BackFollow a secure by design approach to updates

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Follow a secure by design approach to updates

UK_NCSC (2023)|LLM classified

Mitigation Taxonomy

2Organisation

2.3Operations & Security

2.3.1Deployment Management

Staged rollout strategies, phased deployment, and tiered access approaches for production systems.

Also in Operations & Security

2.3.2 Access & Security Controls2.3.3 Monitoring & Logging2.3.4 Incident Response

Definitionp. 16

You include automated updates by default in every product and use secure, modular update procedures to distribute them. Your update processes (including testing and evaluation regimes) reflect the fact that changes to data, models or prompts can lead to changes in system behaviour (for example, you treat major updates like new versions). You support users to evaluate and respond to model changes (for example by providing preview access and versioned APIs).

LLM Classification Details

Reasoning

Staged update rollout with preview access and versioned APIs enables phased deployment and user evaluation before full production release.

Code: 2.3.1Version: v0.5Classified: Jan 22, 2026

Part of

Secure operation and maintenance

This section contains guidelines that apply to the secure operation and maintenance stage of the AI system development life cycle. It provides guidelines on actions particularly relevant once a system has been deployed, including logging and monitoring, update management and information sharing.

Other mitigations from UK_NCSC (2023) (20)

Secure design

This section contains guidelines that apply to the design stage of the AI system development life cycle. It covers understanding risks and threat modelling, as well as specific topics and trade-offs to consider on system and model design.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Raise staff awareness of threats and risks

System owners and senior leaders understand threats to secure AI and their mitigations. Your data scientists and developers maintain an awareness of relevant security threats and failure modes and help risk owners to make informed decisions. You provide users with guidance on the unique security risks facing AI systems (for example, as part of standard InfoSec training) and train developers in secure coding techniques and secure and responsible AI practices.

2.4.4 Training & Awareness

Lifecycle:Plan and DesignActor:DeployerAIRM:Govern

Secure design > Model the threats to your system

As part of your risk management process, you apply a holistic process to assess the threats to your system, which includes understanding the potential impacts to the system, users, organisations, and wider society if an AI component is compromised or behaves unexpectedly. This process involves assessing the impact of AI-specific threats and documenting your decision making.

2.2.1 Risk Assessment

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Design your system for security as well as functionality and performance

You are confident that the task at hand is most appropriately addressed using AI. Having determined this, you assess the appropriateness of your AI-specific design choices. You consider your threat model and associated security mitigations alongside functionality, user experience, deployment environment, performance, assurance, oversight, ethical and legal requirements, among other considerations.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure design > Consider security benefits and trade-offs when selecting your AI model

Your choice of AI model will involve balancing a range of requirements. This includes choice of model architecture, configuration, training data, training algorithm and hyperparameters. Your decisions are informed by your threat model, and are regularly reassessed as AI security research advances and understanding of the threat evolves.

2.4.2 Design Standards

Lifecycle:Plan and DesignActor:DeployerAIRM:Map

Secure development

This section contains guidelines that apply to the development stage of the AI system development lifecycle, including supply chain security, documentation, and asset and technical debt management.

2.4.3 Development Workflows

Lifecycle:Build and Use ModelActor:DeployerAIRM:Manage

View all 20 mitigations from this source →

Source Document

Guidelines for secure AI development

UK National Cyber Security Centre (NCSC); US Cybersecurity and Infrastructure Security Agency (CISA); National Security Agency (NSA); Federal Bureau of Investigation (FBI); Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) (2023)

This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.

View source

Classification

AI Lifecycle Stage

Operate and Monitor

Running, maintaining, and monitoring the AI system post-deployment

Responsible Actor

Deployer

Entity that integrates and deploys the AI system for end users

Developer

NIST AI RMF Function

Manage

Prioritising, responding to, and mitigating AI risks

Risk Domains

Primary

2.2 AI system security vulnerabilities and attacks

Other

7.3 Lack of capability or robustness