The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) have joined the National Security Agency’s (NSA) Artificial Intelligence Security Centre (AISC), the Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI), and the following international partners in releasing cyber security guidance on deploying artificial intelligence (AI) systems securely:
- Australian Cyber Security Centre (ACSC)
- New Zealand National Cyber Security Centre (NCSC-NZ)
- United Kingdom (UK) National Cyber Security Centre (NCSC-UK)
AI systems are highly valuable targets for malicious cyber actors. State actors in particular may seek to co-opt AI systems to steal sensitive information to advance their interests.
Deploying AI systems securely requires careful setup and configuration that is adjusted based on the complexity of the AI system, the resources required to secure it, and the infrastructure used. This guidance will help organizations securely deploy and operate AI systems designed and developed by third parties by:
- improving the confidentiality, integrity, and availability of AI systems
- mitigating known vulnerabilities in AI systems
- providing methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services
The security best practices in the guidance are intended to provide technical and governance considerations for:
- hardening machine learning based AI (AI/ML) systems against data theft, exploitation, and disruption
- securing the AI/ML system deployment environment
- validating and protecting the AI system
- ensuring secure AI model deployment
Securing AI/ML systems involves an ongoing process of identifying risks, implementing appropriate mitigations, and monitoring for issues. By taking the steps outlined in this guidance your organization can significantly reduce the potential risks.
Read the joint guidance advisory: