Privacy Library Of Threats 4 Artificial Intelligence
A threat modeling library to help you build responsible AI
What is PLOT4ai?
It is a library containing (at this moment) a collection of 86 different threats and a threat modeling methodology.
With PLOT4ai you can:
- Perform threat modeling on AI/ML systems
- Start doing Privacy by Design the right way
- Create Responsible AI
Why threat modeling?
"When you perform threat modeling, you begin to recognize what can go wrong in a system. It also allows you to pinpoint design and implementation issues that require mitigation, whether it is early in or throughout the lifetime of the system."
Source: Threat Modeling Manifesto
Frequently Asked Questions
Got a question? We might already have the answer
Under which license is the library published?
PLOT4ai by Isabel Barberá is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License
For any reuse or distribution, you must make the license terms of this work clear to others.
What are the differences with LINDDUN?
LINDDUN is a privacy threat modeling methodology that I think can work very well with software development, but it is not adapted for AI/ML. It contains different categories and threats, but it also has a lot of similarities with PLOT4ai. In fact, PLOT4ai is inspired by LINDDUN - read the story here. I really recommend you try it!
Which regulations are covered within the Non-compliance category?
For the time being this category is only based on the GDPR.
Do I need to use all the cards during the threat modeling session?
You can first check all the cards and remove the ones that are not relevant to you; for instance some of them are related to robotics and this might not be applicable to your case.
I recommend you to go through all or most of the cards (that you selected) during the design phase of your project. This should not take more than 2 sessions. And this is also a good exercise for start-ups that do not have a mature quality process implemented yet!
You could also decide to remove the cards related to the category security and plan a separate session for that. The security threats of AI/ML are mostly very technical and that is why it's important that the right stakeholders are present during this session.
A similar situation occurs with the category Ethics & Human Rights; answering these cards could take longer than usual due to the nature of the subject, so a dedicated session might work better.
Where does all the information in the library come from?
The library is the result of months of research work analyzing different sources of information, like whitepapers, guidelines, best practices, articles, blogs, and regulations like the new EU proposal for AI. All these sources are directly mentioned in the cards or in the reference list on this website.
The library also contains content created by me. My experience in the field has played an important role here; otherwise I could have never been able to create PLOT4ai by myself ;-)
Why is PLOT4ai free? Do you have a commercial purpose?
The reason why I dedicated so many hours to this project is because I strongly believe in it and would like nothing more than the whole world adapting this. If more responsible products are created with this, then that will be my greatest reward.
In a future I would like to teach others how to use PLOT4ai; that is the only commercial purpose I can foresee. But this is something that all of you can also do, and that hopefully a lot of you will do! I would love to see people teaching PLOT4ai!
Having released this first version of PLOT4ai, we have a few more exciting items on the roadmap:
This is a first version, created by a single person. I released this knowing there will be a lot of things that can be improved. From here on I would love to keep improving the existing library and methodology with your help. I created PLOT4ai hoping one day it will be a community driven project because with your contribution it can grow to become even beter.
Interested in supporting this open source project? See How to contribute for more information
An online tool
At this moment we're working on the creation of a free open source tool that will allow you to have interactive threat modeling sessions using PLOT4ai. Some of the features this tool will have:
- Privacy friendly tool that can also be used offline
- Possibility to select only applicable categories and customize your game
- Possibility to edit and create new categories locally adapting it to your needs
- A way to document threats and assign a risk score
- Import / export functionality, also to Jira!