search
HomeTechnology peripheralsAIHow to manage AI risk and safety?
How to manage AI risk and safety?Apr 19, 2023 pm 02:04 PM
AISafetyData exposure

​Large, sensitive data sets are often used to train AI models, creating privacy and data leakage risks. The use of artificial intelligence increases an organization’s threat vectors and expands its attack surface. AI further creates new opportunities for benign errors to adversely impact models and business results.

How to manage AI risk and safety?

Risks that are not understood cannot be mitigated. A recent Gartner survey of chief information security officers revealed that most organizations have not considered the new security and business risks posed by artificial intelligence or the new controls they must put in place to mitigate those risks. Artificial intelligence requires new risk and safety management measures and mitigation frameworks.

Here are the top five priorities security and risk leaders should focus on to effectively manage AI risk and security within their organizations:

1. Capture AI exposure

Machine learning models are opaque to most users, and unlike general software systems, their inner workings are unknown to even the most skilled experts. Data scientists and model developers often understand what their machine learning models are trying to do, but they cannot always decipher the internal structure or algorithmic means by which the model processes the data.

This lack of understanding severely limits an organization’s ability to manage AI risks. The first step in AI risk management is to list all AI models used in the organization, whether they are components of third-party software, developed in-house, or accessed through software-as-a-service applications. This should include identifying interdependencies between the various models. Models are then ranked based on operational impact, taking into account that risk management controls can be applied incrementally based on identified priorities.

Once the models are laid out, the next step is to make them as interpretable or explainable as possible. “Explainability” means the ability to generate details, reasons, or explanations that clarify the functionality of the model for a specific audience. This will provide risk and security managers with an environment to manage and mitigate business, social, liability and security risks arising from model outcomes.

2. Improve employee awareness through artificial intelligence risk education activities

Employee awareness is an important component of artificial intelligence risk management. First, let all players, including CISOs, chief privacy officers, chief data officers, and legal and compliance officers, recalibrate their mindsets about AI. They should understand that AI is “unlike any other application” – it poses unique risks and requires specific controls to mitigate such risks. Then, engage with business stakeholders to expand understanding of the AI ​​risks that need to be managed.

Work with these stakeholders to determine the best way to build AI knowledge across teams and over time. For example, see if you can add a course on basic AI concepts to your enterprise’s learning management system. Work with application and data security departments to help develop AI knowledge among all organizational members.

3. Eliminate AI data exposure with a privacy plan

According to a recent Gartner survey, privacy and security have been viewed as artificial. The main obstacles to the realization of intelligence. Adopting data protection and privacy procedures can effectively eliminate the exposure of internal and shared data within AI.

There are a range of methods that can be used to access and share essential data while still meeting privacy and data protection requirements. Determine which data privacy technology, or combination of technologies, makes the most sense for your organization’s specific use cases. For example, investigate techniques such as data masking, synthetic data generation, or differential privacy.

Data privacy requirements should be met when exporting or importing data to external organizations. In these scenarios, techniques like fully homomorphic encryption and secure multi-party computation should be more useful than protecting data from internal users and data scientists.

4. Incorporate risk management into model operations

AI models require special-purpose processes as part of model operations or ModelOps to enable human Smart, reliable and efficient. As environmental factors continue to change, AI models must continuously monitor for business value leakage and unpredictable (and sometimes adverse) outcomes.

Effective monitoring requires an understanding of AI models. Dedicated risk management processes must become an integral part of ModelOps to make AI more trustworthy, accurate, fair, and resilient to adversarial attacks or benign errors.

Controls should be applied continuously—for example, throughout model development, testing and deployment, and ongoing operations. Effective controls will detect malicious behavior, benign errors, and unintended changes in AI data or models that lead to unfairness, corruption, inaccuracies, poor model performance and predictions, and other unintended consequences.

5. Use artificial intelligence security measures to deal with adversarial attacks

Detecting and blocking attacks on artificial intelligence requires new technologies. Malicious attacks on AI can result in significant organizational damage and loss, including financial, reputational, or data related to intellectual property, sensitive customer data, or proprietary data. Application leaders working with security must add controls to their AI applications to detect anomalous data input, malicious attacks, and benign input errors.

Implement a comprehensive set of traditional enterprise security controls around AI models and data, as well as new integrity measures for AI, such as training models that tolerate adversarial AI. Finally, use fraud, anomaly detection and bot detection technologies to prevent AI data poisoning or input error detection. ​

The above is the detailed content of How to manage AI risk and safety?. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:51CTO.COM. If there is any infringement, please contact admin@php.cn delete
人工智能如何影响视频直播人工智能如何影响视频直播Apr 12, 2023 pm 12:10 PM

人工智能是近年来最受欢迎技术之一,而这个技术本身是非常广阔的,涵盖了各种各样的应用应用。比如在越来越流行的视频流媒体平台应用,也逐渐深入。为什么直播需要人工智能(AI)全球观看视频及直播的人数正在快速增长,AI将在未来直播发展中发挥至关重要的作用。直播已经成为交流和娱乐的强大工具。它似乎成为继电子邮件、短信、SMS和微信之后的“新的沟通方式”。每个人都喜欢观看体育赛事、音乐会、颁奖典礼等的直播。这种直播之所以吸引我们,是因为它比其他媒体形式提供了更多的实时信息。此外,表演者或个人UP主总是通过直

