Quick Bit: The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries

Full Story:

New guidance on how to deploy AI systems securely has been published by the US National Security Agency in collaboration with six government agencies from the US and other Five Eyes countries.

The guidance, launched on April 15, is the first document published by the NSA’s Artificial Intelligence Security Center (AISC), created in September 2023.

It provides a list of best practices divided into three categories that refer to the three main steps of AI deployment:

Secure the deployment environment
Continuously protect the AI system
Secure AI operation and maintenance

The first set of best practices is designed to help organizations prepare their IT networks to implement AI systems securely. They cover the following domains:

Manage deployment environment governance
Ensure a robust deployment environment architecture
Harden deployment environment configurations
Protect deployment networks from threats with a zero trust mindset

The second set of recommendations refers to the security measures organizations should take while deploying AI systems. The NSA advised them to treat AI tools like other types of software, with vulnerabilities, weaknesses, or malicious code or properties.

They include specific security measures, such as the following:

Validate the AI system before and during use
Secure exposed APIs
Actively monitor model behavior
Protect model weights

Finally, the last set of recommendations outlines longer-term best practices when using AI systems.

They are specific security measures organizations should take when incorporating AI tool use within their organization-approved IT processes and procedures. They include the following:

Enforce strict access controls
Ensure user awareness and training
Conduct audits and penetration testing
Implement robust logging and monitoring
Update and patch regularly
Prepare for high availability (HA) and disaster recovery (DR)
Plan secure delete capabilities

“In the end, securing an AI system involves an ongoing process of identifying risks, implementing appropriate mitigations, and monitoring for issues. By taking the steps outlined in this report to secure the deployment and operation of AI systems, an organization can significantly reduce the risks involved. These steps help protect the organization’s intellectual property, models, and data from theft or misuse,” concluded the report.

Read more: NSA Launches Top 10 Cloud Security Mitigation Strategies

Partner content, here is the link to the original article Read More

Similar Posts