Managing Risk & Securing AI Systems

AI introduces new vulnerabilities – such as data leakage, model manipulation, and uncontrolled access – even as agencies are still figuring out how existing risk and security frameworks apply. Recent news articles have reported that Anthropic’s newest AI model, Mythos, found 2,000 vulnerabilities in just seven weeks of testing commercially available software; Mozilla, for instance, reported Mythos identified 271 security vulnerabilities in Firefox 150. There have been instances where security teams are pulled in late and asked to “make it safe” after deployment decisions are already underway.

There are cybersecurity constructs in place that can help control access to AI tools and data. For example, the Zero Trust mandate already in place – “never trust, always verify” – strengthens requirements for access. Having an “identity-first” security structure can minimize the risks associated with AI adoption.

Learning Objectives:

• Identify existing cybersecurity weaknesses in existing processes, such as where security is being bypassed or bolted on too late
• Understand how to apply Zero Trust concepts to AI workflows
• Confirm cybersecurity alignment with guidance provided by the National Institute of Science and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA)