AI 系统安全指南

组织应了解AI带来的潜在安全风险，以便做出明智的采纳决策。

Organisations should understand the potential security risks posed by AI, in order to make informed decisions about adoption.

系统所有者应识别AI相关的安全风险，并在AI生命周期的每个阶段制定缓解指南。

System owners adopting or considering the adoption of AI systems should identify potential security risks associated with the use of AI and set out guidelines for mitigating security risks at each stage of the AI lifecycle.

向所有人员（包括开发人员、系统所有者和高级领导）提供关于AI安全风险的充分培训和指导。

Provide adequate training and guidance on the security risks of AI to all personnel, including developers, system owners and senior leaders.

风险管理策略应基于安全风险评估，以确定关键风险和优先级。

Risk management strategies should be informed by a security risk assessment, which will help to determine key risks and priorities.

根据相关行业标准/最佳实践，应用整体流程对AI系统的威胁和风险进行建模。

Apply a holistic process to model threats and risks to an AI system, in accordance with relevant industry standards/best practices.

保护AI安全是在良好的经典网络安全卫生之外的额外要求。

Securing AI is in addition to practising good ‘classical’ cybersecurity hygiene.

确保供应商遵守安全政策和国际认可的标准，或以其他方式适当管理风险。

Ensure that suppliers adhere to security policies and internationally recognised standards, or that risks are otherwise appropriately managed.

评估并监控AI系统供应链在其生命周期中的潜在安全风险。

Assess and monitor potential security risks of the AI system’s supply chain across its life cycle.

考虑评估供应链组件（例如通过软件物料清单、代码检查或漏洞数据库）。

Consider evaluating supply chain components (e.g. through Software Bills of Material [SBOM], code checking, or against vulnerability databases).

在选择合适模型时，考虑安全收益和权衡。

Consider security benefits and trade-offs when selecting the appropriate model to use.

在开发或选择AI模型时，考虑影响安全性的因素（如复杂性、可解释性、可解释性和训练数据的敏感性）。

When developing or selecting an appropriate AI model for your system, consider factors which may affect its security (such as complexity, explainability, interpretability, and sensitivity of training data).

了解AI相关资产的价值，包括模型、数据、提示、日志和评估。

Understand the value of AI-related assets, including models, data, prompts, logs and assessments.

识别、跟踪和保护AI相关资产。

Identify, track and protect AI-related assets.

建立流程来跟踪、认证、版本控制和安全保护资产。

Have processes to track, authenticate, version control, and secure assets.

应用标准基础设施安全原则，如实施适当的访问控制和日志/监控、环境隔离以及默认安全配置。

Apply standard infrastructure security principles, such as implementing appropriate access controls and logging/monitoring, segregation of environments, and secure-by-default configurations.

系统所有者应继续利用这些资源建立对安全威胁的认识，以更好地理解可能影响其采用AI的新兴风险。

System owners should continue to build their awareness of security threats using these resources, to better understand emerging risks that may have implications on their adoption of AI.

保护AI系统的任何尝试都应建立在传统良好网络安全卫生的基础上，例如实施最小权限原则、多因素认证、持续安全监控和审计。

Any attempt to secure an AI system should be on top of the ‘traditional’ good cybersecurity hygiene, such as implementing the principle of least privileges, multi-factor authentication, continuous security monitoring and auditing.

AI系统生命周期中的所有利益相关者应努力更好地理解安全威胁及其对预期结果的潜在影响，以及需要做出的决策或权衡。

All stakeholders involved across the lifecycle of an AI system should seek to better understand the security threats and their potential impact on the desired outcomes of the AI system, and what decisions or trade-offs will need to be made.

系统所有者应采取生命周期方法来考虑安全风险。

System owners should take a lifecycle approach to consider security risks.

应用标准基础设施安全原则，如访问控制和日志/监控、环境隔离、默认安全配置和防火墙。

Apply standard infrastructure security principles, such as access controls and logging/monitoring, segregation of environments, secure-by-default configurations, and firewalls.

系统所有者应制定适当的应急响应、升级和补救计划。

System owners should put in place appropriate incident response, escalation and remediation plans.

组织应考虑比传统系统更频繁地进行风险评估。

Organisations should consider conducting risk assessments more frequently than for conventional systems, even if they generally base their risk assessment approach on existing governance and policies.

系统所有者应将此视为保护AI采用的关键问题。

System owners should read these as key issues to consider in securing their adoption of AI.

良好做法是仅在经过适当有效的安全检查和评估后才发布模型、应用程序或系统。

A good practice is to release models, applications or systems only after subjecting them to appropriate and effective security checks and evaluation.

系统所有者应根据具体情况应用这些指南，并可参考《保护AI系统配套指南》以获取潜在控制措施。

System owners should apply these to their specific context, and can reference the Companion Guide to Securing AI systems for potential controls.

AI系统所有者可能希望监控并记录AI系统的输入，如查询、提示和请求，因为第三方提供商可能出于隐私原因不这样做。

AI system owners may wish to monitor and log inputs to the AI system, such as queries, prompts and requests, as third-party providers may not do so due to privacy reasons.

运营者应监控可能表明入侵、妥协或数据漂移的异常行为。

Operators should monitor for anomalous behaviour that might indicate intrusions, compromise, or data drift.

系统所有者应确保已考虑并适当管理与模型更新相关的风险。

System owners should ensure that risks associated to model updates have been considered and appropriately managed.

应建立反馈流程，供用户分享任何值得关注的发现，这可能揭示系统的潜在漏洞。

There should be a feedback process for users to share any findings of concern, which might uncover potential vulnerabilities to the system.

应按照相关行业标准或法规，妥善安全地处置/销毁数据和模型。

There should be proper and secure disposal/destruction of data and models in accordance with relevant industry standards or regulations.

AI应默认安全且设计安全。

AI should be secure by design and secure by default, as with all software systems.

系统所有者应考虑这些关键原则，以便在采用AI时做出明智决策。

System owners should consider these key principles to make informed decisions on their adoption of AI vis-à-vis the potential risks.

进行风险评估，重点关注与AI系统相关的安全风险。

Conduct a risk assessment, focusing on security risks related to AI systems, either based on best practices or your organisation’s existing Enterprise Risk Assessment/Management Framework.

根据风险等级、影响和可用资源确定风险优先级。

Prioritise which risks to address, based on risk level, impact, and available resources.