UK Releases Code of Practice for Securing AI

By

See the 13 general principles aimed at developers, operators, and organizations.

The UK government has developed a voluntary Code of Practice aimed at addressing AI cybersecurity risks.

This Code of Practice applies to developers, system operators, and organizations that create, deploy, or manage AI systems. And, according to the announcement, it “equips organizations with the tools they need to thrive in the age of AI. From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products.”

Specifically, the Code sets out 13 cybersecurity principles encompassing the software development lifecycle – secure design, secure development, secure deployment, secure maintenance, and secure end of life. The general principles are:

  1. Raise awareness of AI security threats and risks.
  2. Design your AI system for security as well as functionality and performance.
  3. Evaluate the threats and manage the risks to your AI system.
  4. Enable human responsibility for AI systems.
  5. Identify, track and protect your assets.
  6. Secure your infrastructure.
  7. Secure your supply chain.
  8. Document your data, models and prompts.
  9. Conduct appropriate testing and evaluation.
  10. Communication and processes associated with end-users and affected entities.
  11. Maintain regular security updates, patches and mitigations.
  12. Monitor your system’s behavior.
  13. Ensure proper data and model disposal.

See the announcement for details.
 
 

 
 
 

02/17/2025
Artificial Inte... , cybersecurity , hacking

Related content

  • Photo by Félix Prado on Unsplash
    Build a secure development and production pipeline
    We investigate best practices to secure CI/CD pipelines with DevSecOps.
    more »
  • NSA Offers Best Practices for OSS in Operational Technology
    more »
  • Lead Image © Vlad Kochelaevskiy, 123RF.com
    Machine learning and security
    Machine learning can address risks and help defend the IT infrastructure by strengthening and simplifying cybersecurity.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • News for Admins
    In the news: Red Hat Announces Ansible Lightspeed with IBM watsonx Code Assistant; Dell APEX Cloud Platform for Red Hat OpenShift Announced; NSA Offers Best Practices for OSS in Operational Technology Environments; Civil Infrastructure Platform Adds New Super-Long-Term Linux Kernel; HTTP/2 Protocol Exploited in Largest DDoS Attack Ever; Docker Announces Three New Products for Secure App Delivery; CloudBees Updates Jenkins and Offers New DevSecOps Platform; Linkerd 2.14 Released with Improved Multi-Cluster Support; NIST Releases Draft of Cybersecurity Framework v2.0; CISA and MITRE Announce Open Source Caldera for OT
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=