Yesterday, the NSA’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet (CSI) Deploying AI Systems Securely in collaboration with CISA, the FBI, and international partners from Australia, Canada, New Zealand, and the United Kingdom.
Deploying AI systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). The joint CSI guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to:
- Improve the confidentiality, integrity, and availability of AI systems.
- Ensure there are appropriate mitigations for known vulnerabilities in AI systems.
- Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.
CISA encourages organizations deploying and operating externally developed AI systems to review and apply this guidance as applicable. For more CISA information and guidance on securing AI systems, see cisa.gov/ai.
Previously published joint guidance from CISA: