Publication
Cybersecurity of AI and Standarisation
The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in standardisation.
The report describes the standardisation landscape covering AI, by depicting the activities of the main Standards-Developing Organisations (SDOs) that seem to be guided by concern about insufficient knowledge of the application of existing techniques to counter threats and vulnerabilities arising from AI.
The report argues that existing general purpose technical and organisational standards (such as ISO-IEC 27001 and ISO-IEC 9001) can contribute to mitigating some of the risks faced by AI with the help of specific guidance on how they can be applied in an AI context. This consideration stems from the fact that, in essence, AI is software and therefore software security measures can be transposed to the AI domain.
