Deploying artificial intelligence (AI) systems securely

16 April 2024

The National Cyber Security Centre has released joint guidance on securely deploying artificial intelligence (AI) systems, with the following international partners:

The rapid adoption, deployment, and use of AI technologies make them highly valuable targets for malicious cyber actors. These actors, who have previously stolen sensitive information and intellectual property to advance their interests, may seek to compromise deployed AI systems and apply them to malicious ends.

Malicious actors may exploit both AI-specific vulnerabilities and common techniques used against traditional IT systems. Because of the large range of potential attack methods, defences need to be diverse and comprehensive. Advanced malicious actors often combine multiple techniques to carry out more complex operations, increasing their chances of bypassing layered defences.

This guidance outlines practical approaches for protecting data and AI systems, and for responding to malicious activity. This builds on earlier AI guidelines we’ve issued alongside international partners, such as:

Guidelines for Secure AI System Development External Link , and

Engaging with Artificial Intelligence (AI). This guidance aims to improve the confidentiality and integrity of AI systems, and to provide confidence that known vulnerabilities are mitigated.

In this report, ‘AI systems’ refers specifically to machine learning (ML)-based AI systems. The guidance is most relevant to organisations that deploy and operate externally developed AI systems on premises or in private cloud environments — especially those in high-threat, high-value sectors. It is not intended for organisations that consume AI services operated by external providers.

Deploying AI Systems Securely [PDF, 494 KB]

Related information

Engaging in artificial intelligence
AI data security