What does "security" even mean with AI?

You'll need to define things like:

BUSINESS REQUIREMENTS

- What type of output is expected?
- What format should it be?
- What is the use case?

SECURITY REQUIREMENTS

- Who is allowed to see which outputs?
- Under which conditions?

Having these things spelled out is a hard requirement before you can start talking about the risk of a given AI model.

Continuing the build-out of the Artificial Intelligence Risk Scoring System (AIRSS), I tackle these issues - and more - in the latest issue of Deploy Securely.

Check out the written post as well: https://blog.stackaware.com/p/artificial-intelligence-risk-scoring-system-p2

Here is the pURL for the model I mentioned: pkg:generic/gpt-3.5-turbo@0613?ft=80Z1hDhg

AI cyber risk management needs a new paradigm.

Logging CVEs and using CVSS just does not make sense for AI models, and won't cut it going forward.

That's why I launched the Artificial Intelligence Risk Scoring System (AIRSS).

A quantitative approach to measuring cybersecurity risk from artificial intelligence systems, I am building it in public to help refine and improve the approach.

Check out the first post in a series where I lay out my methodology: https://blog.stackaware.com/p/artificial-intelligence-risk-scoring-system-p1

The Cybersecurity and Infrastructure Security Agency (CISA) released a post earlier this year saying the AI engineering community should use something like the existing CVE system for tracking vulnerabilities in AI models.

Unfortunately, this is a pretty bad recommendation.

That's because:

- CVEs already create a lot of noise
- AI systems are non-deterministic
- So things would just get worse

In this episode, I dive into these issues and discuss the way ahead.

Check out the full blog post: https://blog.stackaware.com/p/how-should-we-identify-ai-vulnerabilities

🔐 Think self-hosting your AI models is more secure?

It might be...or not!

In this video, we dig into the topic of AI model security and introduce the concept of "unintended training."

▶️ Key Highlights:

- The myth that self-hosting AI models is necessarily better for security
- Decision factors when choosing between SaaS vs. IaaS
- Defining "Unintentional Training" and its implications

Read more about unintended training and AI Security: 
https://blog.stackaware.com/p/unintended-training

And for a deep dive on the security benefits of SaaS, check out this post:
https://blog.stackaware.com/p/declaring-a-truce-on-saas-security

Hit that subscribe button for more cutting-edge AI security insights! ✅

It's a tougher challenge than many security folks talk about.

Who should have the final say about whether to accept, mitigate, transfer, or avoid risk?

- Cybersecurity?
- Compliance?
- Legal?

The answer:

None of them.

Check out this episode of Deploy Securely to learn who should.

Or read the original blog post here: https://blog.stackaware.com/p/who-should-make-cyber-risk-management