Feature stores aggregate and serve pre-computed features for model training and inference. They can become single points of compromise: an attacker who can modify feature values can influence model outputs without touching the model itself. A corrupted feature store produces corrupted inputs for every inference request.

Feature stores should enforce four controls. Write access controls ensure that only authorised pipeline components can write features. Integrity checks using checksums or cryptographic signatures on feature values detect unauthorised modifications. Versioning ensures that every feature value change is recorded with a timestamp and provenance. Read access controls ensure that only authorised model serving components can read features.

The feature store security configuration is documented in Module 9. The integrity checking mechanism should be tested by the security team periodically: introduce a known modification to a feature value and verify that the integrity check detects it. This test confirms that the control is operational, not merely configured.

Key outputs

• Write access controls on feature store ingestion
• Integrity checks (checksums or cryptographic signatures)
• Feature versioning with provenance tracking
• Module 9 AISDP documentation