b"Deploying AI Systems Securely TLP:CLEARSecure exposed APIsIf the AI system exposes application programming interfaces (APIs), secure them by implementing authentication and authorization mechanisms for API access. Use secure protocols, such as HTTPS with encryption and authentication [CPG 2.C, 2.D, 2.G, 2.H]. [1] Implement validation and sanitization protocols for all input data to reduce the risk of undesired, suspicious, incompatible, or malicious input being passed to the AI system (e.g., prompt injection attacks). [1] Actively monitor model behavior Collect logs to cover inputs, outputs, intermediate states, and errors; automate alerts and triggers [CPG 2.T].Monitor the model's architecture and configuration settings for any unauthorized changes or unexpected modifications that might compromise the model's performance or security. [1] Monitor for attempts to access or elicit data from the AI model or aggregate inference responses. [1] Protect model weights Harden interfaces for accessing model weights to increase the effort it would take for an adversary to exfiltrate the weights. For example, ensure APIs return only the minimal data required for the task to inhibit model inversion. Implement hardware protections for model weight storage as feasible. For example, disable hardware communication capabilities that are not needed and protect against emanation or side channel techniques.Aggressively isolate weight storage. For example, store model weights in a protected storage vault, in a highly restricted zone (HRZ) (i.e., a separate dedicated enclave), or using an HSM [CPG 2.L]. [12] Secure AI operation and maintenance Follow organization-approved IT processes and procedures to deploy the AI system in an approved manner, ensuring the following controls are implemented. TLP:CLEARU/OO/143395-24 | PP-24-1538 | April 2024 Ver. 1.07"