Skip to content

Getting Started

Quick entry points for the MLSecOps Practical Reference Guide.
Full section list: TABLE-OF-CONTENTS.md.


Quick Start (5 Minutes)

  1. Read Why this guide matters (Chapter 1)
  2. Skim What this guide adds (Chapter 1)
  3. Skim Attack surface matrix (Chapter 2)
  4. Review Lifecycle control points (Chapter 6)
  5. Open Primary Mapping (Chapter 12)

New to AI Security?

Recommended reading order for a first pass:

  1. Chapter 1 — Introduction
  2. Chapter 2 — Scope and threat model
  3. Chapter 3 — Threat landscape
  4. Chapter 6 — Lifecycle pipeline
  5. Chapter 7 — LLM and RAG security
  6. Chapter 12 — Threat, control, and tool mapping

Then branch by role or goal using the tables below.


When to use this guide vs. OWASP AI Exchange

You need… Start here
Threat/control taxonomy for any AI type, risk-analysis decision tree, deep testing methodology OWASP AI Exchange
Lifecycle control points, release gates, Evidence Pack, K8s/MCP ops patterns This guide (Chapter 6, Appendix E)
Both Exchange for what threats/controls apply → this guide for when to implement and what evidence to keep

Relationship detail: Chapter 1 — Relationship to OWASP AI Exchange.


By goal

Goal Path
Executive overview Ch. 1214
Threat understanding Ch. 3213
Implement lifecycle controls Ch. 61215 checklists
LLM / RAG / Agent Ch. 789 · AARM alignment
Managed AI API only Ch. 2 managed AI7Appendix D
Shadow AI / governance Ch. 21113 Samsung case
MCP security Ch. 7 MCP81213 MCP lab
SOC / operations Ch. 1011
Kubernetes Ch. 16
Production rollout Appendix E → Ch. 6 → Ch. 12

By role

Role Recommended path
Application / Security Architect Ch. 2 → 6 → Appendix E → 12
AppSec / AI Security Engineer Ch. 3 → 6 → 7 → 10 → 12
ML / MLOps Engineer Ch. 6 → 5 → 4 → 9
Platform / SRE Ch. 16 → 6 → 10
GRC / Compliance Ch. 11 → 15 → Appendix D

Minimum Production Security Baseline

From Chapter 6 and Appendix E:

  1. Threat model with release blockers at control points 4, 7, 8, 9
  2. Evidence Pack per release (template in Appendix E.4)
  3. Runtime logging to SOC (Chapter 10)
  4. Architecture card matching your stack (Appendix E.1)

Maturity detail: Chapter 14.


Formats

Format Location
Markdown (source) chapters-en/*.md in this repo
Word / PDF GitHub Releases v1.1.0
Documentation site l4tr0d3ctism.github.io/MLSecOps

Give feedback

Help improve v1.1: open an issue or start a discussion.