Global Guidelines For Artificial Intelligence Agreed

Uploaded on 2023-12-06 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

The British National Cyber Security Centre (NCSC) has announced a new set of global guidelines on the security considerations of developing Artificial Intelligence (AI) systems. These guidelines as the first to be agreed globally, with the target of ensuring AI systems are created, developed, and used securely. 

They are descibed by the NCSC as “Guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others”.

The NCSC guidelines have been endorsed by agencies from 18 countries, including all members of the G7, have agreed that companies designing and using AI need to develop and deploy it in a way that keeps customers and the wider public safe from misuse. 

These recommendations apply to anyone developing systems that use AI, whether they are building a new AI tool, or improving an existing system. 

The new  guidelines are the first to be agreed upon globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process, whether those systems have been recently created, or built on top of tools and services provided by others.

The NCSC also wants developers to assess whether the service they are looking to create is “most appropriately addressed using AI”, and if so, whether they should choose to train a new model, use an existing model (and whether this will need fine-tuning), or work with an external model provider.

The guidelines will cover four key areas of an AI system’s development life cycle: secure design, development, deployment, operations and maintenance.

The guidance on secure development covers how developer’s can secure their supply chains, ensuring any software not produced in-house adheres to their organisation’s security standards.Secure development includes generating the appropriate documentation of data, models, and prompts, as well as managing technical debt throughout the development process.

The NCSC’s advice on secure deployment outlines the measures developers should take to protect their infrastructure and models against compromise, threat, or loss. The advisory also requires robust infrastructure security principles across the system’s life cycle such as applying access controls to APIs, models and data, and the models’ training pipelines.  

The guidelines are intended as a global, multi-stakeholder effort to address that issue, following  the UK Government’ hosted AI Safety Summit’s Bletchley Decalaration on sustained international cooperation on managing AI risks.

NCSC:    Gov.UK:     CISA:    Reuters:    ITPro:     Techmonitor:     DatatechVibe:   

Image: Growtika

You Might Also Read:

President Biden Takes Action On Artificial Intelligence:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Nuclear Power Facility Attacked
Unified Patient Data Platform For British Healthcare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Pipeline Security

Pipeline Security

Pipeline Security protects businesses with real-time threat data, threat detection & prevention, continuous cyber security monitoring and security analytics.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

IronClad Encryption (ICE)

IronClad Encryption (ICE)

Ironclad Encryption is Dynamic Encryption. The encryption sequence changes continuously so there is never a correlation between data sent and data received.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.