Google, as one of the world’s leading technology companies and a pioneer in artificial intelligence, has developed the Secure AI Framework (SAIF) to address the growing security challenges associated with AI systems. Official information is available here.
AI is advancing rapidly, and it’s important that effective risk management strategies evolve along with it. To help achieve this evolution, we’re introducing the Secure AI Framework (SAIF), a conceptual framework for secure AI systems. SAIF has six core elements:
Expand strong security foundations to the AI ecosystem Leverage secure-by-default infrastructure protections and expertise built over the last two decades to protect AI systems, applications and users. At the same time, develop organizational expertise to keep pace with advances in AI and sta to scale and adapt infrastructure protections in the context of AI and evolving threat models. For example, injection techniques like SQL injection have existed for some time, and organizations can adapt mitigations, such as input sanitization and limiting, to help be er defend against prompt injection style attacks.
Extend detection and response to bring AI into an organization’s threat universe. Detect and respond to AI-related cyber incidents in time by extending threat intelligence and other capabilities. For organizations, this includes monitoring inputs and outputs of generative AI systems to detect anomalies, and using threat intelligence to anticipate attacks. This e o typically requires collaboration with trust and safety, threat intelligence, and counter abuse teams.
Automate defenses to keep pace with existing and new threats Harness the latest AI innovations to improve the scale and speed of response e o s to security incidents. Adversaries will likely use AI to scale their impact, so it is important to use AI and its current and emerging capabilities to stay nimble and cost effective in protecting against them
Harmonize platform level controls to ensure consistent security across the organization Align control frameworks to support AI risk mitigation and scale protections across different platforms and tools to ensure that the best protections are available to all AI applications in a scalable and cost efficient manner. At Google, this includes extending secure-by-default protections to AI pla orms like Ve ex AI and Security AI Workbench, and building controls and protections into the so ware development lifecycle. Capabilities that address general use cases, like Perspective API, can help the entire organization benefit from state of a protections.
Adapt controls to adjust mitigations and create faster feedback loops for AI deployment Constantly test implementations through continuous learning and evolve detection and protections to address the changing threat environment. This includes techniques like reinforcement learning based on incidents and user feedback, and involves steps such as updating training data sets, ne-tuning models to respond strategically to a acks, and allowing the so ware that is used to build models to embed fu her security in context (e.g. detecting anomalous behavior). Organizations can also conduct regular Red Team exercises to improve safety assurance for AI-powered products and capabilities.
Contextualize AI system risks in surrounding business processes Conduct end-to-end risk assessments related to how organizations will deploy AI. This includes an assessment of the end-to-end business risk, such as data lineage, validation and operational behavior monitoring for certain types of applications. In addition, organizations should construct automated checks to validate AI performance
