Google unveiled the Secure AI Framework (SAIF) on Thursday, June 8th. SAIF consists of six core elements aimed at enhancing the security foundation of the AI ecosystem. These elements include expanding security measures to encompass AI, automating defense capabilities, coordinating control at a platform level, adjusting and expediting AI responses, and establishing a risk context within the commercial environment surrounding AI systems. Google hopes that SAIF will assist the AI industry in establishing various security standards.
According to Google, the inspiration for SAIF comes from the best practices in secure software development processes, such as supply chain auditing, testing, and control. By combining these practices with an understanding of unique security trends and risks in AI systems, a comprehensive security framework spanning both public and private domains can ensure responsible operators defend the technology that supports AI advancement. This allows for the integration of AI models that are inherently secure by default.
Among the six elements proposed by Google, some are easily understood, such as extending existing security infrastructure, expert knowledge, detection and response techniques to the AI ecosystem. With the increasing utilization of AI by both attackers and defenders, the implementation of automated defense becomes crucial to mitigate existing and emerging threats.
Furthermore, ensuring consistency across control frameworks can alleviate AI risks and extend protection capabilities to different platforms and tools. For Google, this includes extending security-by-default protection to AI platforms like Vertex AI and Security AI Workbench and embedding the necessary controls and safeguards throughout the software development lifecycle.
Continuous learning and testing are also essential to adapt to evolving threat landscapes. Techniques such as reinforcement learning based on events and user feedback can help update training data, adjust the model's response strategies to attacks, and embed additional security mechanisms in the software used for model development. Regular red team exercises can also be conducted to enhance the security of AI products.
Lastly, Google believes that organizations should conduct end-to-end risk assessments specific to AI deployments. This includes evaluating end-to-end business risks, such as data lineage, validation, monitoring of operational behavior, and establishing automated verification capabilities to assess AI performance.
In addition to SAIF, Google plans to collaborate with other organizations to jointly develop the National Institute of Standards and Technology's (NIST) AI Risk Management Framework and the industry's first AI certification standard, ISO/IEC 42001 AI Management System Standard. They will also assist customers and government agencies in assessing and mitigating AI security risks and continue sharing research and insights related to AI security with the public.