Global Guidelines For Artificial Intelligence Agreed

Uploaded on 2023-12-06 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

The British National Cyber Security Centre (NCSC) has announced a new set of global guidelines on the security considerations of developing Artificial Intelligence (AI) systems. These guidelines as the first to be agreed globally, with the target of ensuring AI systems are created, developed, and used securely. 

They are descibed by the NCSC as “Guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others”.

The NCSC guidelines have been endorsed by agencies from 18 countries, including all members of the G7, have agreed that companies designing and using AI need to develop and deploy it in a way that keeps customers and the wider public safe from misuse. 

These recommendations apply to anyone developing systems that use AI, whether they are building a new AI tool, or improving an existing system. 

The new  guidelines are the first to be agreed upon globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process, whether those systems have been recently created, or built on top of tools and services provided by others.

The NCSC also wants developers to assess whether the service they are looking to create is “most appropriately addressed using AI”, and if so, whether they should choose to train a new model, use an existing model (and whether this will need fine-tuning), or work with an external model provider.

The guidelines will cover four key areas of an AI system’s development life cycle: secure design, development, deployment, operations and maintenance.

The guidance on secure development covers how developer’s can secure their supply chains, ensuring any software not produced in-house adheres to their organisation’s security standards.Secure development includes generating the appropriate documentation of data, models, and prompts, as well as managing technical debt throughout the development process.

The NCSC’s advice on secure deployment outlines the measures developers should take to protect their infrastructure and models against compromise, threat, or loss. The advisory also requires robust infrastructure security principles across the system’s life cycle such as applying access controls to APIs, models and data, and the models’ training pipelines.  

The guidelines are intended as a global, multi-stakeholder effort to address that issue, following  the UK Government’ hosted AI Safety Summit’s Bletchley Decalaration on sustained international cooperation on managing AI risks.

NCSC:    Gov.UK:     CISA:    Reuters:    ITPro:     Techmonitor:     DatatechVibe:   

Image: Growtika

You Might Also Read:

President Biden Takes Action On Artificial Intelligence:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Nuclear Power Facility Attacked
Unified Patient Data Platform For British Healthcare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Surrey Centre for Cyber Security (SCCS)

Surrey Centre for Cyber Security (SCCS)

The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security.

Censornet

Censornet

Censornet's autonomous, integrated cloud security gives mid-market organisations the confidence and control of enterprise-grade cyber protection.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Propelo

Propelo

Propelo (formerly LevelOps) is an engineering excellence platform that helps increase developer productivity and improve security with data-led insights and workflow automation.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.