Businesses of all kinds have embraced the potential of AI, no matter their size or industry. Yet organizations are just beginning to realize the substantial risks associated with AI implementation.
Forbes reports that AI incidents have increased by 690% from 2017 to 2023, and they’re expected to keep accelerating. These insights, extracted from incidents recorded in the AI Incident Database, are based on publicly disclosed AI incidents that often relate only to larger organizations such as Facebook, Tesla, and OpenAI. The database is a great resource for anyone who wants to familiarize themselves with common and known types of AI incidents, but more known unknowns and unknown unknowns permeate the AI security ecosystem.
By nature, AI is complex, dynamic, and cutting-edge. Successful AI deployments require advanced management of diverse elements, including big data, sophisticated algorithms, and polymorphic real-world applications. Successful AI security needs to navigate highly specialized technical difficulties and a broad threat landscape that is still mostly uncharted territory.
Security risks range from data breaches and adversarial attacks to ethical implications and complex vulnerability management. Beyond models that an organization offers in their production environment, risks can come from any employee of the organization who is a user of AI. For example, while trying to enhance productivity, employees could easily release proprietary data when using ChatGPT if they don’t update the default privacy settings.
To manage these and more risks associated with AI, organizations need a strategic and well-coordinated security approach that extends traditional cybersecurity measures to the unique needs of AI.
SecOps, DevOps, and GRC teams should collaborate to lead the development and implementation of AI security practices. Working together, these teams can establish a strong security posture for your organization while capitalizing on the transformative potential of AI. To achieve this balance, security teams should aim to keep deployment processes agile for data science (DS) teams and support access to existing external AI technologies that all employees can use to improve their productivity.
Let’s look at eight best practices for achieving these objectives:
1. Embrace an agile, cross-functional mindset
Security measures need to adapt to the dynamic nature of AI technologies. That’s why agility should be a core principle when defining your organization’s security processes for AI, which should then be collected within a centralized AI framework.
For most organizations, employees are already using AI technology, and AI use cases have been developed. The first draft of your AI framework needs to be developed fast to ensure a general security foundation for existing AI processes. Following an agile mindset, security teams should then define a priority mechanism that can further specialize the AI framework to your organization’s AI requirements through short iterative update cycles.
In support of this evolving AI framework definition, establish a culture of open communication around AI security from the very beginning. Encouraging dialogue and collaboration ensures that potential risks are identified and mitigated efficiently while providing a way for security teams to communicate and enforce AI security requirements.
Our research shows that AI is rapidly gaining ground in cloud environments, with over 70% of organizations now using managed AI services. At that percentage, the adoption of AI technology rivals the popularity of managed Kubernetes services, which we see in over 80% of organizations!
AI is a complex subject that requires subject-matter expertise. Collaboration with data science teams or other AI specialists is ideal, yet security teams still need to develop a foundational understanding of the AI threat landscape.
A great starting point is the MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework, which defines tactics and techniques threat actors use to compromise AI. Review these generalized threats and select those that are relevant to your organization’s specific AI ecosystem before adapting them as needed.
3. Define the AI security requirements for your organization
Different organizations have different security requirements, and no one-size-fits-all framework exists for AI security.
To fortify your security foundation, it’s imperative to establish comprehensive organization-centric governance policies. These policies should include a spectrum of considerations, ranging from data privacy and asset management to ethical guidelines and compliance standards. Since AI is a discipline driven by open-source contributions, third-party risk management is particularly relevant to ensure security for AI.
To effectively manage AI-related risks, security teams should adopt a proactive stance where protocols are continuously evaluated and adapted. Security controls like ongoing system behavior monitoring, regular penetration testing, and the implementation of resilient incident response plans are indispensable.
By ensuring that AI governance policies are regularly revisited and updated, security teams not only ensure compliance but also enable your organization to stay ahead of emerging and evolving security challenges.
Security can only be achieved for processes that are known and visible.
The first step for security teams seeking comprehensive visibility across all AI applications is to create and maintain an AI bill of materials (AI-BOM). An AI-BOM is an inventory of all components and dependencies within an organization’s AI systemsーwhether in-house, third-party, or open-source.
Before accepting and introducing an AI application in the AI-BOM, it’s a good idea to create a templated AI-model card. The AI-model card clearly and concisely documents all relevant details of the AI model for various stakeholders, including adherence to security requirements.
Also, keep in mind that AI pipelines hosted in-house should be pushable to production only within established CI/CD processes. This production pattern enables the automated integration of security measures while also minimizing manual errors and accelerating the model’s deployment process.
