What does PLOT mean?
In Machine Learning, plot is a common term: a graphical technique for representing a data set, usually as a graph showing the relationship between two or more variables. Wikipedia
In the world of Narrative, plot is a sequence of events where each affects the next one through the principle of cause-and-effect. Wikipedia
PLOT in PLOT4ai stands for Privacy Library Of Threats and one of the reasons why I chose the name PLOT is because the term helps to also highlight the importance of the iterative nature of AI/ML and threat modeling.
I started in 2020 building PLOT4ai for myself to be able to help my clients.
But I soon realized how beneficial it would be for others too.
I decided then to create an accessible, adaptable and useful resource that everybody could use to build AI products responsibly.
I found very important that PLOT4ai had an educational function bringing knowledge and encouraging collaboration and team work.
This is something that I have also tried to accomplish by linking research papers to some of the threats,
in an effort to make more knowledge available to the industry.
And although it is called Privacy Library Of Threats, PLOT4ai is not just about privacy and security by design. It is about the whole concept of responsibility towards the individuals that we want to protect and humanity as a whole. PLOT4ai helps you to connect with the people that are represented in your data and with the people that one day could be affected by your models.
How it all started
In 2020 I joined a new AI/ML project where I wanted to implement privacy threat modeling using LINDDUN GO. I am a big fan of the positive effects of threat modeling, especially when it can be practiced with some gaming element in it. I had used LINDDUN GO before in software development, but I quickly realised that I needed to make some adaptations to it if I wanted to make it work for AI/ML. And that is how PLOT4ai started.
Do you want to hear more about it? Watch the video from PEPR'2021 below.
PEPR 2021
In June 2021 I presented my idea for the first time during the Conference on Privacy Engineering Practice and Respect (PEPR'21). Together with Kim Wuyts we introduced LINDDUN and the idea of a AI/ML adaptation. What I then introduced as LINDDUN-ML containing 25 threats, is what has now proudly become PLOT4ai with 86 threats!
You can watch the presentation on YouTube
But you can also watch it here, by enabling the video below.
Bare in mind that by enabling and playing the video in this webpage you still get all the usual YouTube cookies
The slides of the PEPR presentation are still available online and can be downloaded
PLOT4ai mentions
PLOT4ai has been listed as one of the recommended AI assessments tool by the French Data Protection Authority CNIL:
https://www.cnil.fr/en/ai-systems-compliance-other-guides-tools-and-best-practices
It is mentioned as one of the AI privacy-preserving tools and frameworks in the AI and Humand Rights rapport from All Tech is Human:
https://alltechishuman.org/ai-human-rights-report
It has been listed in the OECD catalogue of tools for trustworthy AI:
https://oecd.ai/en/catalogue/tools/plot4ai
It is mentioned in Toreon: Threat Modeling Insider Newsletter
https://www.toreon.com/tmi-newsletter-16-we-need-an-army-of-threat-modelers/
It is listed as one of the attack libraries in The Enchiridion of Impetus Exemplar: A Threat Modeling Field Guide
https://shellsharks.com/threat-modeling
It is recommended in the OEDC paper "AI LANGUAGE MODELS- TECHNOLOGICAL, SOCIO-ECONOMIC AND POLICY CONSIDERATIONS"
https://www.oecd-ilibrary.org/science-and-technology/ai-language-models_13d38f92-en
Bio
My name is Isabel Barberá, I am based in The Netherlands and I work as privacy engineer and AI advisor for different organisations in the private and public sector. Besides my technical background I am currently busy finalising my studies in law.
I love helping others to design and develop solutions responsibly with more than just privacy and security by design in mind. But what I find even more satisfying is seeing how people grow a privacy and responsible mindset and how people learn to effectively apply it in a collaborative way.
You can find me here in case you want to reach out: