Google has launched the Secure AI Framework (SAIF), a framework aimed at establishing robust security standards for the development and deployment of AI technology. The framework comprises six core elements designed to bolster AI system security. The first element focuses on expanding strong security foundations to the AI ecosystem. The second element extends detection and response capabilities to AI threats. The third element automates defenses. The fourth element ensures consistent security across the organization. The fifth element adapts controls to respond dynamically to threats. The final element contextualizes AI system risks within surrounding business processes. The move comes hot on the heels of the debates kicked up by the European Commission’s draft Artificial Intelligence Act and Google’s competitor Microsoft is already ahead in the thought leadership on AI security. However, the Google Secure AI Framework conveniently aligns with Google’s AI business interests, presenting itself as a solution to the security concerns surrounding AI technology and reinforcing its reputation, differentiating its offerings, and ensuring customer retention in its AI products.
The potential of AI, especially generative AI, is immense. However, in the pursuit of progress within these new frontiers of innovation, there needs to be clear industry security standards for building and deploying this technology in a responsible manner. With the Google Secure AI Framework, Google draws inspiration from established security best practices and incorporates an understanding of the unique risks and trends associated with AI systems. According to the blog post, the framework directly addresses security risks, integrates with Google’s AI platforms, incentivizes research, and emphasizes the delivery of secure AI offerings. To support and advance the framework, the company is fostering industry support, collaborating with organizations, sharing threat intelligence insights, expanding bug hunter programs, and delivering secure AI offerings with partners.
While the Google Secure AI Framework claims to establish industry-wide security standards for responsible AI development, it also serves Google’s agenda of maintaining dominance in the AI market. By integrating the Google Secure AI Framework principles into its AI platforms, Google can position itself as a trusted provider of AI solutions. This conveniently helps solidify its market dominance and maintain a competitive edge over other players in the AI industry. SAIF supposedly addresses critical security considerations specific to AI, such as model theft and data poisoning. The promotion of the Google Secure AI Framework enables Google to showcase its own AI offerings as secure and reliable. However, the Google Secure AI Framework has conveniently omitted privacy from its core elements. Addressing privacy concerns is not there in the Google Secure AI Framework summary or the step-by-step guide on how practitioners can implement SAIF.
Unlike the business-focused approach of the Google Secure AI Framework, the European Parliament has adopted new rules aimed at ensuring a human-centric and ethical approach to AI in Europe. These rules, if approved, will be the world’s first comprehensive set of regulations for AI. The draft negotiating mandate on the rules for AI was adopted by the Internal Market Committee and the Civil Liberties Committee with an overwhelming majority, receiving 84 votes in favor, 7 against, and 12 abstentions. MEPs made amendments to the initial proposal from the Commission, emphasizing the need for AI systems to be overseen by humans, safe, transparent, traceable, non-discriminatory, and environmentally friendly. They also sought to establish a technology-neutral definition of AI to ensure its applicability to current and future AI systems. The proposed draft is the latest in the stream of participative initiatives in the Europe on addressing various threats posed by AI. The Artificial Intelligence Threat Landscape Report by the European Union Agency for Cybersecurity (ENISA) published earlier listed guidelines on cybersecurity threats, supporting policy development, enabling customized risk assessments, and aiding the establishment of AI security standards.
The deployment of AI systems in Europe had to be on the bases of trustworthy solutions through comprehensive cybersecurity practices, the report specified. Unlike the business-focused approach of the Google Secure AI Framework, the European rules take a risk-based approach. It seeks to categorize and oversee artificial intelligence applications based on their potential to cause harm. These categories primarily encompass banned practices, high-risk systems, and other AI systems. “The rules follow a risk-based approach and establish obligations for providers and users depending on the level of risk the AI can generate,” the European Parliament announcement said. “AI systems with an unacceptable level of risk to people’s safety would be strictly prohibited, including systems that deploy subliminal or purposefully manipulative techniques, exploit people’s vulnerabilities or are used for social scoring.” Interestingly, Google has an established track record of not only demonstrating favoritism towards its own products and services as a means of safeguarding its dominant position in the search market but also in generating profits from user data. It remains to be seen how the Google Secure AI Framework aligns with the potential European regulations and the future of AI in the continent.