Securing AI: A Blend Of Old And New Security Practices

Dor Sarig

and

April 23, 2024

min read

Securing AI: A Blend of Old and New Security Practices

If you're fascinated by the rapid growth of AI, you must be equally concerned about its security implications. A recent research from Google Cloud decodes the complex arena of securing AI.

🛠️ The Secure AI Framework (SAIF)

Google introduced SAIF as a conceptual framework to guide how to secure AI systems. The advice is simple yet crucial: adapt your existing security protocols where they work, and innovate where new threats emerge.

🔄 Similarities with Traditional Systems

1️. Common Threats: Both systems need protection against unauthorized access, data modification, and other threats.
2. Vulnerabilities: Issues like input injection and overflows are common to both.
3️. Data Protection: Both systems deal with sensitive data that needs to be secured.
4️. Supply Chain Attacks: These remain a significant concern for both AI and non-AI systems.

🔀 Differences from Traditional Systems

1️. Complexity: AI systems are multi-component and hence harder to secure.
2️. Data-Driven: Vulnerability can stem from the data used to train AI.
3️. Adaptive: AI systems can learn and adapt, changing the security calculus.
4️. Interconnectedness: The web of connections for AI systems can open new avenues for attacks.

‍

FAQs

What is Google's Secure AI Framework (SAIF) and what problem does it solve?

Google's Secure AI Framework (SAIF) is a conceptual framework designed to guide organizations in securing AI systems. Its core principle is pragmatic: adapt existing security protocols where they remain effective, and develop new approaches where AI-specific threats require innovation. It bridges traditional security practices with the novel demands of AI deployments.

How are AI security threats similar to traditional software security threats?

AI systems share several threat vectors with traditional software, including risks from unauthorized access, data modification, input injection, and buffer overflows. Supply chain attacks remain a significant concern for both. Sensitive data protection requirements are also common across AI and non-AI systems, meaning many existing security controls still apply.

Why is securing AI systems fundamentally harder than securing traditional software?

AI systems introduce four compounding challenges absent in traditional software: they are multi-component architectures that increase attack surface complexity, their vulnerabilities can originate in training data rather than just code, they adapt and learn over time which changes the security calculus, and their dense interconnections create new attack pathways that static systems do not expose.

How can training data create security vulnerabilities in AI systems?

Unlike traditional software where vulnerabilities live primarily in code, AI systems are data-driven, meaning the data used to train a model can itself become a source of vulnerability. Poisoned, manipulated, or improperly governed training data can compromise model behavior, making data integrity a first-class security concern throughout the AI development lifecycle.

Why does the adaptive nature of AI systems change how security teams need to approach threat modeling?

Because AI systems can learn and adapt over time, their behavior and risk profile are not static. A model that appears secure at deployment may evolve in ways that introduce new exposures, requiring continuous monitoring rather than point-in-time assessments. This fundamentally shifts threat modeling from a development-phase activity to an ongoing operational discipline.