The UK's National Cyber Security Center (NCSC) has published the first globally accepted “Secure AI Development Guide”.

The Secure Artificial Intelligence System Development Guide prepared by NCSC was created with the contributions of industry experts and the US Cybersecurity and Infrastructure Security Agency (CISA) along with 21 other international institutions and ministries.

A total of 18 countries, including G7 countries, have approved this guide, which will help developers make informed decisions about cybersecurity when creating new AI systems.

CISA and NCSC emphasized that the guidance applies to all AI/ML systems, regardless of whether they are built from scratch or on third-party sources to address issues related to AI, cybersecurity, and critical infrastructure.

The guide covers ways to prevent AI technology from being hijacked by hackers and focuses on recommendations such as releasing models after appropriate security testing.

Divided into four sections, the guide includes:

• Secure Design: Understanding risks and threat models, explaining compromises that need to be considered in system and model design.

• Secure Development: Contains information about supply chain security, documentation, asset and technical debt management.
• Secure Deployment: Includes issues related to protecting the infrastructure and models against danger, threat or loss, developing event management processes, and responsible release.
• Secure Operation and Maintenance: Provides guidelines for actions to be taken after a system is deployed, such as logging, monitoring, update management, and information sharing.

"For the first time we're seeing confirmation that these capabilities shouldn't just be about cool features and how quickly we can bring them to market or how we can compete to reduce costs," Jen Easterly, director of CISA, told Reuters, adding that the guidelines "should be done at the design stage." He said it represented "an agreement that the most important thing needed is security."