BackSecure your infrastructure

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Secure your infrastructure

UK_NCSC (2023)|LLM classified

Mitigation Taxonomy

2Organisation

2.3Operations & Security

2.3.2Access & Security Controls

User vetting, access restrictions, encryption, and infrastructure security for deployed systems.

Also in Operations & Security

2.3.1 Deployment Management2.3.3 Monitoring & Logging2.3.4 Incident Response

Definitionp. 14

You apply good infrastructure security principles to the infrastructure used in every part of your system’s life cycle. You apply appropriate access controls to your APIs, models and data, and to their training and processing pipelines, in research and development as well as deployment. This includes appropriate segregation of environments holding sensitive code or data.

Additional Informationp. 14

This will also help mitigate standard cyber security attacks which aim to steal a model or harm its performance.

LLM Classification Details

Reasoning

Organization establishes access controls, encryption, and infrastructure security across development and deployment environments.

Code: 2.3.2Version: v0.5Classified: Jan 22, 2026

Part of

Secure deployment

This section contains guidelines that apply to the deployment stage of the AI system development life cycle, including protecting infrastructure and models from compromise, threat or loss, developing incident management processes, and responsible release.

Other mitigations from UK_NCSC (2023) (20)

Secure design

This section contains guidelines that apply to the design stage of the AI system development life cycle. It covers understanding risks and threat modelling, as well as specific topics and trade-offs to consider on system and model design.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Raise staff awareness of threats and risks

System owners and senior leaders understand threats to secure AI and their mitigations. Your data scientists and developers maintain an awareness of relevant security threats and failure modes and help risk owners to make informed decisions. You provide users with guidance on the unique security risks facing AI systems (for example, as part of standard InfoSec training) and train developers in secure coding techniques and secure and responsible AI practices.

2.4.4 Training & Awareness

Lifecycle:Plan and DesignActor:DeployerAIRM:Govern

Secure design > Model the threats to your system

As part of your risk management process, you apply a holistic process to assess the threats to your system, which includes understanding the potential impacts to the system, users, organisations, and wider society if an AI component is compromised or behaves unexpectedly. This process involves assessing the impact of AI-specific threats and documenting your decision making.

2.2.1 Risk Assessment

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Design your system for security as well as functionality and performance

You are confident that the task at hand is most appropriately addressed using AI. Having determined this, you assess the appropriateness of your AI-specific design choices. You consider your threat model and associated security mitigations alongside functionality, user experience, deployment environment, performance, assurance, oversight, ethical and legal requirements, among other considerations.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Consider security benefits and trade-offs when selecting your AI model

Your choice of AI model will involve balancing a range of requirements. This includes choice of model architecture, configuration, training data, training algorithm and hyperparameters. Your decisions are informed by your threat model, and are regularly reassessed as AI security research advances and understanding of the threat evolves.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure development

This section contains guidelines that apply to the development stage of the AI system development lifecycle, including supply chain security, documentation, and asset and technical debt management.

2.4.3 Development Workflows

Lifecycle:Build and Use ModelActor:DeployerAIRM:Manage

View all 20 mitigations from this source →

Source Document

Guidelines for secure AI development

UK National Cyber Security Centre (NCSC); US Cybersecurity and Infrastructure Security Agency (CISA); National Security Agency (NSA); Federal Bureau of Investigation (FBI); Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) (2023)

This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.

View source

Classification

AI Lifecycle Stage

Deploy

Releasing the AI system into a production environment

Responsible Actor

Deployer

Entity that integrates and deploys the AI system for end users

Developer

NIST AI RMF Function

Manage

Prioritising, responding to, and mitigating AI risks

Risk Domains

Primary

2.2 AI system security vulnerabilities and attacks

Other

2.1 Compromise of privacy by leaking or correctly inferring sensitive information