1. Introduction to AI Security

Over the last year I have had the privilege to work with experts in the field of AI safety & security, working together to understand it, draw it, and communicate it. Communicating about generative AI, how it works, and how it might be abused or manipulated, is a critical component to defending it.

A good start is to view this moment in the relatively short history of modern computing, where generative AI is possible due to several previous technologies combined to enable it at global scale:

Each major shift in technology has brought new possibilities, both positive and negative. I remember the initial reactions to mobile computing, with the launch of the Apple iPhone, as one of denial and rejection. The problem was they didn't come with enterprise read security controls to help IT administrators manage the devices to any level of security compliance. Cloud computing also took a long time to gain adoption because we tried to secure it like we would a local network and data center - but they weren't local, and we didn't have all of the controls required to gain confidence until the platforms matured.

AI has some challenges, but we have learnt over time about the need to secure new technologies as they come out of the box. Generative AI has some unique properties that make it particularly challenging to manage, but that won't (and shouldn't) stop adoption, so we need to accelerate our learning to manage it and defend it properly.

Drawing AI systems

One of the first approaches to creating diagrams of AI safety & security that has stuck with me is the need to create a layered approach to segment the problems and solutions into a logical state. You will see the following three layers used repeatedly throughout my work as it is the simplest way to ensure we are all talking about the same problem, in the same way. Not only can we focus on each of the components, but we can zoom out and view the problem end-to-end:

With this one model we can have a conversation from the technical components that provide security of the AI model and application integration, to the ethical considerations for the impact of certain design choices.

AI safety & security

The reason I refer to this work as AI safety & security is that we have learnt over the last year you cannot easily separate these two topics or disciplines. To properly design a secure AI system, you must consider ethics, governance, and regulation. You will also need to understand and account for the potential of statistical or economical bias, AI-generated hallucinations, and the different implementation of grounding to provide additional insights and factual content.

AI is already causing a fundamental impact in the way we do things, and it will look different in the future to what we see today. As these capabilities grow, using a framework like this will ensure the comprehensive understanding and transparency of design, which assists in communication across multiple teams in the organization, as you will see in future episodes of this newsletter.

Here is my favorite quote from this chapter:

The book is available now on Amazon - Guardians of AI: Building innovation with safety and security.

In the next newsletter we will explore some of the key insights from Chapter 2: Cybersecurity in the AI World.