Exclusive: Cisco lays out new framework for securing AI

Driving the news: Cisco unveiled its new Integrated AI Security and Safety Framework Tuesday, providing a guide for how teams can identify threats like prompt injection, jailbreaking and training data poisoning.

Zoom in: The framework maps out nearly 20 umbrellas of possible tactics and techniques that adversaries could use to target the new AI tools that enterprises are deploying onto their networks.

• For each of those tactics, Cisco lays out what existing indicators security teams should look out for — which subsequently helps them determine what tools they need to deploy.

Between the lines: Cisco isn't the first organization to establish a security framework just for AI, but many of the most popular ones are missing at least one crucial element, Amy Chang, who leads AI security research at Cisco, told Axios.

• For instance, the popular Mitre Atlas framework doesn't include information about AI content safety or multi-modal attacks, according to a report Cisco released alongside the new framework.
• "We just found the existing frameworks to be insufficient," Chang said.

• She added that her team wanted to map out the potential security threats in "an intuitive way" so anyone from an executive to a security practitioner would find value in the tool.

What's next: Cisco is mapping its AI Defense tool to fit the new taxonomy established in the framework, and Cisco's researchers are actively working with other standards bodies to adopt one another's proposals.

• Chang said that Cisco is also building out its catalog of mitigations and best practices for identifying attacks targeting AI systems in the wild.

Go deeper: Cybersecurity industry preps for autonomous AI attacks