内存分区和实现的功能安全机制内存分区和实现的功能安全机制Apr 24, 2023 pm 07:22 PM

1.应用软件在AUTOSAR架构中,应用软件位于RTE上方,由互连的AUTOSARSWC组成,这些组件以原子方式封装了应用软件功能的各个组成部分。图1:应用程序软件AUTOSARSWC独立于硬件,因此可以集成到任何可用的ECU硬件上。为了便于ECU内部和内部的信息交换,AUTOSARSWC仅通过RTE进行通信。AUTOSARSWC包含许多提供内部功能的函数和变量。AUTOSARSWC的内部结构,即其变量和函数调用,通过头文件隐藏在公众视野之外。只有外部RTE调用才会在公共接口上生效。图2:SW

研究表明强化学习模型容易受到成员推理攻击研究表明强化学习模型容易受到成员推理攻击Apr 09, 2023 pm 08:01 PM

​译者 | 李睿 审校 | 孙淑娟​随着机器学习成为人们每天都在使用的很多应用程序的一部分,人们越来越关注如何识别和解决机器学习模型的安全和隐私方面的威胁。 然而,不同机器学习范式面临的安全威胁各不相同,机器学习安全的某些领域仍未得到充分研究。尤其是强化学习算法的安全性近年来并未受到太多关注。 加拿大的麦吉尔大学、机器学习实验室(MILA)和滑铁卢大学的研究人员开展了一项新研究,主要侧重于深度强化学习算法的隐私威胁。研究人员提出了一个框架,用于测试强化学习模型对成员推理攻击的脆弱性。 研究

别怪ChatGPT,AI黑客攻击早已开始别怪ChatGPT,AI黑客攻击早已开始May 03, 2023 pm 12:07 PM

ChatGPT的火爆出圈,让大众看到了AI表现惊艳的一面,但也让网络攻击有了更多可能性。近日有研究团队发现,人工智能ChatGPT存在一定风险,它可以为黑客提供有关如何入侵网站的分步说明。该团队研究人员使用虚拟的“HacktheBox”网络安全培训平台进行实验,对ChatGPT提出问题并遵循它的指导,以检查ChatGPT是否可以提供利用该漏洞的分步指南。研究人员问道:“我正在面对渗透测试的挑战。我在一个只有一个按钮的网站上,我将如何测试它的漏洞?”对此,ChatGPT以五个基本点作为解答,说明了

基于 AI 的四大人脸识别应用基于 AI 的四大人脸识别应用Apr 11, 2023 pm 07:49 PM

大约三十年前,面部识别应用程序的概念似乎是一个幻想。但现在,这些应用程序执行许多任务,例如控制虚假逮捕、降低网络犯罪率、诊断患有遗传疾病的患者以及打击恶意软件攻击。2019 年全球脸型分析仪市场价值 32 亿美元,预计到 2024 年底将以 16.6% 的复合年增长率增长。人脸识别软件有增长趋势,这一领域将提升整个数字和技术领域。如果您打算开发一款脸型应用程序以保持竞争优势,这里有一些最好的人脸识别应用程序的简要列表。优秀的人脸识别应用列表Luxand:Luxand人脸识别不仅仅是一个应用程序;

深入聊聊前端限制用户截图的脑洞深入聊聊前端限制用户截图的脑洞Nov 07, 2022 pm 04:56 PM

​做后台系统,或者版权比较重视的项目时,产品经常会提出这样的需求:能不能禁止用户截图?有经验的开发不会直接拒绝产品,而是进行引导。

Python eval 函数构建数学表达式计算器Python eval 函数构建数学表达式计算器May 26, 2023 pm 09:24 PM

在本文中,云朵君将和大家一起学习eval()如何工作,以及如何在Python程序中安全有效地使用它。eval()的安全问题限制globals和locals限制内置名称的使用限制输入中的名称将输入限制为只有字数使用Python的eval()函数与input()构建一个数学表达式计算器总结eval()的安全问题本节主要学习eval()如何使我们的代码不安全,以及如何规避相关的安全风险。eval()函数的安全问题在于它允许你(或你的用户)动态地执行任意的Python代码。通常情

Nginx安全目录保护实践Nginx安全目录保护实践Jun 10, 2023 am 10:00 AM

Nginx是一款功能强大的Web服务器和反向代理服务器,广泛应用于互联网的各个领域。然而,在使用Nginx作为Web服务器的同时,我们也需要关注它的安全性问题。本文将详细介绍如何通过Nginx的安全目录保护功能来保护我们的网站目录和文件,以防止非法访问和恶意攻击。1.了解Nginx安全目录保护的原理Nginx的安全目录保护功能是通过指定访问控制列表(Acce

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment