Microsoft Empowers Government Agencies with Secure Access to Generative AI Capabilities

However, in other contexts, such as in industry settings where parties have shown a disregard and inability to address other cyber risks, these discussions may need to be forced by an outside regulatory body such as the FTC. Policymakers and industry alike must study and reevaluate the planed role of AI in many applications. In the simplest scenarios where a central repository holds the datasets and other important assets, the vanilla intrusion detection methods that are currently a mainstay of cybersecurity can be applied. In this simple case, if assets such as datasets or models are accessed by an unauthorized party, this should be noted immediately and the proper steps should be taken in response. In the context of AI attacks, if the development of the AI attack is believed to be so sophisticated that no other entity is expected to be able to craft the attack on its own, diffusion risks exist.

According to those from the GAO and the educational institutions that helped to draft the framework, the most responsible uses of AI in government should be centered around four complimentary principles — governance, data, performance and monitoring — all of which are covered in detail within the GAO framework. There is little doubt that the emerging science of artificial intelligence is continuing to advance and grow, both in capabilities and the number of things that AI is being tasked with doing. And this is happening at lightning speed, despite there being little to no regulation in place to govern its use.

Microsoft Empowers Government Agencies with Secure Access to Generative AI Capabilities

In fact, we are honored to be recognized by Gartner® in their 2023 Gartner® Magic Quadrant™ for Strategic Cloud Platform Services (SCPS).¹ We feel that IBM’s positioning in this report is a strong acknowledgement of our strategy. At the same time, we’re helping clients embrace AI securely to fuel business transformation. Earlier this year, we unveiled watsonx running on IBM Cloud to help enterprises train, tune and deploy AI models, while scaling workloads.

Through various partnerships, the NHS set up the National COVID-19 Chest Imaging Database (NCCID), an open-source database of chest X-rays of COVID patients across the UK. This initiative aimed to develop deep learning techniques meant to provide better care for hospitalized COVID-19 patients. This includes monitoring weight, height, blood glucose, stress levels, heart rate, etc., and feeding this information to AI healthcare systems, which can notify doctors of any possible risks. Or, more relevantly, resembling the online personal data collection situation in the late 2000s, when nearly everyone would collect all they could lay their hands on. Another framework that has gotten a lot of attention, although it has no legal power, is the White House Office of Science and Technology Policy’s AI Bill of Rights. The framework does not give specific advice but instead provides general rules about how AI should be employed and how it should be allowed or restricted from working with humans.

DHS releases commercial generative AI guidance and is experimenting with building its own models

Effective frontier AI regulation would require that developers of the most capable systems make a substantial effort, using a significant amount of resources, to understand the risks their systems might pose—in particular by evaluating whether their systems have dangerous capabilities or are insufficiently controllable. These risk assessments should receive thorough external scrutiny from independent experts and researchers and inform regulatory decisions about whether new models are deployed and, if so, with what safeguards. From a practical standpoint, government agencies should take control of educating and interfacing with affected constituents, as each group has unique concerns and circumstances. These agencies should be the DoD, FTC, and DoJ for the military, consumer, and law enforcement communities, respectively.

These controls are not IBM’s—they are the industry’s collective controls and we’ve made them available on multiple clouds (public or private) with IBM Cloud Satellite. As we look ahead to 2024, enterprises around the world are undoubtedly evaluating their progress and creating a growth plan for the year to come. For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind. Similar discussions must occur in regard to the integration of AI into other applications, but not necessarily with the end goal of reaching binary use/don’t use outcomes.

Even in the case when the dataset is collected privately and verified, an attacker may hack into the system where the data is being stored and introduce poisoned samples, or seek to corrupt otherwise valid samples. In some settings, attacks on physical objects may require larger, coarser attack patterns. This is because these physical objects must first be digitized, for example with a camera or sensor, to be fed into the AI algorithm, a process that can destroy finer level detail. However, even with this digitization requirement, attacks may still be difficult to perceive. The “attack turtle” that is incorrectly classified as a rifle in the example shown below is one such example of a physical attack that is nearly invisible.

