The United Kingdom (U.K.) and the United States (U.S.), in collaboration with international partners from 16 other countries, have recently announced the release of new guidelines aimed at enhancing the development of secure artificial intelligence (AI) systems. These guidelines prioritize ownership of security outcomes for customers, promote radical transparency and accountability, and establish organizational structures where secure design is a top priority, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The primary objective of these guidelines is to elevate the levels of cybersecurity in AI and ensure that this transformative technology is designed, developed, and deployed in a secure manner. The National Cyber Security Centre (NCSC) further emphasized the importance of these guidelines in safeguarding AI systems from potential cyber threats.
These guidelines not only reinforce the U.S. government’s existing efforts to manage the risks associated with AI but also ensure that new AI tools undergo thorough testing before their public release. The guidelines also address societal concerns such as bias, discrimination, and privacy issues, while establishing robust mechanisms for consumers to identify AI-generated content.
Furthermore, the guidelines necessitate companies to commit to a bug bounty system, which facilitates third-party discovery and reporting of vulnerabilities in their AI systems. This proactive approach allows for swift identification and resolution of security flaws. The NCSC highlighted that these guidelines adopt a “secure by design” approach, where cybersecurity is an essential precondition for AI system safety and integral to the development process from the outset.
The comprehensive framework outlined in the guidelines encompasses secure design, secure development, secure deployment, and secure operation and maintenance. It covers all significant areas within the AI system development life cycle, requiring organizations to assess potential threats to their systems and safeguard their supply chains and infrastructure.
One of the key objectives of these guidelines is to combat adversarial attacks targeting AI and machine learning (ML) systems. Adversarial attacks seek to exploit vulnerabilities in AI systems to cause unintended behavior. This can include manipulating a model’s classification, enabling unauthorized actions by users, or extracting sensitive information.
The NCSC highlighted specific techniques used in adversarial attacks, such as prompt injection attacks in the large language model (LLM) domain or data poisoning by deliberately corrupting training data or user feedback. By addressing these threats, the guidelines aim to enhance the overall security and reliability of AI systems.
The release of these guidelines signifies a collaborative effort by governments and international partners to establish a strong foundation for secure AI development. It emphasizes the importance of prioritizing security throughout the AI lifecycle and encourages organizations to proactively address potential vulnerabilities.
As AI continues to evolve and play an increasingly significant role in various sectors, these guidelines serve as a crucial step towards ensuring the responsible and secure deployment of AI systems. By adhering to these guidelines, developers can contribute to a safer AI landscape, mitigating potential risks and safeguarding against cyber threats.