Solicitation of opinions: Generative AI security guidance document that clarifies five types of security risks

China-Singapore Jingwei, October 12th According to the website of the National Information Security Standardization Technical Committee, the Secretariat of the National Information Security Standardization Technical Committee recently issued the "Basic Requirements for Generative Artificial Intelligence Service Security (Draft for Comment)" (hereinafter referred to as "basic requirements").

"Basic Requirements" provides basic security requirements for generative artificial intelligence services, including corpus security, model security, security measures, security assessment, etc., and is applicable to the provision of generative artificial intelligence services to the public in my country. Providers can improve service security levels, or providers can conduct security assessments themselves or entrust a third party to conduct security assessments. This can also provide a reference for relevant authorities to evaluate the security level of generative artificial intelligence services.

The "Basic Requirements" clarify that generative artificial intelligence services are artificial intelligence services based on data, algorithms, models, and rules that can generate text, pictures, audio, video and other content based on user prompts.

Source: National Information Security Standardization Technical Committee website

In terms of corpus content security, the basic requirements put forward three main contents:

The content that needs to be rewritten is: in terms of content filtering of training corpus, methods such as keywords, classification models and manual sampling should be used to comprehensively filter illegal and harmful information in all corpus

The content that needs to be rewritten is: Secondly, in terms of intellectual property rights, an intellectual property specialist responsible for corpus and generated content should be established, and corresponding intellectual property management strategies should be formulated. Before conducting corpus training, the intellectual property specialist should identify intellectual property infringements in the corpus and ensure that the provided corpus has no infringement issues

The rewritten content in terms of personal information is as follows: When using corpus containing personal information, you must obtain the authorization and consent of the corresponding personal information subject, or meet other conditions for the legal use of the personal information, etc.

In terms of security measures requirements, the "Basic Requirements" clearly puts forward special requirements for services suitable for minors. These requirements include allowing guardians to set anti-addiction measures for minors and implement them through password protection; limiting the number and duration of daily conversations for minors, and if the limit is exceeded, they need to enter an administrative password; before minors make purchases It needs to be confirmed by the guardian; it also needs to filter out content that is not suitable for minors and only display content that is beneficial to physical and mental health. For services that are not suitable for minors, technical or administrative measures should be taken to prevent minors from using them

The above is the detailed content of Solicitation of opinions: Generative AI security guidance document that clarifies five types of security risks. For more information, please follow other related articles on the PHP Chinese website!