CISA and UK NCSC Collaborate to Release Groundbreaking Guidelines for Secure AI System Development


  • CISA and UK NCSC release joint Guidelines for Secure AI System Development.
  • The collaboration includes 23 cybersecurity organizations.
  • Guidelines emphasize Secure by Design principles and ownership of security outcomes.
  • Applicable to all AI system types, not just advanced models.
  • Offers recommendations for data scientists, developers, managers, and decision-makers.
  • Encourages stakeholders to prioritize secure design in AI system development.
  • CISA invites stakeholders to explore the Guidelines and the AI technology and cybersecurity roadmap.

Main AI News:

In a groundbreaking collaboration, the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) have unveiled the Guidelines for Secure AI System Development. Co-endorsed by 23 domestic and international cybersecurity entities, this release signifies a pivotal moment in addressing the convergence of artificial intelligence (AI), cybersecurity, and critical infrastructure.

These guidelines, which complement the US Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI, offer essential recommendations for AI system development while underscoring the paramount importance of adhering to Secure by Design principles. This approach places a premium on assuming responsibility for security outcomes on behalf of customers, embracing radical transparency and accountability, and establishing organizational structures that prioritize secure design.

It’s worth noting that the guidelines extend their applicability to all categories of AI systems, transcending the realm of frontier models. Within, we furnish data scientists, developers, managers, decision-makers, and risk owners with practical suggestions and mitigations to empower them in making informed choices throughout the lifecycle of their machine learning AI systems, from design and model development to deployment and operation.

Although this document primarily targets AI system providers, be they organizations hosting models or leveraging external application programming interfaces, we urge all stakeholders, including data scientists, developers, managers, decision-makers, and risk owners, to absorb its wisdom. By doing so, they will gain valuable insights to guide their decisions pertaining to the design, deployment, and operation of their machine learning AI systems.

CISA extends an open invitation to stakeholders, partners, and the wider public to delve into the Guidelines for Secure AI System Development, alongside the recently published Roadmap for AI, to gain a deeper understanding of the strategic vision for the intersection of AI technology and cybersecurity in the business landscape.


The release of the “Guidelines for Secure AI System Development” by CISA and UK NCSC signifies a major step in enhancing AI security. This collaborative effort emphasizes the importance of security, transparency, and accountability in AI development. For the market, it means a heightened focus on AI system security and a more responsible approach to AI technology, benefiting both providers and users.