Last but not least, governance processes aimed at visibility should address the risks associated with shadow AI, or the AI that employees are using without the security team’s knowledge. Promoting transparency and accountability across your organization and providing a seamless path to introducing new AI technology are the only ways to safeguard against shadow AI.
As we’ve seen, AI I is a community-driven discipline. Given the requirements for specialized (big) data, organizations often decide to adopt open-source and third-party AI solutions to unlock the business potential of AI applications. Putting these external AI models in production demands a delicate balance between performance and safety, given the limited security controls available for external technologies.
As part of your AI framework, security teams should establish a rigorous vetting process to evaluate any external AI models and vendors against predefined security requirements. External AI solutions to be vetted include frameworks, libraries, model weights, and datasets. At a minimum, your security requirements should encompass data encryption and data handling, access control, and adherence to industry standards, including certifications. Any external AI solution that successfully passes this process is expected to be trustworthy and secure.
By applying the same rigorous standards to all components, security teams can confidently ensure that your entire AI ecosystem adheres to the highest security protocols, mitigating potential risks and fortifying your organization's defense against emerging threats.
6. Implement automated security testing
Unexpected behavior of AI models in production can lead to unwanted consequences, ranging from degraded user experience to brand damage and legal liabilities. While AI models are non-deterministic in nature and impossible to completely control, comprehensive testing can reduce the risks associated with AI (mis-)behaviors.
Regularly scanning AI models and applications with specialized tools allows security teams to proactively identify vulnerabilities. These checks may include classic tests such as scanning for container security and dependencies or fuzz testing, as well as AI-specific scans via tools such as Alibi Detect or the Adversarial Robustness Toolbox. Make sure your teams test AI applications against misconfigurations or configuration mismatches, which could serve as easy entry points for security breaches. Being able to detect attack paths throughout the AI pipelines, from sensitive training data and exposed secrets to identities and network exposures, before they become threats in production is your goal.
Finally, functional testing is also a necessity. To ensure that the core functionalities of the AI applications are safe, or security implications are known and documented, functional testing includes classic unit testing and integration testing as well as AI-specific testing for data validation, model performance, model regression, and ethicality as supported by bias and fairness analysis.
Incorporating AI security testing within your CI/CD pipeline is the key to reliably identifying and addressing vulnerabilities early in the software development life cycle, and regular testing is the only way to maintain a continuous and proactive security posture.
Beyond testing, the dynamic and inherently non-deterministic nature of AI systems requires ongoing vigilance. Focus on continuous monitoring to sustain a secure and reliable AI ecosystem that can successfully address unexpected AI behavior and misuse.
Establish a robust system for monitoring both AI applications and infrastructure to detect anomalies and potential issues in real-time. Real-time monitoring processes track key performance indicators, model outputs, data distribution shifts, model performance fluctuations, and other system behaviors.
By integrating automated alerts and response mechanisms triggered by these real-time threat detection mechanisms, you can promptly identify and respond to security incidents, mitigating risks and minimizing the impact of any adversarial activity.
8. Raise staff awareness of threats and risks
As the AI framework for your organization matures in tandem with advancements in the field of SecOps for AI, security teams need to dedicate time to educating staff about threats and risks so that each individual AI user adheres to basic security guidelines.
First, it’s best practice for security teams to collaborate with data science teams to provide clear and concise security guidelines. The design of these security guidelines should promote experimentation for data science teams as much as possible. This way, you minimize the risk of data science teams neglecting or bypassing security controls to unlock the potential of AI.
After the first security guidelines are in place, you should offer comprehensive training to all employees to equip the entire workforce with the knowledge to use AI safely. Collaborative awareness not only mitigates the risk of involuntary security breaches but also allows employees to directly contribute to the organization's security posture.
The eight best practices presented in this article aim to empower teams to secure existing AI pipelines quickly—and swiftly adopt new AI solutions too. The focus on adaptability and agility is critical for organizations seeking to integrate AI successfully and securely in the evolving landscape of AI and the emerging field of AI security.
To establish this agile standardized security framework, explore solutions that prioritize process enhancement over infrastructure maintenance. As a cloud-native application protection platform with a specialized AI security posture management (AI-SPM) solution, Wiz is a cornerstone of reliable security across IT and AI applications. With extended visibility and streamlined governance, our AI-SPM tool offers built-in support for best-practice AI security management.
Considering an AI-SPM solution? Here are the four most important questions every security organization should be asking itself:
->Does my organization know what AI services and technologies are running in my environment?