Unlocking AI Safety: The Power of SAIF

Earlier this year, I attended Google Next, and one of the standout sessions was on “A Cybersecurity Expert's Guide to Securing AI Products with Google SAIF.”

You might be thinking, why am I sharing this after so many months?

I was contemplating writing my next edition on AI and brainstorming on what to share with the community, and then a question I had asked Anton Chuvakin popped into my mind.

The question was:

“How does security play a role when an organization uses a SaaS product (platform deployed on one or multiple CSPs)? Who is responsible for security if a breach happens? Is it the CSP or the company that builds their product on top of the CSP?”

Use cases could be:

• A company building their ML model and deploying it on a CSP with data stored on the cloud
• A company leveraging an ML model built by other providers

He said, “It's very COMPLICATED.”

I’ll leave it at that. If you happen to be in the same situation as me, please let me know your thoughts in the comments.

As I mentioned CSPs, let's talk in today’s edition about Google’s SAIF framework for deploying AI securely on the Google Cloud Platform.

Secure AI Framework (SAIF) is a conceptual framework for secure artificial intelligence (AI) systems.

SAIF offers a practical approach to addressing concerns that are top of mind for security and risk professionals, such as:

• Security
• AI/ML model risk management
• Privacy and Compliance
• People and organization

To know more, refer to [2].

Putting SAIF into Practice

The SAIF framework emphasizes the importance of understanding the specific business problem AI will solve and the data needed to train the model. It also underscores the need for a cross-functional team and the application of the six elements of the Secure AI Framework (SAIF) to address security and compliance considerations in AI deployment.

Understanding the business problem and data requirements is crucial for implementing AI solutions. Different AI models have varying complexities and risks, requiring different security and data governance measures. The context of how AI models interact with end-users determines the security and data governance requirements.

Using pre-built models or developing/training your own has different implications for securing the infrastructure and monitoring model behavior. AI systems are complex, opaque, and resource-intensive, requiring multidisciplinary teams and stakeholder involvement. Existing security controls can be applied to AI systems but may need adaptation or additional layers to address AI-specific risks. Organizations must store and track AI assets, code, and training data, and implement scalable data governance and lifecycle management. Retaining and retraining existing talent can be more beneficial than hiring externally for AI-specific knowledge.

Why Google Introduced SAIF

With the evolution of generative AI, security concerns have intensified. Threat actors are increasingly leveraging large language models (LLMs) to target end users. These malicious activities aim to cause harm, steal sensitive data, and damage reputations. As a result, the need for robust AI security measures has never been more critical.

SAIF is inspired by security best practices — like reviewing, testing, and controlling the supply chain — that we’ve applied to software development while incorporating our understanding of security mega-trends and risks specific to AI systems.

A framework across the public and private sectors is essential for ensuring that responsible actors safeguard the technology that supports AI advancements so that when AI models are implemented, they’re secure by default.

In conclusion, I would say, AI has captured the world’s imagination, and many organizations are seeing opportunities to boost creativity and improve productivity by leveraging this emerging technology. Google is integrating AI into our products (e.g., Gemini into Google SecOps). SAIF is designed to help raise the security bar and reduce overall risk when developing and deploying AI systems.

To ensure we enable secure-by-default AI advancements, it is important to work collaboratively. With support from customers, partners, industry, and governments, we will continue to advance the core elements of the framework and offer practical and actionable resources to help organizations achieve better security outcomes at scale.

Reading List:

[1] A cybersecurity expert's guide to securing AI products with Google SAIF Video

[2] PDF: A cybersecurity expert's guide to securing AI products with Google SAIF

[3] Secure AI Approach

[4] SAIF Summary

I appreciate you reading The Security Chef.

Thanks for reading The Security Chef! Subscribe for free to receive new posts and support my work.