April 22 — The U.S. National Security Agency, in collaboration with six government agencies from the U.S. and other Five Eyes countries, has released new guidance on the secure deployment of AI systems.
Published on April 15th, the corresponding publication from the NSA’s Artificial Intelligence Security Center (AISC), is a landmark document. The guidance is structured around three categories that refer to the three primary steps involved in AI deployment.
- Securing the deployment environment
- Continuously safeguarding the AI system
- Ensuring secure AI operation and maintenance
Under each phase, a comprehensive list of best practices is provided. For securing the deployment environment, organizations are advised to:
- Establish robust governance for the deployment environment
- Design a resilient deployment environment architecture
- Strengthen deployment environment configurations
- Adopt a zero-trust mindset to shield deployment networks from threats
When deploying AI systems, it’s crucial to treat AI tools like any other software, accounting for vulnerabilities, weaknesses or potential malicious elements. Specific security measures recommended by the NSA include:
- Thorough validation of the AI system pre and post deployment
- Securing any exposed APIs
- Actively monitoring AI model behavior
Long-term best practices for AI system usage entail:
- Enforcing stringent access controls
- Providing user awareness and training
- Conducting regular audits and penetration testing
- Implementing robust logging and monitoring mechanisms
- Ensuring timely updates and patches
- Planning for high availability and disaster recovery scenarios
- Incorporating deletion capabilities
The report emphasizes that securing AI systems, for most organizations, is an ongoing endeavor. It involves risk identification, mitigation implementation and continuous monitoring.
The aforementioned steps significantly mitigate the risks, safeguarding intellectual property, models and data from potential theft or misuse. See the NSA report here.
For information about cutting-edge AI-powered, cloud-delivered cyber security, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.