CISA and the UK National Cyber Security Centre (NCSC) have announced the release of the Guidelines for Secure AI System Development. The document provides essential recommendations for AI system development and emphasizes the importance of adhering to Secure by Design principles.
The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority. The document is aimed primarily at providers of AI systems, whether based on models hosted by an organization or making use of external application programming interfaces. However, the agencies urge all stakeholders—including data scientists, developers, managers, decision-makers, and risk owners—to read this guidance to help them make informed decisions about the design, deployment, and operation of their machine learning AI systems. Read more at CISA.