Artificial intelligence (AI) systems are becoming increasingly prevalent in our lives, from autonomous vehicles to facial recognition software. As such, it is essential that these systems remain secure and private. To ensure this, there are a number of steps that can be taken. First and foremost, only the data necessary to create AI should be collected, and it should be kept secure and only for as long as necessary to achieve the purpose.
Companies should also use good data sets and employ secure development approaches such as DevSecOps. Secure libraries and languages such as Rust are ideal for this purpose. The development process should also include automated, broad-spectrum security tests in the set of functional tests that are executed in each update. This should include static code scanning, dynamic vulnerability scanning, and scripted attacks.
It is important to remember that AI systems can be attacked. Unlike traditional cyberattacks, which are caused by errors or human errors in the code, AI attacks are made possible by the inherent limitations of the underlying AI algorithms that currently cannot be corrected. In addition, AI attacks fundamentally expand the set of entities that can be used to execute cyber attacks. Data can also be weaponized in new ways through these attacks, requiring changes in the way data is collected, stored and used.
To protect against AI attacks, “AI security compliance” programs have been proposed. These programs would reduce the risk of attacks on AI systems and reduce the impact of successful attacks by encouraging stakeholders to adopt a set of best practices such as considering the risks and surfaces of attacks when implementing AI systems, adopting IT reforms to make it difficult to execute attacks, and creating attack response plans. Regulators must enforce compliance with government and high-risk uses of AI. In the private sector, regulators should make compliance mandatory for high-risk uses of AI where attacks could have serious social consequences, and optional for lower-risk uses in order to avoid disrupting innovation. Finally, it is important to remember that not all AI attacks are necessarily “bad”. As autocratic regimes turn to AI as a tool to monitor and control their populations, AI “attacks” can be used as a measure of protection against government oppression. In conclusion, it is essential that steps are taken to ensure that AI systems remain secure and private.
This includes collecting only the data necessary for creating AI, employing secure development approaches such as DevSecOps, including automated security tests in the development process, enforcing compliance with government and high-risk uses of AI, and remembering that not all AI attacks are necessarily “bad”.