UK Government releases new AI security guidelines

May 20, 2024



The British government has released a new collection of research reports on the cyber security of artificial intelligence (AI) pulling on sources from the private and public sectors.

It includes a broad set of recommendations for organisations prepared by Mindgard, the report’s only startup contributor.

This report, together with the new draft Code of Practice on cyber security governance, was created in response to the Chinese cyberattack on the Ministry of Defence earlier this year and is aimed specifically at directors and business leaders in the federal and private sectors.  

AI risks for Mindgard

The Department for Science, Innovation and Technology (DSIT) commissioned Mindgard to conduct a systematic study to identify recommendations linked to addressing cyber security risks to AI.

Mindgard’s contributions focused specifically on identifying and mapping vulnerabilities across the AI lifecycle.

Titled Cyber Security for AI Recommendations, the Mindgard report described 45 unique technical and general recommendations for addressing cyber security risks in AI. 

The first type of recommendation proposed by Mindgard is technical. ⁤⁤

This technology-focused approach aims to mitigate cybersecurity risks in AI by altering the software, hardware, data, or network access of a computer system that runs the AI. ⁤⁤

This can also involve altering the AI model itself, encompassing adjustments in training methodologies, pre-processing techniques and model architecture. ⁤⁤

These measures collectively work towards reducing cybersecurity vulnerabilities when exposed to an AI cyber attack. ⁤

Equally important are general recommendations, which are conceptual frameworks for mitigating cybersecurity risks in AI.

These recommendations entail ‘security hygiene’ by establishing organizational practices, company policies, governance and security measures.

What are the recommendations?

Among them are:

  • Managing of legal and regulatory requirements involving AI 
  • Stakeholder engagement
  • Creating an Organizational AI Program / Sec Dev Program
  • Implementing controls to limit unwanted model behavior
  • Creating and documenting AI project requirements
  • Conducting red teaming and risk analysis, etc.

Other key contributors included Grant Thornton UK LLP,  Manchester Metropolitan University and IFF Research.

The governmental report determined a number of key areas for improvement around legal and regulatory requirements, stakeholder engagement, controls to limit unwanted model behaviour and documentation.

The accompanying literature furthermore identified 23 distinct security vulnerabilities within AI based on meticulous research of previous attacks.

With the exception of one security incident, all the studied attacks used some form of adversarial machine learning to achieve their goals. 

“A responsibility and a privilege”

“Research has always been fundamental to Mindgard’s work and mission,” Dr. Peter Garraghan, CEO/CTO of Mindgard and Professor at Lancaster University.

“Directing that research towards initiatives that strengthen cybersecurity and address the weaknesses of proprietary AI in its current iteration on a national level is a responsibility and a privilege.”

More Security News

Read Next

Security Journal UK

Subscribe Now

£99.99 for each year
No payment items has been selected yet