The ANSSI document “Building Trust in AI Through a Cyber Risk-Based Approach” provides a comprehensive analysis of the cybersecurity risks associated with AI systems and advocates for a risk-based strategy to foster trusted AI across sectors such as defense, energy, healthcare, and finance. It highlights the unique vulnerabilities of AI, including those arising from large language models and complex data dependencies, and stresses the need for proactive measures to mitigate threats like data poisoning, model extraction, and evasion attacks. The guidance outlines best practices for securing the entire AI supply chain, recommends organizational strategies for risk management, and calls for ongoing collaboration between cybersecurity and AI stakeholders to adapt to evolving threats and regulatory changes. The document also includes practical checklists and recommendations for policy-makers and practitioners to ensure the secure deployment, operation, and continuous monitoring of AI systems
Publication's URL
https://cyber.gouv.fr/en/publications/building-trust-ai-through-cyber-risk-based-approachAdditional documents on this topic
- OWASP Practical Guide for Secure MCP Server Development
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments
- CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology