Cyber & IT Supervisory Forum - Additional Resources

ARTIFICIAL INTELLIGENCE AND CYBERSECURITY RESEARCH

SECURING AI

This report also examines existing approaches to safer AI, to prevent AI from being used to orchestrate cyberattacks or to prevent attacks on AI-based mechanisms and tools. AI systems themselves may be vulnerable to threats due to their own vulnerabilities or vulnerabilities of other interdependent mechanisms. 1.6 AI SECURITY Security-by-design is a concept in software engineering that emphasises the importance of integrating security principles in the early stages of the design and development of systems and applications. This includes considering security risks and vulnerabilities at every stage of development, from architecture and design to implementation and testing. The following list contains examples of security-by-design practises that can be applied to AI systems: • Conducting security risk assessments and threat modelling to identify potential vulnerabilities and attack vectors, • Using secure coding practices and software development frameworks to minimise the risk of coding errors and vulnerabilities, • Implementing secure data handling practices to protect sensitive data and prevent data breaches, • Incorporating security testing and validation into the development process to identify and address security issues early on, • Ensuring that AI systems are designed to be transparent and explainable, so that their behaviour can be audited and verified. The concepts of security-by-design that apply specifically to AI systems, include: • Privacy-by-design: this concept emphasises the importance of incorporating considerations of privacy and data-confidentiality into the design and development of AI systems. • Explainability-by-design: this concept emphasises the importance of designing AI systems that are transparent and explainable, so that their behaviour can be understood and audited by humans. • Robustness-by-design: this concept emphasises the importance of designing AI systems that are resilient to attacks and errors, and that can continue to function even in the face of unexpected inputs or disturbances. • Fairness-by-design: this concept emphasises the importance of designing AI systems that are fair and unbiased, and that do not perpetuate or amplify existing societal biases or discrimination.

23