With the Temenos Payments Hub now on IBM Cloud for Financial Services, the solution is available across IBM’s hybrid cloud infrastructure, running on Red Hat OpenShift with IBM Power and LinuxONE. Additionally, as organizations look to modernize their trade finance journeys, we have leveraged the breadth of IBM’s technology and consulting capabilities to develop a platform for the industry. We recently introduced the IBM Connected Trade Platform, designed to power the digitization of trade and supply chain financing and help organizations to transition from a fragmented to a data-driven supply chain. There is a growing global consensus that the most advanced AI systems require special attention. In July 2023, the Biden administration invited the leaders of seven frontier AI companies to the White House and had them voluntarily commit to a set of practices to increase the safety of their systems.

In the latest weekly update, editors at Information Security Media Group examine policies in the U.S. and Europe that could regulate AI, recent developments within the EU cybersecurity and privacy policy arena, and the disparities between the perspectives of business leaders and cybersecurity leaders on the security landscape. While there is still a long way to go in scaling the adoption of this technology, the potential benefits of implementing AI in government agencies are numerous. The challenges of regulating AI are formidable, with the EU’s forthcoming AI Act and the track record of American Congress reflecting the complexity of the task at hand. Public and private sector collaboration is key to bridging the regulatory gaps and ensuring that AI benefits society while safeguarding data privacy.

• And new AI applications will necessitate frequent revisions of regulations as they arise.
• Thanks to technological advancements like computer vision, object detection, drone tracking, and camera-based traffic systems, government organizations can analyze crash data and highlight areas with a high likelihood of accidents.
• This experience will be essential in preparing for the next potential conflict given that the U.S. is unlikely to gain battlefield experience with AI attacks, both on the receiving and transmitting end, until it is already in a military conflict with an advanced adversary.
• In areas requiring more regulatory oversight, regulators should write domain specific tests and evaluation metrics to be used.
• Such protections are especially important in critical fields like healthcare, financial services, education, housing, law, and transportation, where mistakes by or misuse of AI could harm patients, cost consumers or small businesses, or jeopardize safety or rights.
• What’s more, our unique and flexible Hub & Spoke architecture provides the perfect integrated and flexible GRC solution for segregating services and departments, ensuring alignment with how you work.

Radar is the industry’s most advanced offering to secure and manage risk in your AI applications, with visibility and auditability features to ensure your AI remains protected. Its advanced policy engine enables efficient risk management across regulatory, technical, operational and reputational domains. Radar empowers your teams to quickly detect and respond across the entire AI lifecycle. It is vendor neutral, works across ML vendors/tools, and can be easily deployed in your environment.

Why AI governance is crucial

Agencies need to access the latest computational infrastructure to scale and innovate – without overhauling on-prem investments, moving sensitive data, or vendor lock-in. Furthermore, citizens need to seek to educate themselves about privacy settings on social media platforms and other online services they use frequently. Taking the time to review and adjust these settings can curtail the amount of personal information that is publicly available. Steps taken by governments to address data privacy and security concerns are crucial in an AI-driven world.

• As shown in the figure below, this is done by adding an “attack pattern” to the input, such as placing tape on a stop sign at an intersection or adding small changes to a digital photo being uploaded to a social network.
• If this dataset was later compromised, administrators would immediately know what other systems are vulnerable and need to be addressed.
• There is immense potential to democratize AI advancements, giving people and private companies more autonomy rather than relying on major tech companies.
• The role of regulators should be to probe the evidence presented to them and determine what risks are acceptable.
• The new Azure OpenAI Service in Azure Government will enable the latest generative AI capabilities, including GPT-3.5 Turbo and GPT-4 models, for customers requiring higher levels of compliance and isolation.
• These attacks give adversaries free reign to employ these platforms with abandon, and leave these societal platforms unprotected when protection is needed more than ever.

Read more about Secure and Compliant AI for Governments here.