Organizations looking for guidance and recommendations on deploying and operating externally developed artificial intelligence systems should check out a cybersecurity information sheet authored by government agencies from the Five Eyes countries.
The joint guidance, announced this week, expands on previous work and outlines methodologies for protecting data and AI systems.
While the guidance is intended for national security purposes, the information can be used by any organization and it can be particularly useful to those with high-risk/high-value environments.
The document focuses on securing the deployment environment, continuously protecting the AI system, and secure AI operation and maintenance.
Securing the deployment environment includes managing environment governance, ensuring a robust architecture, hardening configurations, and protecting the deployment network from threats.
[ Learn more at SecurityWeek’s AI Risk Summit at Ritz-Carlton, Half Moon Bay CA ]
Continuously protecting the AI system involves validating the system before and during its use, securing exposed APIs, actively monitoring the model’s behavior, and protecting model weights.
For operation and maintenance, the authoring agencies recommend enforcing strict access controls, ensuring user awareness and training, conducting audits and penetration testing, implementing robust logging and monitoring mechanisms, regularly patching systems, planning for the secure deletion of components, and preparing for high availability and disaster recovery.
“AI systems are software systems. As such, deploying organizations should prefer systems that are secure by design, where the designer and developer of the AI system takes an active interest in the positive security outcomes for the system once in operation,” the guidance reads.
The NSA noted that this is the first guidance led by its recently launched Artificial Intelligence Security Center (AISC).
The full document, titled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems”, is available in PDF format.
Related: Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs
Related: Five Eyes Agencies Issue Cybersecurity Guidance for Smart Cities
Related: NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity
