Opinion: Artificial Intelligence Must be Secure by Design

Artificial intelligence systems, like any other kind of software system, must be secure by design, according to a recent Cybersecurity and Infrastructure Security Agency article.

Christine Lai, AI security lead, and Jonathan Spring, senior technical adviser at the agency, say in the article that a product is secure by design when it is built to prevent unauthorized access to devices, data and connected infrastructure by cyber actors.

The authors argue that developers of AI systems must factor in security throughout a product’s lifecycle. Concerning the design and development phase of AI products, security practices and policies used for general software development should be implemented, Lai and Spring say in the article CISA published.

Concerning the operation of AI systems, the authors recommend the application of the risk management framework defined by the National Institute of Standards and Technology, which earlier this year released a framework specifically for AI. The authors’ other recommendations include the implementation of vulnerability identifiers and the use of software bills of materials for AI.

Lai and Spring go on to note that as the use of AI systems increases, so does the importance of their being secure by design, a principle that their agency will continue to espouse.