The State of AI Security in mid 2023
The human race has gone far beyond what other known life forms have achieved so far — our ability to retain information, iterate and create when faced with adversities are some of the reasons why.
A great and iconic Hollywood representation of it masterfully executed y Kubrick’s “2001: A space odyssey” in which a primate has the “idea” of creating a tool out of bones.
Such a powerful narrative of how important the connection of: 1. Intelligence and 2. Tools is to the known history of the universe humans live in.
And AI has been a game changer tool in the hands of our (somewhat still) intelligent race.
And since I talk Cloud and Security — Let’s look at Security + AI in this article.
Artificial Intelligence
If we consider AI as a way to artificially calculate something and then draw conclusions — we could even say that the “Antikythera” mechanism by Archimedes, from ancient Greece could fit the description — according to some news’ outlets:
This is the most sophisticated example we have of ancient Greek technology. This is the pinnacle. We know of nothing else as complex as this. There’s nothing even close.
The mechanism was held in a wooden case, a bit like a clock that might go on the mantelpiece. Inside, it was made of bronze gear wheels, and there was a big dial on the front. Instead of telling you the time, it showed you the motions of the sun, the moon and the planets in the sky.
But from a much more recent example —the father of modern AI, Alan Turing is responsible for stating civilization would soon think of machines as able to think, and that was more than 70 years ago. This Stanford article has the quote:
“I believe that at the end of the century the use of words and general educated opinion will have altered so much that one will be able to speak of machines thinking without expecting to be contradicted.”
I will skip through the definitions and history of AI for the sake of the main goal of the article…
Very Loosely summarizing the evolution of mainstream AI breakthroughs, we can get to this — Naturally We haven’t reached AGI yet and no one knows when/how that will happen, but still:
As we all know very well security is always an afterthought to innovation.
If you’re a little older like me, you’ll remember how the adoption and mandatory use of seating belts for vehicles many years after the invention was, and consumer adoption of vehicles. Safety wasn’t top of mind then.
Lately, we have seen lots of media examples of entrepreneurs who dismiss Security and safety over their profit-focused ideas. The imploded sub is an infamous example. Looking at every industry, we’ll be able to find examples of similar situations, think of recent reports of unsafety of sweeteners that may cause cancer, for example.
Matter of the fact is AI models have reached their current state without proper controls. And the cybersecurity community has been trying to catch up — and has been acting as fast as it can, thankfully.
Security concerns in AI
Trying to categorize all risks to systems, is an art — threat modelling is its nickname.
The complexity with “Security in AI” though, is that the field is very extensive, and thus listing out all security risks with every kind of “AI” type in a blog post is impossible.
Some very popular coming of age AI systems are largely based on what is called Large Language Models (LLMs), and they are the focus on most research I see online. But there are many other “types of AI” that could lead to their own threat models. For example:
- Machine Learning
- Natural Language Processing
- Speech
- Vision
Some of these rely on ML and NPL to interact with users, so the task is very complex.
There are a few ways to tackle the theme — In this article, I’m looking at:
- Some AI threat models, and
- Some proposed regulations and frameworks.
Threat models
AI Attack Surface Map
As the field develops and increases in size and scope, some professionals proposing their own views on it — for example, Daniel Miessler from unsupervised Learning has create the AI attack Surface Map, V1.0:
As you can see, this map lists out multiple solutions above, (LLMs, NPL, potentially Speech/vision recognition) and some threats are listed.
We could go much further though.
MITRE ATLAS
One of the leading organizations in Threat hunting frameworks, MITRE, has their own proposed version for identifying attacks to AI, more specifically to Machine Learning. They call it ATLAS.
They define it as such (source):
“MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems), is a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research. ATLAS is modeled after the MITRE ATT&CK® framework and its tactics and techniques are complementary to those in ATT&CK.”
The proposed model includes an 8-point evaluation of threats to ML models. This is a great look into security concerns IMO. I will not get into the details of the model in this article.
Regulations and Frameworks
The EU AI Act
The EU has been working on an “AI Act” to regulate different kinds of AI-based applications since at least 2021. They developed a regulatory framework based on the associated risk to the user.
An official document from them describes the framework, here’s the source.
In this framework there are 4 risk levels: Unacceptable, High, Limited and Minimal Risk.
For all the details on the risk descriptions, head out to the official page, link above.
This is how EU described the future of the AI Act:
“Following the Commission’s proposal in April 2021, the regulation could enter into force late 2022/early 2023 in a transitional period. In this period, standards would be mandated and developed, and the governance structures set up would be operational. The second half of 2024 is the earliest time the regulation could become applicable to operators with the standards ready and the first conformity assessments carried out.”
US-based Regulation?
The US hasn’t acted yet, unsurprisingly, I’d say. According to some news outlets’ reports, such as MSN:
“But while Congress kicks around how (or if) it can regulate the rapidly developing technology at the national level, AI companies are already facing a crackdown on multiple fronts that could shape guardrails with no action from Capitol Hill.”
Their own regulatory bodies are starting to question whether OpenAI’s product has violated consumer protection or data privacy laws — but what rules are they referring to? That’s tricky to argue.
“Then this week, the Federal Trade Commission (FTC) became the first to go on the record with an official move, opening a probe into OpenAI over whether its products have violated consumer protection or data privacy laws and threatening to fine the company.”
<
Google’s Secure AI Framework
In June 2023, Google announced their Secure AI Framework (SAIF).
According to them:
“SAIF is inspired by the security best practices — like reviewing, testing and controlling the supply chain — that we’ve applied to software development, while incorporating our understanding of security mega-trends and risks specific to AI systems.
A framework across the public and private sectors is essential for making sure that responsible actors safeguard the technology that supports AI advancements, so that when AI models are implemented, they’re secure-by-default. Today marks an important first step.”
Find the PDF with it here: Google Secure AI Framework Summary
Future
The way I see these — currently, it seems we have segregate domains trying to connect to AI Security.
I believe a holistic approach is generally needed for a better — secure state.
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Consider subscribing to Medium (here) to access more content that will empower you!
Thank you for reading and leave your thoughts/comments!
References
Scattered throughout the document.
How do we best govern AI? — Microsoft On the Issues
AI Risk Management Framework | NIST
mitre/advmlthreatmatrix: Adversarial Threat Matrix (github.com)