> For the complete documentation index, see [llms.txt](https://playbooks.equalexperts.com/mlops-playbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://playbooks.equalexperts.com/mlops-playbook/pitfalls-avoid/poor-security-practices.md).

# Poor security practices

Operationalising ML uses a mixture of infrastructure, code and data, all of which should be implemented and operated in a secure way. Our [Secure Development playbook](https://playbooks.equalexperts.com/secure-delivery-playbook/) describes the practices we know are important for secure development and operations and these should be applied to your ML development and operations.

**Some specific security pitfalls to watch out for in ML based solutions are:**

* <mark style="color:blue;">**Making the model accessible to the whole internet**</mark> - making your model endpoint publicly accessible may expose unintended inferences or prediction metadata that you would rather keep private. Even if your predictions are safe for public exposure, making your endpoint anonymously accessible may present cost management issues. A machine learning model endpoint can be secured using the same mechanisms as any other online service.&#x20;
* <mark style="color:blue;">**Exposure of data in the pipeline**</mark> - you will certainly need to include data pipelines as part of your solution. In some cases they may use personal data in the training. Of course these should be protected to the same standards as you would in any other development.&#x20;
* <mark style="color:blue;">**Embedding API Keys in mobile apps**</mark> - a mobile application may need specific credentials to directly access your model endpoint. Embedding these credentials in your app allows them to be extracted by third parties and used for other purposes. Securing your model endpoint behind your app backend can prevent uncontrolled access.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://playbooks.equalexperts.com/mlops-playbook/pitfalls-avoid/poor-security-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.