Microsoft, OpenAI, Nvidia join feds for first AI attack simulation
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Maura Losch/Axios
Federal officials, AI model operators and cybersecurity companies ran the first joint simulation of a cyberattack involving a critical AI system last week.
Why it matters: Responding to a cyberattack on an AI-enabled system will require a different playbook than the typical hack, participants told Axios.
The big picture: Both Washington and Silicon Valley are attempting to get ahead of the unique cyber threats facing AI companies before they become more prominent.
- Security has historically taken a back seat as new technologies go mainstream, leaving many companies flat-footed when cyber threats adapt to hit these devices.
- But as AI tools become more commonplace, hackers could use them to speed up attacks and scale them, Clayton Romans, associate director of the Cybersecurity and Infrastructure Security Agency's Joint Cyber Defense Collaborative (JCDC), told Axios.
Inside the room: The JCDC hosted the tabletop exercise Thursday at Microsoft's offices in Reston, Virginia.
- CISA did not publicly disclose what the incident was that participants simulated, as is standard practice with any tabletop exercise.
- Romans said the incident explored the "threats we are seeing now" and how the government and private sector can relay information about those threats.
- More than 50 AI experts across the U.S. government, international government offices and the private sector participated in the four-hour experiment.
- Officials from Amazon Web Services, Microsoft, Nvidia, OpenAI and Palantir were among the participants.
What they're saying: Kyle Wilhoit, director of threat research at Palo Alto Networks' Unit 42, also participated in the exercise.
- "It gave us an opportunity to talk about some of those current threats that we're seeing, and really hypothesize, to some degree, what those new vectors could look like in the future leveraging AI," Wilhoit told Axios.
Between the lines: The tabletop exercise helped CISA decipher who the right people are to contact in the private sector whenever an AI-related incident happens — and vice versa for the private sector, Romans said.
- The exercise also helped identify potential new threats on the horizon, Wilhoit added.
What we're watching: Lessons from the tabletop exercise will inform CISA's forthcoming AI security incident playbook, which is expected to publish before the end of the year.
- The JCDC hopes to host another AI tabletop exercise before releasing the playbook, Romans said.
Go deeper: Cyber companies start fulfilling the promise of AI security
