For Wide Dissemination
Joint guidance on Engaging with Artificial Intelligence was released on January 23, 2024. CISA, along with the Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), United Kingdom (UK) National Cyber Security Centre (NCSC-UK), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), who led the development of this product.
This guidance focuses on using AI systems securely rather than developing secure AI systems. For guidance on the latter, the authoring agencies encourage developers of AI systems to refer to the joint Guidelines for Secure AI System Development.
Specifically, organizations are provided with a summary of threats to AI systems, best practices for managing risk, and recommended mitigations for self-hosted and third-party hosted AI systems. The guide also offers mitigation considerations for organizations with guiding questions to help organizations assess an AI system’s cybersecurity implications.
Organizations that use or are considering AI systems need to assess the system’s cyber security implications and evaluate the benefits, risks and consequences of the system within the organization’s context. We encourage these organizations to review this guide.
Cybersecurity and Infrastructure Security Agency