b'Deploying AI Systems Securely TLP:CLEARPrepare for high availability (HA) and disaster recovery (DR)Use an immutable backup storage system, depending on the requirements of the system, to ensure that every object, especially log data, is immutable and cannot be changed [CPG 2.R]. [2] Plan secure delete capabilities Perform autonomous and irretrievable deletion of components, such as training and validation models or cryptographic keys, without any retention or remnants at the completion of any process where data and models are exposed or accessible. [19] Conclusion The authoring agencies advise organizations deploying AI systems to implement robust security measures capable of both preventing theft of sensitive data and mitigating misuse of AI systems. For example, model weights, the learnable parameters of a deep neural network, are a particularly critical component to protect. They uniquely represent the result of many costly and challenging prerequisites for training advanced AI models, including significant compute resources; collected, processed, and potentially sensitive training data; and algorithmic optimizations. AI systems are software systems. As such, deploying organizations should prefer systems that are secure by design, where the designer and developer of the AI system takes an active interest in the positive security outcomes for the system once in operation. [7] Although comprehensive implementation of security measures for all relevant attack vectors is necessary to avoid significant security gaps, and best practices will change as the AI field and techniques evolve, the following summarizes some particularly important measures:Conduct ongoing compromise assessments on all devices where privileged access is used or critical services are performed. Harden and update the IT deployment environment. Review the source of AI models and supply chain security.Validate the AI system before deployment. Enforce strict access controls and API security for the AI system, employing the concepts of least privilege and defense-in-depth. TLP:CLEARU/OO/143395-24 | PP-24-1538 | April 2024 Ver. 1.09'