24 January 2024
The purpose of the paper is to provide guidance with summaries of important threats related to AI systems and steps organisations can take to engage with AI while managing risk. It provides mitigations for both self-hosted and third-party hosted AI systems.
Engaging with Artificial Intelligence (AI) [PDF, 2.2 MB]
Like all digital systems, AI presents both opportunities and threats. To take advantage of the benefits of AI securely, all stakeholders involved with these systems (e.g. programmers, end users, senior executives, analysts, marketers) should take some time to understand what threats apply to them and how those threats can be mitigated.
For further reading, CERT NZ has published two other papers on AI based on our own research, available on our resources page. NCSC-NZ has published interim guidance on generative AI for the public service.
Interim Generative AI guidance for the public service | NZ Digital government External Link
While the paper is focused on using AI systems securely rather than developing secure AI systems, the authoring agencies encourage developers of AI systems to refer to the joint Guidelines for Secure AI System Development.
Guidelines for secure AI system development - NCSC.GOV.UK External Link