Public Consultation on Securing AI Systems

Published on 31 Jul 2024

Artificial Intelligence (AI) offers significant benefits for the economy and society. It will drive efficiency and innovation across various sectors, including commerce, healthcare, transportation, and cybersecurity. To harness these benefits, it is crucial that AI systems behave as intended, and outcomes are safe, secure, and responsible. However, AI systems are vulnerable to adversarial attacks and other cybersecurity risks, potentially leading to data breaches or other harmful outcomes.

AI should be secure by design and secure by default, as with all digital systems. This proactive approach will allow system owners to manage security risks from the outset. The Cyber Security Agency of Singapore (CSA) has developed Guidelines on Securing AI Systems to help system owners secure AI throughout its lifecycle. These guidelines are meant to provide evergreen principles to raise awareness of adversarial attacks and other threats that could compromise AI behavior and system security, and guide system owners on implementation of security controls and best practices to protect AI systems against potential risks, including existing cybersecurity risks such as supply chain attacks, and novel risks such as Adversarial Machine Learning.

To support system owners, CSA is working with AI and cybersecurity practitioners to develop a Companion Guide for Securing AI Systems. This is designed as a community-driven resource to complement the Guidelines for Securing AI Systems, and is not mandatory or prescriptive. It curates practical measures and controls, drawing from industry and academia, as well as advice from resources such as the MITRE ATLAS database and OWASP Top 10 for Machine Learning and Generative AI. We hope this will be a useful reference for system owners in navigating this developing space. 

CSA is seeking public consultation on the Guidelines and the Companion Guide. We invite feedback from international partners, organisations, industry professionals, academia, and the public to ensure these materials are comprehensive, effective and practical. Your input will help maintain these documents as living resources that safeguard AI adoption in Singapore.

 

Please write in to Aisecurity@csa.gov.sg to submit your views and comments.

All submissions must reach CSA by 11.59pm, 15 September 2024.

 


 

Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident