This page is still being polished. If you have thoughts, please share them via the feedback form.
Data on this page is preliminary and may change. Please do not share or cite these figures publicly.
User vetting, access restrictions, encryption, and infrastructure security for deployed systems.
Also in Operations & Security
To ensure the safety of frontier AI, consideration of cyber security, protective security risk management and insider risk mitigation is key. Cyber security, both of models and the systems that deploy them, must be considered from the outset of development to ensure that the benefits of AI can be realised. Cyber security is a key underpinning for the safety, reliability, predictability, ethics and potential regulatory compliance of an AI system. To avoid putting safety or sensitive data at risk, it is important to consider the cyber security of AI systems, as well as models in isolation, and to implement cyber security processes throughout the AI lifecycle, particularly where that component is a foundation for other systems. As AI systems advance, developers must maintain an awareness of possible attacks, identify vulnerabilities and implement mitigations. Failure to do so will risk designing vulnerabilities into future AI models and systems. A Secure by Design approach allows developers to ‘bake in’ security from the outset of design and development. Cyber security must be considered in concert with physical and personnel security. Developing a coherent, holistic, risk based and proportionate security strategy, supported by effective governance structures, is essential. Where the compromise of an AI system could lead to tangible or widespread physical damage, significant loss of business operations, leakage of sensitive or confidential information, reputational damage and/or legal challenge, then it is important that AI security risks are treated as mission critical.
Reasoning
Hardware security mechanisms protect model weights from unauthorized extraction or tampering.
Implement strong cyber security measures and processes (including security evaluations) across their AI systems, including underlying infrastructure and supply chains
2.3 Operations & SecurityUnderstand the assets in their AI system (including training data and model weights) and take appropriate action to protect them
2.3.2 Access & Security ControlsEnsure developers and system owners maintain current understanding of security risk to enable informed risk decisions
2.4.4 Training & AwarenessDevelop incident response, escalation and remediation plans and ensure responders have been trained to assess and address AI-related incidents
2.3.4 Incident ResponsePerform ongoing monitoring of system behaviour so they can observe changes in behaviour and identify potential attacks
2.3.3 Monitoring & LoggingEnable secure use of AI systems by users, by communicating risks and following Secure by Design principles
2.4.2 Design StandardsImplement effective protective security risk management – covering physical, personnel and cyber security disciplines
Together with defined governance and oversight, key steps towards effective protective security risk management include, but are not limited to: Identify assets and systems that are important for the delivery of effective operations, or are of specific organisational value (for example, commercially sensitive information). Categorise and classify assets in order to ensure that the correct level of resource is used in implementing risk mitigations. Identify threats. These may include terrorism or hostile state threats and/or more local and specific threats, and use a range of internal and external resources. Assess risk using recognised processes. Build a protective security risk register to record, in sufficient detail, all the data gathered during this risk management process, ensuring compatibility with existing organisational risk management registers and processes. Develop a protective security strategy for mitigating the risks identified, which reviews protective security measures in relation to a prioritised list of risks. Where mitigations are assessed as inadequate, additional measures could be proposed for approval by the decision maker(s). Produce development & implementation plans. Aim to arrive at a clear, prioritised list of protective security mitigations, which span physical, personnel and cyber security disciplines, and are linked to the technical guidance needed to implement them. Review risk management measures regularly and when required, for example, on a change in threat or change to operational environment, or to assess the suitability of new measures implemented. More detailed description of protective security risk management is provided on the NPSA website.
2.2.1 Risk AssessmentDevelop and implement appropriate personnel security controls to mitigate insider risk
Key steps towards mitigation of insider risk include but are not limited to: Ensure board-level responsibility for protective security with regular engagement with key stakeholders from across the business and a firm understanding of the risks the organisation faces. Ensure stakeholder engagement throughout the business for specialist insight and development and implementation of an insider risk mitigation programme. Apply a suitable level of screening, informed by a role-based risk assessment, to all individuals who are provided access to organisational assets including permanent, temporary and contract workers. Use Role-Based Security Risk Assessment to identify physical, personnel or cyber security measures that need to be applied in order to mitigate insider risk Put in place proportionate policies, clear reporting procedures and escalation guidelines that are accessible, understood and consistently enforced. Provide appropriate security education and training for all workers. Without effective education and training individuals cannot be expected to know what procedures are in place to maintain security. Ensure that a programme of monitoring and review is in place to enable potential security issues, or personal issues that may impact on an employee’s work, to be recognised and dealt with effectively throughout their career Use established, evidence based guidance to fully address personnel security risks, for example, NPSA guidance on Personnel Security.
