top of page

AI security global guidelines published by UK endorsed by 18 countries

The UK has taken a pioneering step by publishing the world’s first global guidelines dedicated to fortifying AI systems against cyberattacks. These groundbreaking guidelines aim to establish a secure foundation for the development and deployment of AI technologies.

Crafted by the UK's National Cyber Security Centre (NCSC) in collaboration with the US’ Cybersecurity and Infrastructure Security Agency (CISA), the guidelines are a product of international cooperation, securing endorsements from 17 countries, including all G7 nations. This wide-reaching endorsement underscores the global commitment to advancing AI security measures in a unified manner.

These guidelines are primarily intended for providers of AI systems that use AI models hosted by an organization or that use external interfaces (APIs).

It is recommended that all stakeholders (data scientists, developers, managers, decision makers and risk owners) read these guidelines so that they can make informed decisions about the design, development, deployment and operation of their AI systems.

The guidelines follow a ‘secure by default’ approach, and are aligned closely to practices defined in the

They prioritise:

  • taking ownership of security outcomes for customers

  • embracing radical transparency and accountability

  • building organisational structure and leadership so secure by design is a top business priority

The guidelines are broken down into four key areas within the AI system development life


  1. secure design,

  2. secure development,

  3. secure deployment,

  4. and secure operation and maintenance.


1. The Importance of Security in AI Systems

In today’s technology-driven world, artificial intelligence (AI) is no longer just a futuristic concept but a practical tool transforming industries from healthcare to finance. As AI systems become more integral to business operations and decision-making processes, their security becomes a paramount concern. The deployment of AI, while offering immense benefits, introduces a set of unique vulnerabilities and potential risks that must be managed to prevent data breaches, unauthorized access, and misuse.

For IT Managers and IT-Security experts, understanding and implementing these security measures is essential. It not only protects the integrity and privacy of data but also safeguards the reputation of the organizations that depend on these AI systems. This article delves into these guidelines, outlining the core principles and actionable steps that can help secure AI systems from design through to deployment and maintenance.

As we explore these guidelines, it's important to remember that security in AI is not just a technical challenge but a strategic imperative that requires a holistic approach encompassing legal, ethical, and operational considerations.


2. Understanding AI Security Challenges

Artificial Intelligence (AI) introduces a set of unique security challenges that differentiate it from traditional cybersecurity. As AI continues to evolve rapidly, these challenges require specialized attention from IT managers and security experts to ensure robust defenses against potential threats.

Rapid Development Cycles:

The pace of AI development also presents significant security challenges. In the race to leverage the latest advancements, security can sometimes become an afterthought. Rapid iterations and deployments can lead to vulnerabilities if thorough security testing is not integrated into each phase of the AI system development lifecycle. This rush can compromise not just the security but also the reliability and trustworthiness of AI applications.

Adversarial Machine Learning (AML):

One of the most notable concerns in AI security is adversarial machine learning (AML). This involves techniques used by attackers to deceive AI systems through manipulated inputs that cause the system to fail in unpredictable ways. AML can undermine the model's integrity by causing it to misclassify data, make incorrect decisions, or leak confidential information. For example, slight, often imperceptible alterations to an image can trick an AI into misidentifying it, which could have serious implications in contexts like security screening or automated driving systems.

Examples of this are Prompt injection attacks in the area of large language models domain (LLM) or the deliberatecorrupting the training data or user feedback, known as “data poisoning”.

Data Security and Privacy Concerns:

AI systems often require large volumes of data, which can include sensitive or personal information. Ensuring the security and privacy of this data is crucial, as breaches can lead to significant privacy violations and reputational damage. Moreover, the AI's ability to infer and reconstruct private data from seemingly innocuous information poses additional risks that must be carefully managed.

Complex Supply Chains:

AI systems frequently rely on complex supply chains that include numerous providers of data, hardware, and software. Each component of the supply chain can introduce security vulnerabilities, making it crucial to manage these risks proactively. IT managers must ensure that all parties adhere to stringent security standards to protect against breaches that could compromise the entire AI ecosystem.

