Top

Published in:

2024 | OriginalPaper | Chapter

4. Build Your Security Program for GenAI

Authors : Ken Huang, John Yeoh, Sean Wright, Henry Wang

Published in: Generative AI Security

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This chapter explores policies, processes, and procedures to build a robust security program tailored for GenAI models and applications. It discusses key policy elements like goals, risk management, compliance, consequences, and priority areas focused on model integrity, data privacy, resilience to attacks, and regulatory adherence. The chapter also covers specialized processes for GenAI across risk management, development cycles, and access governance. Additionally, it provides details on security procedures for access control, operations, and data management in GenAI systems. Centralized, semi-centralized, and decentralized governance structures for GenAI security are also analyzed. Helpful framework resources including MITRE ATT&CK’s ATLAS Matrix, AI vulnerability databases, the Frontier Model Forum, Cloud Security Alliance initiatives, and OWASP’s Top 10 LLM Application risks are highlighted.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter AI Regulations

next chapter GenAI Data Security

CSA. (2023). Security implications of ChatGPT | CSA. Cloud Security Alliance. Retrieved August 27, 2023, from https://cloudsecurityalliance.org/artifacts/security-implications-of-chatgpt/

Doerrfeld, B. (2023, August 4). Reviewing the OWASP machine learning top 10 risks. Security Boulevard. Retrieved August 27, 2023, from https://securityboulevard.com/2023/08/reviewing-the-owasp-machine-learning-top-10-risks/

Graves, D., & Nelson, A. (2023). AI risk management framework | NIST. National Institute of Standards and Technology. Retrieved August 15, 2023, from https://www.nist.gov/itl/ai-risk-management-framework

GSA. (2023, June 9). Security policy for generative artificial intelligence (AI) large language models (LLMs). GSA. Retrieved August 15, 2023, from https://www.gsa.gov/directives-library/security-policy-for-generative-artificial-intelligence-ai-large-language-models-llms

Hewko, A. (2021, September 2). What is STRIDE threat modeling | Explanation and examples. Software Secured. Retrieved August 27, 2023, from https://www.softwaresecured.com/stride-threat-modeling/

Klondike, G. (2023, June 6). Threat modeling LLM applications. AI Village. Retrieved August 27, 2023, from https://aivillage.org/large%20language%20models/threat-modeling-llm/

Lin, B. (2023, August 10). AI is generating security risks faster than companies can keep up. The Wall Street Journal. Retrieved August 15, 2023, from https://www.wsj.com/articles/ai-is-generating-security-risks-faster-than-companies-can-keep-up-a2bdedd4

Milmo, D. (2023, July 26). Google, Microsoft, OpenAI and startup form body to regulate AI development. The Guardian. Retrieved August 15, 2023, from https://www.theguardian.com/technology/2023/jul/26/google-microsoft-openai-anthropic-ai-frontier-model-forum

NIST. (2023a, March 8). Adversarial machine learning: A taxonomy and terminology of attacks and mitigations. NIST Technical Series Publications. Retrieved August 15, 2023, from https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.ipd.pdf

NIST. (2023b, November 2). NIST seeks collaborators for consortium supporting artificial intelligence safety | NIST. National Institute of Standards and Technology. Retrieved November 22, 2023, from https://www.nist.gov/news-events/news/2023/11/nist-seeks-collaborators-consortium-supporting-artificial-intelligence

OWASP. (2023). OWASP top 10 for large language model applications. OWASP Foundation. Retrieved August 27, 2023, from https://owasp.org/www-project-top-10-for-large-language-model-applications/

Rundquist, K. (2023, July 20). Cloud security alliance announces appointment of Caleb Sima as chair for AI safety initiative. Cloud Security Alliance. Retrieved August 27, 2023, from https://cloudsecurityalliance.org/press-releases/2023/07/20/cloud-security-alliance-announces-appointment-of-caleb-sima-as-chair-for-ai-safety-initiative/

Title: Build Your Security Program for GenAI
Authors: Ken Huang
John Yeoh
Sean Wright
Henry Wang
Publisher: Springer Nature Switzerland
Book: Generative AI Security
Print ISBN: 978-3-031-54251-0

Electronic ISBN: 978-3-031-54252-7

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-54252-7_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner