ANSSI recommends isolating each phase of the generative AI system lifecycle (training, deployment, production) using network segmentation, dedicated hardware, and strict access controls to prevent data leakage and unauthorized access. Secure storage formats, robust communication protocols, and separation of model parameters from executable code are advised, along with prohibiting GPU sharing between AI and other workloads123. Regular risk analysis, security audits, and filtering of user inputs/outputs are essential to protect against attacks and leaks throughout the system’s operation.
Publication's URL
https://cyber.gouv.fr/en/publications/security-recommendations-generative-ai-systemAdditional documents on this topic
- OWASP Practical Guide for Secure MCP Server Development
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments
- CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology