Secure cloud fabric: Enhancing data management and AI development for the federal government

Government Safe AI content creation

Secure and Compliant AI for Governments

Put more bluntly, the algorithms that cause AI systems to work so well are imperfect, and their systematic limitations create opportunities for adversaries to attack. Just as the FUSAG could expertly devise what patterns needed to be painted on the inflatable balloons to fool the Germans, with a type of AI attack called an “input attack,” adversaries can craft patterns of changes to a target that will fool the AI system into making a mistake. This attack is possible because when patterns in the target are inconsistent with the variations seen in the dataset, as is the case when an attacker adds these inconsistent patterns purposely, the system may produce an arbitrary result.

  • This program is modeled on existing compliance programs in other industries, such as PCI compliance for securing payment transactions.66 From a practical standpoint, compliance programs would be implemented by appropriate regulatory bodies for their relevant constituents.
  • We will also discuss some challenges and setbacks critical to deploying AI in government.
  • However, both governments and individuals alike need to remain vigilant and flexible as new threats emerge in this rapidly evolving landscape of governance powered by AI.
  • Powered by AI, LEXI’s unmatched accuracy and cutting-edge features deliver results that rival human captions, at a fraction of the cost.

As we look ahead to 2024, these recommendations become imperative for organizations striving to stay at the forefront of technological advancements, enhance efficiency, and use true data-driven insights to drive success. Adopting AI strategies is not just an option but a necessity for public sector agencies. The Protect AI platform provides Application Security and ML teams the visibility and manageability required to keep your ML systems and AI applications secure from unique AI vulnerabilities. Whether your organization is fine tuning an off-the-shelf Generative AI foundational model, or building custom ML models, our platform empowers your entire organization to embrace a security-first approach to AI. This IDC Perspective discusses the developments in operational AI use cases in federal, state, and local governments.

things you need to know about re:Invent, AWS’s biggest cloud event of the year

Therefore, the push to report the vulnerability is based on the fear that an adversary will either steal or discover the vulnerability as well, and therefore there is a need to patch affected systems before this occurs in order to reduce exposure to the vulnerability. Continuing the EternalBlue example, the NSA is criticized not for using EternalBlue, but rather for failing to report it in order to maintain its usefulness. In the context of an AI system, because the system is already known to be vulnerable but unable to be patched, this tension disappears.

The opportunity cost of not implementing an AI system must also be incorporated into the suitability test equation. The damage that an attack can precipitate should be assessed in terms of the likelihood of an attack and the ramifications of the attack. Entities may wish to conduct “red teaming” exercises and consultations with law enforcement, academics, and think tanks in order to understand what damage may be incurred from a successful attack against an AI system. In traditional cyber weaponization, a tension exists between 1) notifying the system operator to allow for patching, and 2) keeping the vulnerability a secret in order to exploit it. This tension is based on the fact that if one party discovers a vulnerability, it is likely that another, possibly hostile, party will do so as well.

Evaluating the challenges and limitations of conversational AI in the public sector

Additionally, the EO emphasizes prioritizing resources for AI-related education and workforce development through existing programs and collaboration with agencies to build a diverse AI-ready workforce. The EO directs the following actions to protect individuals from the potential risks of AI systems. Government organizations can either choose to lag behind as the world races towards an AI-powered future, or boldly lead the charge.

What is AI in governance?

AI governance is the ability to direct, manage and monitor the AI activities of an organization. This practice includes processes that trace and document the origin of data, models and associated metadata and pipelines for audits.

This will hold particularly true for the many AI applications that use open APIs to allow customers to utilize the models. Attackers can use this window into the system to craft attacks, replacing the need for more intrusive actions such as stealing a dataset or recreating a model. In this setting, it can be difficult to tell if an interaction with the system is a valid use of the system or probing behavior being used to formulate an attack.

These tests should weigh the application’s vulnerability to attack, the consequence of an attack, and the availability of alternative non-AI-based methods that can be used in place of AI systems. This program is modeled on existing compliance programs in other industries, such as PCI compliance for securing payment transactions.66 From a practical standpoint, compliance programs would be implemented by appropriate regulatory bodies for their relevant constituents. Second, developing offensive AI attack capabilities would build important institutional knowledge within the U.S. military that could then be used to harden its own systems against attack. All successful work in developing offensive capabilities would double as an important case study in ineffective preventative techniques, and could be used to stress test or “red team” U.S. This experience will be essential in preparing for the next potential conflict given that the U.S. is unlikely to gain battlefield experience with AI attacks, both on the receiving and transmitting end, until it is already in a military conflict with an advanced adversary. In order to be prepared at this first encounter, it is important that the U.S., after crafting successful attacks against adversaries, turn these same techniques against itself to test its own resiliency to this new form of weapon.

Secure and Compliant AI for Governments

Both of these enabling factors will be applied to make crafting AI attacks easier and accessible. Tools have already been created to craft AI attacks,64 and it would be a weekend project to turn them into a single click operation and package them for widespread use. For input attacks, tools will allow an adversary to load a stolen dataset into an app and quickly spit out custom crafted input attacks. Easy access to computing power means this app could run on the attacker’s own computer, or could plug into cloud-based platforms.65  For the integrity and confidentiality attacks that are likely to accompany some model poisoning attacks, a number of existing cyberattacks could be co-opted for this purpose. As a result, an environment of feasibility may easily develop around AI attacks, as it has developed around Deepfakes and other cyberattacks. Because information in the dataset is distilled into the AI system, any problems in the dataset will be inherited by the model trained with it.

(e)  To improve transparency for agencies’ use of AI, the Director of OMB shall, on an annual basis, issue instructions to agencies for the collection, reporting, and publication of agency AI use cases, 7225(a) of the Advancing American AI Act. Through these instructions, the Director shall, as appropriate, expand agencies’ reporting on how they are managing risks from their AI use cases and update or replace the guidance originally established in section 5 of Executive Order 13960. (c)  To foster a diverse AI-ready workforce, the Director of NSF shall prioritize available resources to support AI-related education and AI-related workforce development through existing programs.

Pennsylvanians, your government workers are now powered by ChatGPT – The Register

Pennsylvanians, your government workers are now powered by ChatGPT.

Posted: Thu, 11 Jan 2024 02:11:00 GMT [source]

Read more about Secure and Compliant AI for Governments here.

What is the future of AI in security and defense?

With the capacity to analyze vast amounts of data in real-time, AI algorithms can pick up on anomalies and patterns the human eye could easily overlook. This swift detection enables organizations to neutralize threats before they escalate, making AI an invaluable tool in the arsenal of security experts.

What is AI in governance?

AI governance is the ability to direct, manage and monitor the AI activities of an organization. This practice includes processes that trace and document the origin of data, models and associated metadata and pipelines for audits.

What are the trustworthy AI regulations?

The new AI regulation emphasizes a relevant aspect for building trustworthy AI models with reliable outcomes: Data and Data Governance. This provision defines the elements and characteristics to be considered for achieving high-quality data when creating your training and testing sets.

Vous pouvez également lire