Coming Soon: A Supreme Court Ruling on TikTok, China and National Security
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
SPONSORED — Red teaming is everywhere. The offensive security testing method is mentioned a dozen times in the recent artificial intelligence (AI) executive order released by President Joe Biden and accompanying draft guidance for United States’ federal agencies—and it’s a hot topic for global industry leaders and governments alike.
In the European Union, there’s a call to conduct adversarial testing in the interests of greater transparency and reporting. The Canadian government and Australian Signals Directorate were among the first in the world to table AI guidelines and laws. While a landmark collaboration in November 2023 between the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom National Cyber Security Centre (NCSC) released guidelines for secure AI system development aims to address the intersection of AI, cybersecurity and critical infrastructure.
It’s clear that regulators believe efforts to embrace AI could stall if security isn’t properly addressed early on—and for good reason: emulating real-world threat actors, including their tactics and techniques, can identify risks, validate controls and improve the security posture of an AI system or application.
But despite a general consensus that it’s essential to test AI systems, there’s limited clarity around what, how and when such testing should occur. Traditional red teaming—at least in the way the term is understood by security professionals—is not adequate for AI. AI demands a broader set of testing techniques, skill sets and failure considerations.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
Adopt a Holistic Testing Approach
So, what does good look like when it comes to testing the security of generative (Gen) AI systems? Irrespective of the testing methodology and approach used, aligning the testing strategy and scope to a holistic threat model is key. In this way, testers can adopt a threat-informed approach to make sure that Gen AI safety systems and embedded controls, across the entire technology stack, are effective.
Furthermore, testing should include failure considerations across the technology stack, including the specific foundation model, application (user interface or UI), data pipelines, integration points, underlying infrastructure and the orchestration layer. Using this approach, testing for Gen AI not only involves prompt injection and data poisoning attacks but considers the specific implementation context of a given AI system.
Based on our experience, we have identified three primary ways for organizations to consume or implement Gen AI systems and how to test for the security of them:
Looking To The Future—Security Testing at Scale
Most organizations are familiar with the manual testing approach of red teaming. They may also be applying adversarial testing, which involves systematically probing an AI system to identify points of weakness with the intent of learning how the AI system behaves when provided with malicious, harmful, or benign input.
Less common, however, is the use of continuous testing; after conducting at least one round of manual “point-in-time” testing, adopting a continuous testing approach for Gen AI is needed to monitor for changes in state that could result in the degradation of safety systems or performance over time.
While all of these methods are relevant, testing that takes place on an annual basis at a single point in time is insufficient to cope with the evolving, dynamic nature of Gen AI development pipelines. Instead, we believe organizations need to perform ongoing testing, similar to the security lifecycle approach of DevSecOps, where AI systems are developed and tested in a continuous integrated pipeline; thus, bringing a continuous integration and deployment approach to Gen AI model deployment.
Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?
Tap Into Talent
Policymaking is underway, but it takes time and is unlikely to enable organizations to keep pace with the new techniques necessary for security testing. Organizations should find ways that they can be agile enough to adopt and embrace these emerging techniques—resulting in talent demand changes.
There will be a requirement for different types of skills to undertake comprehensive security testing for Gen AI. For example, traditionally, red teaming may involve offensive security expertise and a wide array of skills in various technologies. But Gen AI security teaming requires a data scientist or AI engineer to join them and share the responsibility—someone who understands not only the business use case but also the model, how it works and how that model could be manipulated or bypassed as well as what the outputs will look like when manipulated or bypassed.
Reinventing Security Testing
Realizing the benefits of Gen AI, with trust and transparency, at speed, is not easy. In our experience, having a tactical execution plan and strategic roadmap to kick-start security testing for your Gen AI journey should prioritize the following actions:
Security testing should never be a one-and-done event. Maintaining a threat-informed approach to validate the efficacy and accuracy of Gen AI safety systems and embedded controls across the technology stack can help to establish a secure digital core that prepares organizations for AI implementation and ongoing innovations.
Addressing failure considerations that extend across the entire attack surface—whether common platforms, models, integration points, data pipelines, orchestration tooling, or underlying infrastructure—is a significant contribution toward the Holy Grail of responsible AI, the security posture of Gen AI systems and applications in an organization.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Related Articles
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
EXPERT INTERVIEW — The race between China and the U.S. for tech supremacy gets fiercer by the day. In the latest salvo, the U.S. this […] More
EXPERT INTERVIEW — The U.S. starts the new year with a daunting set of challenges in the national security space – from global conflicts to terrorism […] More
EXPERT INTERVIEW — The U.S. Treasury Department closed 2024 with the announcement that state-sponsored hackers from China had breached its systems in a “major incident.” The hackers […] More
SPECIAL REPORT — In 2025, technological advances will continue to reshape industries, transform national security strategies, and fuel global competition. Artificial Intelligence (AI) will expand its […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
Search