The Artificial Intelligence Security Center (AISC) of the U.S. National Security Agency, along with other cybersecurity organisations, has published guidelines for secure AI system deployment and operation. Careful setup and configuration are necessary to deploy AI systems securely, and organisations should implement robust security measures that prevent theft of sensitive data and mitigate misuse of AI systems.
Protecting model weights is particularly critical. AI systems are software systems, so deploying organisations should prefer systems that are secure by design. Conducting ongoing compromise assessments, hardening and updating the IT deployment environment, reviewing the source of AI models and supply chain security, validating the AI system before deployment, enforcing strict access controls and API security, using robust logging, monitoring, and user and entity behaviour analytics (UEBA), limiting and protecting access to the model weights, and maintaining awareness of current and emerging threats are some essential measures. Securing an AI system involves identifying risks, implementing appropriate mitigations, and monitoring for issues.
Source: Australian Signals Directorate
Leave a Reply