In July 2022, the Center for Security and Emerging Technology (CSET) at Georgetown University and the Program on Geopolitics, Technology, and Governance at the Stanford Cyber Policy Center convened a workshop of experts to examine the relationship between vulnerabilities in artificial intelligence systems and more traditional types of software vulnerabilities. Topics discussed included the extent to which AI vulnerabilities can be handled under standard cybersecurity processes, the barriers currently preventing the accurate sharing of information about AI vulnerabilities, legal issues associated with adversarial attacks on AI systems, and potential areas where government support could improve AI vulnerability
management and mitigation.
Attendees at the workshop included industry representatives in both cybersecurity and AI red-teaming roles; academics with experience conducting adversarial machine learning research; legal specialists in cybersecurity regulation, AI liability, and computer-related criminal law; and government representatives with significant AI oversight responsibilities.
This report is meant to accomplish two things. First, it provides a high-level discussion of AI vulnerabilities, including the ways in which they are disanalogous to other types of vulnerabilities, and the current state of affairs regarding information sharing and legal oversight of AI vulnerabilities. Second, it attempts to articulate broad recommendations as endorsed by the majority of participants at the workshop. These recommendations, categorized under four high-level topics, are as follows:
- Topic: Extending Traditional Cybersecurity for AI Vulnerabilities
1.1. Recommendation: Organizations building or deploying AI models should use a risk management framework that addresses security throughout the AI system life cycle.
1.2. Recommendation: Adversarial machine learning researchers, cybersecurity practitioners, and AI organizations should actively experiment with extending existing cybersecurity processes to cover AI
1.3. Recommendation: Researchers and practitioners in the field of adversarial machine learning should consult with those addressing AI bias and robustness, as well as other communities with relevant expertise.
- Topic: Improving Information Sharing and Organizational Security Mindsets
2.1. Recommendation: Organizations that deploy AI systems should pursue information sharing arrangements to foster an understanding of the threat.
2.2. Recommendation: AI deployers should emphasize building a culture of security that is embedded in AI development at every stage of the product life cycle.
2.3. Recommendation: Developers and deployers of high-risk AI systems must prioritize transparency.
- Topic: Clarifying the Legal Status of AI Vulnerabilities
3.1. Recommendation: U.S. government agencies with authority over cybersecurity should clarify how AI-based security concerns fit into their regulatory structure.
3.2. Recommendation: There is no need at this time to amend anti-hacking laws to specifically address attacking AI systems.
- Topic: Supporting Effective Research to Improve AI Security
4.1. Recommendation: Adversarial machine learning researchers and cybersecurity practitioners should seek to collaborate more closely than they have in the past.
4.2. Recommendation: Public efforts to promote AI research should more heavily emphasize AI security, including through funding open-source tooling that can promote more secure AI development.
4.3. Recommendation: Government policymakers should move beyond standards-writing toward providing test beds or enabling audits for assessing the security of AI models.