Top-level discussions on security and ethical risks AI-powered tools pose are no longer enough to mitigate the dangers posed by the rapid adoption of artificial intelligence (AI), according to the Open Worldwide Application Security Project (OWASP).
Ahead of the AI Safety Summit, held in Bletchley Park, England, on November 1-2, the non-profit released a call to action urging Summit attendees to rapidly pledge to agree on – and adopt – actionable AI security standards.
The OWASP Foundation said in an open letter that it “wholeheartedly agrees with Lindy Cameron, the CEO of the UK’s National Cyber Security Centre (NCSC), for the urgent need to stay ahead of risks and the vital role of global industry security standards for AI. This will require alignment to avoid a Babel of standards.”
Speaking to Infosecurity, John Sotiropoulos, one of the core contributors to the OWASP Top 10 for LLM, explained the foundation’s positions: “We recognize the need to have top-level discussions, to explore the risks with policymakers and large organizations. However, we think it’s already time for action.”
“While we’re planning ahead, AI is already being used – and misused. We need to foster an immediate response. For instance, how can we report vulnerabilities found in AI applications since they don’t always fit with today's systems? Do we need to create a new framework or just update existing ones? We cannot do everything at once, but we cannot do everything sequentially, either. It’s a balancing act,” he added.
Read more: AI Safety Summit Faces Criticisms for Narrow Focus
Which AI Security Standards Does OWASP Promote?
In its open letter, the OWASP Foundation also asks governments to turn to open standard organizations, such as OWASP and the Linux Foundation, to adopt practical AI security standards.
“The first that comes to mind is the OWASP Top 10 for LLM Applications, of course. But we’re also in talks with organizations like MITRE and the US National Institute for Innovation and Technology (NIST), who are on the same page,” Sotiropoulos said.
He added that OWASP is collaborating with MITRE on its ATLAS framework that aims to map the evolving threat landscape, including AI threats in the mix.
The OWASP AI Exchange initiative also cites ISO/IEC 27090, the OWASP Top 10 ML and the CEN/CENELEC standards, on which the EU AI Act will be based, as essential standards on which governments could rely to align their AI safety policy.
No tags.
