HomeMalware & ThreatsEU Advocates for Increased Domestic AI Development

EU Advocates for Increased Domestic AI Development

Published on

spot_img

Artificial Intelligence & Machine Learning
,
Geo-Specific
,
Next-Generation Technologies & Secure Development

Eurozone Banks Told to Strengthen Controls Amid AI Vulnerability Disclosure Wave

EU Advocates for Increased Domestic AI Development
Image: Shutterstock

In a proactive move towards enhancing cybersecurity, Europe has unveiled a comprehensive strategy aimed at fortifying its defenses against the burgeoning threats posed by frontier artificial intelligence (AI) models. This initiative, revealed on Tuesday, encapsulates plans for improved capabilities to assess the cybersecurity implications of advanced AI technologies and proposes a “grand challenge” to spur the development of AI-driven cybersecurity systems. This strategy comes in response to intensifying concerns regarding the potential damage from AI-enabled hacking activities.

The European Commission’s Action Plan on Cybersecurity and Artificial Intelligence was launched amid rising panic over the threats presented by emerging AI vulnerabilities. On the same day, the European Central Bank (ECB) urged banks within the Eurozone to formulate plans addressing the dynamic cybersecurity landscape within a tight four-month timeline. Additionally, the European Systemic Risk Board (ESRB) issued an official warning regarding the potential for systemic disruption and a loss of confidence within the financial system due to evolving cyber threats.

Henna Virkkunen, the Commission’s technology chief, emphasized the urgency of adapting cybersecurity measures to keep pace with the transformative nature of AI. She stated, “AI is transforming the meaning of cybersecurity, and we must keep pace. The EU has strong foundations in place to adapt its response in the face of vulnerabilities that emerging tech brings with it. We must harness and focus existing capabilities, networks, and the legal framework to fortify the cybersecurity protecting our digital landscape.” This call to action underlines the EU’s commitment to safeguarding its digital infrastructure against emerging threats.

The action plan outlines that the EU possesses the requisite legal and operational frameworks to address the challenges posed by AI. This includes existing regulations such as the AI Act, the supply-chain focused Cyber Resilience Act, the NIS2 Directive aimed at securing critical infrastructures, and the finance-oriented Digital Operational Resilience Act. These regulatory frameworks form the backbone of the EU’s strategy to combat vulnerabilities associated with AI technologies.

The strategy also mentions tech sovereignty as a motivating factor, noting that the EU must ensure the implementation of advanced AI-enhanced cybersecurity capabilities does not create dependencies on external entities. This concern has been underscored by recent developments where certain AI models, such as Anthropic’s Mythos, have not been made accessible to European authorities. Such restrictions have led to heightened anxiety over the continent’s cybersecurity preparedness.

The action plan highlights the need for a shift in evaluation capabilities, stating, “To date, most leading entities performing pre-deployment third-party evaluations of AI models are based outside the EU.” It points out that structured access programs, like Anthropic’s Project Glasswing, exhibit a lack of transparency regarding the criteria used for granting access. This situation potentially hampers European organizations and authorities in their quest to effectively utilize AI technologies in enhancing their cybersecurity resilience.

Given the urgent needs identified, the Commission announced plans to initiate a dedicated call for establishing an EU evaluation capacity specifically aimed at AI models related to cybersecurity. This initiative aims to provide European stakeholders with a local alternative for the third-party evaluations of AI capabilities and mitigation measures.

Moreover, ENISA, the EU’s cybersecurity agency, along with the Commission, will collaborate to devise a “European blueprint” for structured access programs. This document is intended to guide AI providers with advanced cyber capabilities on how to grant access to European organizations while supporting their cyber risk mitigation strategies. The blueprint, however, will not impose additional obligations on AI providers and leaves unresolved how non-EU firms, like those in the U.S., would adhere to it considering existing regulations.

The action plan also calls for the development of a “secure testing platform” for AI cyber capabilities. This platform would allow various authorities to utilize their own model access keys under a shared security framework, while retaining responsibility for their testing methods. The creation of a simulated environment within this platform aims to mitigate risks to actual critical infrastructure during these assessments.

Additionally, the plan emphasizes the necessity for Europe to revamp its vulnerability management infrastructure in light of growing bug reports and dwindling windows for remediation. The Commission has urged ENISA and member states to leverage existing networks to tackle these heightened vulnerabilities, stating, “As AI accelerates vulnerability discovery, the bottleneck in deploying patches becomes more acute.” This underscores the importance of timely responses to emerging threats.

The forward-looking strategy also includes launching a “Grand Challenge on AI-assisted vulnerability remediation,” intending to uncover and test innovative solutions geared toward developing AI systems that can assist cybersecurity teams throughout the remediation lifecycle. Alongside this, a “Critical Open-Source Resilience Campaign” will engage organizations across the EU in sponsoring open-source projects that contribute to essential components of cybersecurity infrastructure.

In a significant commitment to long-term cybersecurity resilience, the Commission has committed to using the future European Competitiveness Fund to foster “sovereign European AI cyber capabilities,” thus aiming to reduce reliance on external AI models. This ambitious fund is envisioned to have a budget of 234 billion euros ($268 billion) but is not expected to launch until 2028.

Responses from the Eurozone’s central bank have been more immediate. In a letter to banking chiefs, ECB supervisory board chair Claudia Buch emphasized the urgency of assessing the impact of the evolving cyber threat landscape and developing comprehensive action plans to enhance relevant controls. Each Eurozone bank must submit these plans to the ECB’s Joint Supervisory Team by October 31. Subsequently, the banks may have an additional five months to submit an IT risk questionnaire, originally due in September.

The European Systemic Risk Board also weighed in positively on the ECB’s initiative, recognizing the strengthened defensive capabilities posed by frontier AI models while warning of the transitional risks entailed in their adoption. The Board urged both public and private sector players within the European financial landscape to thoroughly reassess and update their cybersecurity frameworks, indicating an ongoing commitment to managing risks effectively in an increasingly digitalized and interconnected world.

Source link

Latest articles

UK Cyber Resilience Pledge Welcomes 60 New Signatories

The UK government has initiated a significant step towards enhancing cybersecurity across the nation's...

Court Filing Discloses How Windows Device ID Aided FBI in Tracking Alleged Scattered Spider Hacker

Federal Complaint Links Alleged Scattered Spider Hacker to High-Profile Jewelry Retailer Breach U.S. prosecutors have...

13 High-Paying IT Security Certifications to Consider

OffSec: Elevating Skills in Offensive Security with OSEP and OSEE Certifications In today’s rapidly evolving...

China-Aligned UNK_MassTraction Targets Universities by Exploiting Roundcube Servers

China-Aligned Cyber Threat: UNK_MassTraction Exploits Security Flaws in North American Universities A newly identified cyber...

More like this

UK Cyber Resilience Pledge Welcomes 60 New Signatories

The UK government has initiated a significant step towards enhancing cybersecurity across the nation's...

Court Filing Discloses How Windows Device ID Aided FBI in Tracking Alleged Scattered Spider Hacker

Federal Complaint Links Alleged Scattered Spider Hacker to High-Profile Jewelry Retailer Breach U.S. prosecutors have...

13 High-Paying IT Security Certifications to Consider

OffSec: Elevating Skills in Offensive Security with OSEP and OSEE Certifications In today’s rapidly evolving...