What is “AI security”?
Systematic management of risks to ensure AI systems are robust, reliable, and resilient against threats
What is the acronym to remember the 8 protocols and practices for an AI security program?
STDDDAMP
What are the 8 protocols/practices for an AI security program?
- Societal adaptation
- Trust but verify
- Design AUP
- Designate AI lead
- Develop set of AI ethics
- Adapt cyber program
- Mandate audits and traceability
- Perform a cost analysis
What is the idea behind “trust but verify”?
Outputs must be constantly validated
What are 3 prominent models for AI ethics?
- UNESCO, Recommendation on the Ethics of AI
- IBM, “What are AI Ethics?”
- U.S. Department of Defense
What are 8 categories of AI metrics?
- Accountability
- Fairness
- Human well-being
- Performance
- Privacy and data governance
- Robustness and digital security
- Safety
- Transparency and explainability
What is the mnemonic device to remember the 8 categories of AI metrics?
FASTHRPP
As a metric, what does accountability mean?
- Obligation to ensure systems operate in ethical, fair, transparent, and compliant manner
- Ensures outputs traceable to responsible party
As a metric, what does fairness mean?
2
Systems should be designed to:
- Avoid bias
- Ensure equitable outcomes
As a metric, what does well-being mean?
Enhance human flourishing while respecting human rights and fundamental freedoms
As a metric, what does performance mean?
Achieve intended purpose effectively and efficiently
As a metric, what does privacy and data governance mean?
Respect privacy rights and ensure secure and ethical management of data
As a metric, what does robustness and digital security mean?
Resilient and secure against adversarial threats and errors
As a metric, what does safety mean?
Minimize risk to people, property, and the environment
As a metric, what does transparency and explainability mean?
Rationale behind outputs should be understandable and accessible
What are 5 AI security use cases?
- Log analysis
- APT malware detection
- Behaviorial AI
- Threat intelligence
- Phishing detection
What actions does AI-enabled log analysis take?
2
- Capture and pair errors with knowledge base
- Create new error and suggest solution
What is an APT?
2
- Sophisticated, targeted long-term cyber attack
- Long-term unauthorized access without detection
How does APT malware detection work?
- Performs probabilistic inference on unknown PowerShell commands
- Implicitly learns nonlinear combinations/patterns
What does Behavioral AI focus on?
Human behavior to detect anomalies/threats
How does AI-enabled threat intelligence work?
2
- Existing tools + GenAI
- Provides insights on new patterns, detection
-
Domain 1 Part A: Stakeholder Considerations48
-
Domain 1 Part B: AI-Related Strategies41
-
Domain 1 Part C: AI Asset and Data Life Cycle Management69
-
Domain 1 Part D: AI Security Program Development and Management21
-
Domain 1 Part E: Business Continuity and Incident Response31
-
Domain 2 Part A: AI Risk Assessment Frameworks65
-
Domain 2 Part B: Threat and Vulnerability Management26
-
Domain 2 Part C: AI Vendor and Supply Chain Management40
-
Domain 3 Part A: Security Architecture and Design104
-
Domain 3 Part B: AI Life Cycle20
-
Domain 3 Part C: Data Management Controls5
-
Domain 3 Part D: Privacy, Ethical, Trust, and Safety Controls18
-
Domain 3 Part E: Security Controls and Monitoring42
