Coalition for Secure AI (CoSAI) Launched to Improve AI Security

Some of the world’s most influential tech companies have come together to form a coalition on AI security, aiming to enhance the security of this burgeoning technology. The Coalition for Secure AI (CoSAI) has been in the making for about a year, with big tech players like Amazon, Microsoft, Anthropic, OpenAI, and others joining forces to collaborate on AI security efforts.

CoSAI has been described as a “collective investment in AI security” and will focus on three main areas, or “workstreams,” to achieve this goal. These workstreams include security in the AI software supply chain, AI governance, and risk management.

Workstream 1: Security in the AI Software Supply Chain

As part of this workstream, CoSAI will look to aid the management of third-party model risks and expand on the “existing efforts” of supply chain frameworks. This includes extending SLSA provenance to AI models to help identify when AI software is secure and providing an understanding of how it was created and handled in a supply chain.

Workstream 2: AI Governance

CoSAI will also focus on assisting security practitioners in “day-to-day” AI governance challenges by creating clearer pathways to identify investments and mitigation techniques to address the security impact of AI use. This includes creating a taxonomy of AI risks and controls, as well as a checklist and scorecard to help guide practitioners in preparedness, management, and monitoring.

Workstream 3: Risk Management

In this workstream, CoSAI will work to construct a taxonomy of AI risks and controls, as well as a checklist and scorecard to help guide practitioners in preparedness, management, and monitoring. This includes creating clearer pathways to identify investments and mitigation techniques to address the security impact of AI use.

While this initiative is a positive step towards improving AI security, experts have raised concerns about the self-regulatory nature of this body. Peter Wood, CTO at Spectrum Search, pointed out that the principal worry is who is held accountable. “A principal worry is the matter of who’s held accountable. When these tech titans join forces to lay down the law on AI security, there’s the worry that these guidelines could skew towards their benefit rather than that of the public interest,” Wood said.

Wood also noted that without clear transparency, there is a risk that CoSAI is setting standards for its own end. “Without clear transparency, there’s a risk that these self-imposed rules could be less about security and more about managing the story around AI,” he said.

Conclusion

While concerns about the self-regulatory nature of CoSAI are valid, this initiative is a positive step towards improving AI security. It underscores a sector-wide recognition of the importance of AI security and highlights the need for cooperation and collaboration to achieve this goal.

FAQs

Q: What is CoSAI?
A: CoSAI stands for Coalition for Secure AI and is a collaborative effort by some of the world’s most influential tech companies to improve AI security.

Q: What are the main areas of focus for CoSAI?
A: CoSAI will focus on three main areas: security in the AI software supply chain, AI governance, and risk management.

Q: Who are the members of CoSAI?
A: CoSAI includes big tech players like Amazon, Microsoft, Anthropic, OpenAI, and others.

Q: What are the concerns about CoSAI?
A: Experts have raised concerns about the self-regulatory nature of CoSAI, noting that it may be controlled by the same companies that are setting the standards, rather than the public interest.

Q: What does CoSAI aim to achieve?
A: CoSAI aims to improve AI security by creating clear pathways for security practitioners, providing an understanding of how AI software is created and handled in a supply chain, and helping to identify investments and mitigation techniques to address the security impact of AI use.

Q: How will CoSAI achieve its goals?
A: CoSAI will achieve its goals by working together to create standards and guidelines for AI security, providing training and resources for security practitioners, and promoting cooperation and collaboration between member companies.

Q: Is CoSAI a positive step towards improving AI security?
A: Yes, CoSAI is a positive step towards improving AI security. It underscores a sector-wide recognition of the importance of AI security and highlights the need for cooperation and collaboration to achieve this goal.

Q: How will CoSAI ensure transparency?
A: CoSAI will ensure transparency by providing regular updates on its activities, engaging with the public and industry stakeholders, and maintaining an open-door policy for feedback and criticism.