Cybersecurity authorities publish AI guidelines

Contents
The German Federal Office for Information Security (BSI) has published guidelines that cover the entire life cycle of artificial intelligence. These measures are intended to ensure the security, privacy and effectiveness of AI systems.
Safety as the cornerstone of AI development
The document emphasizes that cybersecurity is a fundamental prerequisite for the security, resilience, privacy, fairness, effectiveness and reliability of AI systems. The guidelines therefore follow a "secure-by-default" approach. They were developed in collaboration with international partner authorities and companies such as Amazon, Microsoft, IBM and OpenAI. The document is aimed not only at developers, but also at data scientists, managers, decision-makers and risk takers.
IT professionals also need to familiarize themselves with the basic principles of AI security and develop an understanding of threat modeling and risk management. These skills are critical to developing robust, secure AI systems.
Transparency and responsibility in the use of AI
The increasing complexity of AI ecosystems makes it difficult to clearly define responsibilities. The rapid development of AI technologies is also a challenge that the AI guidelines are intended to help with.
IT professionals must not only understand and use systems, but also make their use understandable and transparent for user:in . Providers of AI solutions have a responsibility to educate users about potential risks and ensure that they know how to use the systems safely at all times. In order to make "secure-by-design" a top priority, appropriate organizational and management structures are also required in companies.
The AI guidelines at a glance
The "Guidelines for secure AI system development" propose measures for each phase of the AI development process. They are deliberately kept general and are based on established security standards:
Safe design
- Sensitize employees to threats and risks
- Modeling risks for the system
- Design systems that offer safety as well as functionality and performance
- Consider the advantages and disadvantages when selecting an AI model
Secure development
- Securing the supply chain
- Identify, track and protect assets
- Documenting data, models and prompts
- Managing "technical debt"
Safe use
- Secure infrastructure
- Continuously protect models
- Establish processes for incident management
- Publishing AI responsibly
Safe operation and maintenance
- Monitor system behavior
- Monitor system inputs
- Adhere to secure-by-design approach for updating
- Collect and share what you have learned
International cooperation and ongoing training
The BSI guidelines and international support show that the challenges of AI security require a global effort. IT professionals must not only be familiar with the standards and practices in their own country, but also follow international developments.
Training and workshops on topics such as AI safety, ethical aspects of AI and new technologies are essential to stay up to date and contribute to the safe future of AI.
Learning security concepts with skill it
Our comprehensive course Microsoft Cybersecurity Architect teaches you how to plan security right from the start. The course Microsoft Security, Compliance, and Identity Fundamentals provides fundamental knowledge of security, compliance and identity concepts and related cloud-based Microsoft solutions. You will learn the security best practices recommended by AWS in the course Security Engineering on AWS to improve the security of your data and systems in the cloud.