April 18, 2024 at 10:45AM
Government agencies from the Five Eyes countries have released joint guidance on deploying and operating externally developed artificial intelligence systems. The guidance focuses on protecting data and AI systems, and includes methodologies for securing the deployment environment, protecting the AI system, and ensuring secure operation and maintenance. The document is available in PDF format.
From the provided meeting notes, it is apparent that the discussed guidance, developed collaboratively by government agencies from the Five Eyes countries, focuses on the deployment and operation of externally developed artificial intelligence systems. The joint guidance expands on previous work and outlines methodologies for protecting data and AI systems. While originally intended for national security purposes, it is noted that the information can be valuable to any organization, particularly those with high-risk or high-value environments.
The document emphasizes the importance of securing the deployment environment, continuously protecting the AI system, and ensuring secure AI operation and maintenance. Specific measures highlighted include managing environment governance, validating the system before and during use, enforcing strict access controls, actively monitoring the model’s behavior, and preparing for high availability and disaster recovery.
The guidance stresses the importance of deploying AI systems that are secure by design and encourages active interest from the designer and developer in the positive security outcomes for the system once in operation. Notably, this guidance represents the first led by the newly launched Artificial Intelligence Security Center (AISC) of the NSA.
The full document, titled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems”, is available in PDF format and can be accessed for further reference.
Additionally, related content includes cybersecurity guidance for smart cities and information on eliminating memory safety bugs, aligning with the theme of cybersecurity and digital resilience. Moreover, the NSA has also issued guidance on incorporating SBOMs to improve cybersecurity. These related resources may offer valuable context or complementary insights to the primary guidance document.