AWS re:Invent 2025-Privacy-preserving AI primitives: Building blocks for regulated industries-ARC328

Privacy-Preserving AI Primitives: Building Blocks for Regulated Industries

Urgency of Data Privacy in Regulated Industries

• Regulated industries face growing data protection and privacy requirements, including for AI/ML systems
• Key compliance needs are visibility, secure access, and control over data
• Assurance and verifiable evidence are mandatory to meet governance and accountability mechanisms

AWS Shared Responsibility Model for Regulated Workloads

• AWS provides contractual commitments, certifications, and third-party audits for security of the cloud
• Customers must implement controls and assurance on the security in the cloud, especially for AI/ML workloads

AI/ML Spectrum and Sensitive Data Considerations

• AI/ML systems have two core processes: training and inference
• Each component (training data, code, model, inference inputs/outputs) can contain sensitive data requiring protection
• Regulated environments must apply appropriate controls based on their threat model and compliance requirements

Encryption: The Foundation of Data Protection

• AWS Key Management Service (KMS) provides the central encryption control plane
• Options for storing encryption keys: KMS-managed, dedicated Cloud HSM, external key store, or imported external keys
• Envelope encryption using KMS data keys enables efficient encryption of large datasets
• Client-side encryption using AWS SDKs or libraries provides an additional layer of protection

Tokenization: Reducing Compliance Scope

• Tokenization replaces sensitive data with non-sensitive tokens, stored in a secure token vault
• Serverless architecture using AWS Lambda can implement tokenization with client-side encryption

Confidential Computing: Protecting Data in Use

• AWS Nitro System provides always-on confidential computing for EC2 instances, with third-party validation of no operator access
• Nitro Enclaves and Nitro-based AMIs enable creation of isolated, attested execution environments
• Cryptographic attestation allows these environments to securely access KMS-protected secrets

Federated Learning: Collaborative Model Training

• Federated learning keeps data local and only shares model updates, avoiding the need to move raw data
• Options include open-source Flower framework and NVIDIA Flare, deployable on AWS services
• Security measures include attestable AMIs, client-side encryption, and access control

Differential Privacy: Preserving Individual Privacy

• Differential privacy injects carefully calibrated noise to query results to obscure individual data points
• AWS Clean Room service provides managed differential privacy controls for secure multi-party data collaboration

Homomorphic Encryption: Computing on Encrypted Data

• Fully homomorphic encryption enables computation on encrypted data without decryption
• Open-source libraries like OpenFHE provide APIs for encrypted operations like vector multiplication and ML inference
• AWS provides integration options for serverless, GPU-accelerated, and asynchronous encrypted processing

Key Takeaways

• AWS provides a comprehensive set of "privacy in depth" building blocks for regulated AI/ML workloads
• Customers can combine these primitives to meet their specific compliance and data protection requirements
• Encryption, confidential computing, federated learning, differential privacy, and homomorphic encryption are all available on AWS
• These technologies enable customers to innovate on the cloud while maintaining control and assurance over sensitive data