Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Five Eyes Agencies Release New AI Security Guidance

Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems. 

AI security

Organizations looking for guidance and recommendations on deploying and operating externally developed artificial intelligence systems should check out a cybersecurity information sheet authored by government agencies from the Five Eyes countries.

The joint guidance, announced this week, expands on previous work and outlines methodologies for protecting data and AI systems. 

While the guidance is intended for national security purposes, the information can be used by any organization and it can be particularly useful to those with high-risk/high-value environments.

The document focuses on securing the deployment environment, continuously protecting the AI system, and secure AI operation and maintenance. 

Securing the deployment environment includes managing environment governance, ensuring a robust architecture, hardening configurations, and protecting the deployment network from threats. 

[ Learn more at SecurityWeek’s AI Risk Summit at Ritz-Carlton, Half Moon Bay CA ]

Continuously protecting the AI system involves validating the system before and during its use, securing exposed APIs, actively monitoring the model’s behavior, and protecting model weights

For operation and maintenance, the authoring agencies recommend enforcing strict access controls, ensuring user awareness and training, conducting audits and penetration testing, implementing robust logging and monitoring mechanisms, regularly patching systems, planning for the secure deletion of components, and preparing for high availability and disaster recovery. 

Advertisement. Scroll to continue reading.

“AI systems are software systems. As such, deploying organizations should prefer systems that are secure by design, where the designer and developer of the AI system takes an active interest in the positive security outcomes for the system once in operation,” the guidance reads.

The NSA noted that this is the first guidance led by its recently launched Artificial Intelligence Security Center (AISC).

The full document, titled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems”, is available in PDF format. 

Related: Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

Related: Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities

Related: NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights