This article is part of a series dedicated to the topic of Generative AI. Specifically focusing on understanding and assessing the risks associated with Generative AI systems. The text explores an analytical framework for AI risk management. Drawing on established methodologies in the field of cybersecurity and introducing innovative perspectives to understand the unique challenges posed by modern AI systems.
Risks of Generative AI Systems
Generative Artificial Intelligence (GenAI) systems pose new types of risks, different from classic cyber risks. Many of which are consequential and little known. Despite this, we are witnessing a strong growth in the implementation and diffusion of new systems based on GenAI in every social and working environment. This criticality has, in fact, accelerated the research and development of effective models to carry out the testing and evaluation of AI systems.
In this section, we attempt to describe a framework for AI risk management following the cyber risk model. Specifically, we outline some potential strategies to frame T&E activities based on a holistic Estonia WhatsApp Number List approach to AI risk. It is appropriate to base the development of this framework on the lessons learned from decades of research to identify similar solutions already implemented for cyber risk modeling and assessment. Cyber risk assessments are imperfect and continue to evolve. But they still provide significant benefits, so much so that they have become a regulatory requirement in the context of critical infrastructure. The financial sector, essential public services, etc.
AI risk modeling and assessment are poorly understood from both a technical and legal perspective; however, there is an urgent demand from both users and vendors [1] . In this regard, in July 2024 the Coalition for Secure AI [2] made an important contribution to advance industry standards for improving the security of modern AI implementations. The NIST AI Risk Management Framework (RMF) is a prime example of this contribution. To date, the proposed methodologies are still under development. With uncertain costs and benefits; therefore. AI risk assessments are less widely applied than cyber risk assessments.
Modeling and risk assessment are important not only for T&E
But also to inform design processes. As is happening in cybersecurity engineering and the emerging AI engineering. It is important to remember that AI engineering encompasses not only the individual AI elements embedd in systems, but also the overall design of AI-based resilient systems, along with the workflows and human interactions that enable operational activities.
AI risk modeling can have a positive influence not WhatsApp Number Database only in the T&E phase. But throughout the entire AI lifecycle, from design choices to specific risk mitigation phases. AI-relate weaknesses and vulnerabilities have unique characteristics (see examples in the previous paragraph), but they also overlap with cyber risks. After all, AI system elements are software components, so they have vulnerabilities unrelat to their AI functionality. However, their unique and often unknown characteristics, both within the models and in the software structures that host them, can make them particularly attractive to cybercriminals.
Functional and Qualitative Attributes of Generative AI
Functional and qualitative assessments help ensure Bulk Database that systems perform their tasks correctly and reliably. However, correctness and reliability are not absolutes. But must be seen in the context of the specific objectives of a component or system, including the operational constraints that must be met. Specifications necessarily include both functionality, that is, what the system is intend to accomplish, and system qualities, that is. How the system is intend to function, including attributes relat to safety and reliability. These characteristics, or system specifications. May relate to both the system and its role in operations, including expectations regarding stressors from adverse threats.
