Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark
and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are
NOT emergent systemic properties like security). So let’s take a step back: how do you measure security in the first
place? Good question. Over the last 30 years, security engineering for software evolved from black box penetration testing, through whitebox code analysis and architectural risk analysis to de facto process-driven standards like
the Building Security In Maturity Model (BSIMM). Software had a very deep impact on business operations, and it
appears that AI is going to have an even deeper impact. Will a software security-like measurement move work for
AI? Probably. In the meantime we can make real progress in AI security by cleaning up our WHAT piles and managing risk by identifying and applying good assurance processes. (Spoiler alert: no matter what we do, we still don’t
get a security meter for AI, so we need to be extra vigilant about security.) — Read More

#cyber