Scalability and Integration Issues:

As AI systems scale, they are often integrated with existing IT infrastructures, which can be diverse and complex. This integration can expose new vulnerabilities, especially if the AI systems interact with less secure parts of the infrastructure or if they require modifications to existing security protocols.

Ethical and Regulatory Compliance:

Finally, the deployment of AI systems must consider ethical and regulatory issues, which often intersect with security. Compliance with data protection laws, ethical standards for AI use, and industry-specific regulations is essential to maintain societal trust and avoid legal repercussions.


3. Core Principles of Secure Development

1. Secure by Design

The concept of 'secure by design' is foundational in the development of AI systems. This principle dictates that security should be integrated into the architecture and design phase of any system, rather than being an afterthought or a layer added post-development. This approach is essential because it aims to prevent security flaws at the source, by considering potential threats and vulnerabilities from the very beginning of the development process.

Why Secure by Design is essential:

In the context of AI, where systems can learn and evolve in unpredictable ways, securing these systems from the outset is not just beneficial but necessary. AI systems often process sensitive data, make autonomous decisions, or operate in security-critical environments. Thus, any vulnerabilities in their design could lead to significant risks, including data breaches, operational disruptions, or misuse of AI capabilities.

How to implement Secure by Design:

Implementing a secure by design philosophy involves several key steps:

  • Threat Modeling: Early in the design process, potential threats and attack vectors are identified and analyzed. This helps in understanding where the system might be vulnerable and what controls are needed.

  • Risk Assessment: Assess the risks associated with each threat. This assessment informs the security measures that are integrated into the system.

  • Security Controls Integration: Integrate appropriate security controls into the design of the system. These controls could include data encryption, robust authentication mechanisms, and secure communication protocols.

  • Privacy by Design: This aspect of secure by design focuses on protecting user data, ensuring that privacy controls are embedded within the architecture of the AI system.

  • Regular Security Reviews: As the design evolves, it’s vital to continuously review and update the security measures to adapt to new threats or changes in the system’s architecture.

2. Secure by Default

As integral as secure by design is, it must be complemented by the principle of 'secure by default'. While secure by design ensures that the system architecture and design are inherently secure, secure by default means that when the system is deployed, its default configurations are the most restrictive and secure settings possible. This approach reduces the risk that comes from misconfigurations or insecure deployments.

Benefits of Secure by Default

  • Minimized Human Error: By providing secure settings out of the box, the chance of configuration errors leading to vulnerabilities is greatly reduced.

  • Enhanced Usability and Security: Users are more likely to operate the system securely when the default settings support robust security practices.

  • Baseline Security Standard: Ensures all implementations of the system meet a minimum standard of security, regardless of user modifications or the specific environment in which it is deployed.

By adopting both 'secure by design' and 'secure by default' principles, organizations can significantly strengthen the security posture of their AI systems throughout their lifecycle. This dual approach ensures that AI systems are not only designed with security in mind but are also deployed in a state that prioritizes security, thereby safeguarding against both foreseeable and unforeseen threats.


4. Detailed Guidelines for Each Development Stage

Implementing security in AI systems requires a comprehensive approach that spans the entire development lifecycle. Each stage comes with its unique challenges and requirements, demanding specific strategies to ensure robust protection. Here's how to address security at each phase:

1. Secure Design:

Balancing Functionality and Security

  • Risk Assessment: Early in the design phase, conduct thorough risk assessments to identify potential security risks associated with the AI system. This involves determining what could go wrong, the likelihood of such events, and their potential impact.

  • Threat Modeling: Develop detailed threat models that map out all possible threats to the AI system, including those from internal and external sources. This process helps in designing a system architecture that can defend against these threats effectively.

  • Security Trade-offs: Balance functionality and security by making informed decisions that do not compromise one for the other. This might mean choosing more robust data protection measures even if they could potentially reduce system performance.

2. Secure Development:

Enhancing Security through Supply Chain and Asset Management:

  • Supply Chain Security: Ensure that every component of the AI system, whether software, hardware, or services, comes from trusted and verified sources. Implement measures to continuously monitor and assess the security posture of these third-party providers.

  • Asset Management: Maintain a comprehensive inventory of all assets associated with the AI system, including data, hardware, and software components. Implement strict access controls and track all usage and changes to these assets to prevent unauthorized access and modifications.

3. Secure Deployment:

Protecting Infrastructure and Ensuring Continuous Monitoring:

  • Infrastructure Security: Deploy AI systems on secure infrastructure with strong perimeter defenses, including firewalls, intrusion detection systems, and anti-malware solutions. Ensure that the infrastructure complies with the latest security standards and practices.

  • Continuous Monitoring: Implement continuous monitoring tools to detect and respond to security incidents in real-time. This includes monitoring the performance and behavior of the AI system to quickly identify anomalies that could indicate a security breach.

4. Secure Operation and Maintenance:

Regular Updates, System Monitoring, and Incident Response:

  • Regular Updates: Keep the AI system up-to-date with the latest security patches and updates. Regularly review and update the security measures to protect against new and evolving threats.

  • System Monitoring: Implement advanced monitoring systems that can track system performance and detect signs of security issues. Use logging and auditing tools to maintain records of system activities, which can be crucial for forensic analysis in case of security incidents.

  • Incident Response: Develop a robust incident response plan tailored to the specific needs and risks of the AI system. This plan should include procedures for quickly containing and mitigating any damage from security breaches, as well as protocols for recovery and post-incident analysis.


5. Practical Steps for Implementation

Implementing the guidelines for secure AI system development involves a series of actionable steps that IT managers can follow to ensure their AI systems are secure from inception through operation. Here’s a structured approach to apply these guidelines within an organization effectively:

1. Establish a Cross-Functional Security Team

  • Team Formation: Create a dedicated team consisting of members from various departments such as IT, security, legal, and compliance. This team will oversee the implementation of security measures across all stages of AI development.

  • Roles and Responsibilities: Clearly define the roles and responsibilities of each team member to ensure coverage of all security aspects.

2. Develop and Standardize Security Protocols

  • Security Policies: Develop comprehensive security policies that outline the standards and practices for secure design, development, deployment, and maintenance of AI systems.

  • Standard Operating Procedures (SOPs): Create SOPs based on these policies. Ensure they are easily accessible and understood by all team members involved in the AI project.

3. Conduct Training and Awareness Programs

  • Security Training: Conduct regular training sessions for all employees involved in the development and maintenance of AI systems. Focus on the importance of security, current threats, and safe practices.

  • Awareness Programs: Implement ongoing awareness programs to keep security at the forefront of every employee’s mind, particularly those who interact with AI systems.

4. Integrate Security into the AI Development Lifecycle

  • Secure Design: Incorporate security considerations during the design phase. Use threat modeling and risk assessments to identify and mitigate potential security risks.

  • Secure Development Practices: Ensure that secure coding practices are followed during the development phase. Use code reviews and security testing to identify and fix vulnerabilities.

  • Secure Deployment: Deploy AI systems in controlled environments. Use automated tools to enforce security configurations and conduct pre-deployment checks.

  • Maintenance and Updates: Regularly update AI systems with the latest security patches and conduct periodic security audits to ensure compliance with security policies.

5. Implement Robust Monitoring and Incident Response

  • Continuous Monitoring: Utilize tools for real-time monitoring of AI systems. Monitor for unusual activities that could indicate a security breach.

  • Incident Response Plan: Develop a detailed incident response plan specific to AI systems. This plan should include immediate actions to contain breaches, mechanisms for damage control, and strategies for recovery and post-incident analysis.

6. Document

  • Documentation: Maintain documentation of all processes, threat models, risk assessments, and incident responses. This documentation is vital for ongoing security evaluations and regulatory compliance.

  • Review and Update Documentation: Regularly review and update all documentation to reflect new threats, technological changes, and organizational shifts.


Commenting has been turned off.
Important Definitions
NIS2 Requirements
ISO 27001 Benefits
Already ISO 27001 certified
bottom of page