Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
USA: Senators introduce bill on Secure AI Act of 2024 to Congress
On May 1, 2024, U.S. Senators Mark Warner and Thom Tillis announced the introduction of the bill for the Secure Artificial Intelligence Act of 2024 to the U.S. Congress. In particular, the bill aims to improve the tracking and processing of security and safety incidents and risks associated with artificial intelligence (AI).
What is the scope of the bill?
The bill defines an 'artificial intelligence security incident' as an event that increases:
- the risk that the operation of an AI system occurs in a way that enables the extraction of information about the behavior or characteristics of an AI system by a third party; or
- the ability of a third party to manipulate an AI system in order to subvert the confidentiality, integrity, or availability of an AI system or adjacent system.
An 'artificial intelligence security vulnerability' is defined as a weakness in an AI system that could be exploited by a third party to subvert, without authorization, the confidentiality, integrity, or availability of an AI system, including through techniques such as:
- data poisoning;
- evasion attacks;
- privacy-based attacks; and
- abuse attacks.
What are the provisions of the bill?
The bill predominately provides for the establishment of a supervisory authority and regulatory tracking mechanisms for AI.
Specifically, the bill provides for the establishment of an Artificial Intelligence Security Center (the Center) within the Cybersecurity Collaboration Center of the National Security Agency (NSA). The Center is noted to be responsible for developing guidance to prevent or mitigate counter-AI techniques and promote secure AI adoption practices.
In addition, the bill stipulates that the National Institute of Standards and Technology (NIST) must update the National Vulnerability Database (NVD) to incorporate AI security vulnerabilities and identify characteristics of AI that make utilization of the NVD inappropriate for vulnerability management. Similarly, the bill directs the Cybersecurity and Infrastructure Security Agency (CISA) to develop a voluntary database to publicly track AI security and safety incidents.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
