On April 15, 2024, the National Security Agency’s Artificial Intelligence Security Center published guidance on “Deploying AI Systems Securely,” together with CISA, the FBI, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the UK’s National Cyber Security Centre (a/k/a the Five Eyes).
The Cybersecurity Information Sheet provides guidance for “best practices for deploying and operating externally developed artificial intelligence (AI) systems.” The guidance aims to:
- “Improve the confidentiality, integrity, and availability of AI systems.
- Ensure there are appropriate mitigations for known vulnerabilities in AI systems.
- Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.”
The eleven-page guidance provides “best practices to secure the deployment
environment, continuously protect the AI system, and securely operate and maintain the
AI system.” The guidance focuses on security efforts, including securing the deployment environment, managing deployment environment governance, ensuring a robust deployment environment architecture, hardening deployment environment configurations, and protecting the deployment networks from threats, and factors to consider while continuing to protect the AI system.
The guidance can be accessed here.