMLOps: A Paradigm for Embedding Security into the ML Lifecycle’, Carleton University, 2025. Accessed: Sept. 08, 2025. [Online]. Available: https://hdl.handle.net/20.500.14718/43535 

[2] B. Eken, S. Pallewatta, N. Tran, A. Tosun, and M. A. Babar, ‘A Multivocal Review of MLOps Practices, Challenges and Open Issues’, ACM Comput. Surv., July 2025, doi: 10.1145/3747346. 

[3] Hinder, F., Vaquet, V., & Hammer, B. ‘Adversarial Attacks for Drift Detection’. 2024. Accessed: Sept. 08, 2025. [Online]. Available: https://arxiv.org/html/2411.16591v1 

[4] S. Panchumarthi, ‘DevSecMLOps: A Security Framework for Machine Learning Pipelines’, Authorea Preprints. Accessed: Sept. 07, 2025. [Online]. Available: https://www.authorea.com/doi/full/10.36227/techrxiv.175037181.12992346?commit=6b759b374daa544b9579f507221f2da101c2a9f4 

[5] Enoiu, E. P., Truscan, D., Sadovykh, A., & Mallouli, W. (2023, August). VeriDevOps software methodology: security verification and validation for DevOps practices. In  Proceedings of the 18th International Conference on Availability, Reliability and Security (pp. 1-9).

[6] Nigmatullin, I., Sadovykh, A., Messe, N., Ebersold, S., & Bruel, J. M. (2022, April). RQCODE–Towards Object-Oriented Requirements in the Software Security Domain. In IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW 2022) (pp. 2-6). IEEE.

L’Institut de Recherche en Informatique de Toulouse (IRIT), une des plus imposantes Unité Mixte de Recherche (UMR 5505) au niveau national, est l’un des piliers de la recherche en Occitanie avec ses 600 membres, permanents et non-permanents, et une centaine de collaborateurs extérieurs. De par son caractère multi-tutelle (CNRS, Universités toulousaines), son impact scientifique et ses interactions avec les autres domaines, le laboratoire constitue une des forces structurantes du paysage de l’informatique et de ses applications dans le monde du numérique, tant au niveau régional que national. Notre unité a su, par ses travaux de pointe et sa dynamique, définir son identité et acquérir une visibilité incontestable, tout en se positionnant au cœur des évolutions des structures locales : Communauté d’Universités et établissements de Toulouse (COMUE), ainsi que les divers dispositifs issus des investissements d’avenir (LabEx CIMI, IRT Saint-Exupéry, SAT TTT…).

Master’s students

Required skills: MLOps, software engineering, cybersecurity

The candidate must send his/her CV as well as grades to candidate.