2.3.2 Access & Security ControlsModel reporting and information sharing
Transparency around frontier AI can help governments to effectively realise the benefits of AI and mitigate AI risks. Transparency can also encourage sharing of best practices across frontier AI organisations, enable users to make well-informed choices about whether and how to use AI systems, and increase public trust, helping to drive AI adoption. Reporting and sharing information where appropriate could ensure that different parties can access the information they need to support effective governance, develop best practice, inform decision-making about the use of AI systems, and build public trust. Some reporting practices- such as model cards- are already used among frontier AI organisations, whereas other practices included here are areas for future consideration. Given the recent rapid pace of progress in AI, the appropriate government and international governance institutions are still being considered and we recognise that limits the ability of frontier AI organisations to share information with governments, even where it would be desirable. Throughout this section ‘relevant government authorities’ is used to indicate a good practice for information sharing with governments while recognising such relevant authorities may still be under development.
3.3.1 Industry CoordinationModel reporting and information sharing > Share model-agonistic information
3.3.1 Industry CoordinationModel reporting and information sharing > Share model-specific information
Sharing information about specific frontier AI models allows external actors to develop a more granular picture of ongoing AI development and potential risks that will need to be addressed.
3.3.1 Industry CoordinationModel reporting and information sharing > Share different information with different parties
99 OtherReporting structure for vulnerabilities
Even after a frontier AI organisation has deployed an AI system, the system may still have unidentified safety and security issues (‘vulnerabilities’). In order to address these vulnerabilities, they must first be identified, and frontier AI organisations should be made aware of them. Establishing a vulnerability management process enables outsiders to identify and report any vulnerabilities. This can help to ensure that safety and security issues are flagged to frontier AI organisations as soon as possible so they are able to address them quickly.
2.3.4 Incident ResponseEstablish a vulnerability management process
This process could have as wide a scope as is necessary and ensure that frontier AI organisations have the ability to respond appropriately to reports of vulnerabilities.
2.3.4 Incident ResponseEmerging processes for frontier AI safety
UK Department for Science, Innovation and Technology (2023)
The UK recognises the enormous opportunities that AI can unlock across our economy and our society. However, without appropriate guardrails, such technologies can pose significant risks. The AI Safety Summit will focus on how best to manage the risks from frontier AI such as misuse, loss of control and societal harms. Frontier AI organisations play an important role in addressing these risks and promoting the safety of the development and deployment of frontier AI. The UK has therefore encouraged frontier AI organisations to publish details on their frontier AI safety policies ahead of the AI Safety Summit hosted by the UK on 1 to 2 November 2023. This will provide transparency regarding how they are putting into practice voluntary AI safety commitments and enable the sharing of safety practices within the AI ecosystem. Transparency of AI systems can increase public trust, which can be a significant driver of AI adoption. This document complements these publications by providing a potential list of frontier AI organisations’ safety policies. These have been gathered after extensive research and will need updating regularly given the emerging nature of this technology. The safety processes are not listed in order of importance but are summarised in themes. The government is not suggesting or mandating any particular combination of policies – merely detailing the current suite available so that others can understand, interpret and compare frontier companies’ safety policies. This document contains the world’s first overview of emerging safety processes focused on frontier AI and is intended to be a useful tool to boost transparency. This conversation is for frontier AI and whilst it is important that safety is applied throughout the AI sector, it is also important that innovation is not stifled, hence why policies must be proportionate and based on capabilities which are the key driver of risk. This document contains processes and associated practices that some frontier AI organisations are already implementing and others that are being considered within academia and broader civil society. It is intended as a guide for readers of frontier AI companies’ AI safety policies to better understand what good policy might look like, though organisations themselves will be best placed to determine their applicability. Through this exercise, the government intends to help inform dialogue on potential appropriate measures for individual organisations to consider at the UK AI Safety Summit.
Other (multiple stages)
Applies across multiple lifecycle stages
Developer
Entity that creates, trains, or modifies the AI system
Manage
Prioritising, responding to, and mitigating AI risks
