The US and UK cybersecurity agencies CISA and NCSC have published security-focused guidance for the developers of systems that leverage AI.
The document, titled Guidelines for Secure AI System Development (PDF), promotes the implementation of secure-by-design principles, as well as transparency and accountability, and prioritizes ownership of security outcomes for customers.
The guidelines, the two agencies note, apply to all types of AI/ML systems, regardless of whether built from scratch or on top of third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure.
Developed in collaboration with over 20 domestic and international cybersecurity organizations, the document has been broken down into four sections, covering different stages of the AI system development lifecycle, namely design, development, deployment, and operation and maintenance.
Meant to be applied in conjunction with cybersecurity, incident response, and risk management best practices, the recommendations demand investments in features, mechanisms, and tools that protect customer data at all layers, throughout the entire system lifecycle, CISA and NCSC say.
“Providers should implement security controls and mitigations where possible within their models, pipelines and/or systems, and where settings are used, implement the most secure option as default,” the two agencies note.
CISA and NCSC also say that providers are responsible for informing users of risks that cannot be mitigated and of advising them how to use systems securely, and that they should treat all cybersecurity risks as critical.
Providers are advised to assess the threats to their systems, focus on security, functionality, and performance during the design stage, to secure their supply chain, protect their assets, secure their infrastructure and protect their model continuously, implement incident response, monitor the system’s behavior and inputs, and implement a secure-by-designed approach to updates.
The guidelines, the two agencies say, are primarily aimed at providers of AI systems, either hosted by an organization or accessed via external APIs. However, all stakeholders, “including data scientists, developers, managers, decision-makers, and risk owners”, are encouraged to read the document “to make informed decisions about the design, development, deployment and operation of their AI systems,” the two agencies note.