Microsoft rolls out generative AI roadmap for government services

Public policy creating “AI Security Compliance” programs will reduce the risk of attacks on AI systems and lower the impact of successful attacks. Compliance programs would accomplish this by encouraging stakeholders to adopt a set of best practices in securing systems against AI attacks, including considering attack risks and surfaces when deploying AI systems, adopting IT-reforms to make attacks difficult to execute, and creating attack response plans. This program is modeled on existing compliance programs in other industries, such as PCI compliance for securing payment transactions, and would be implemented by appropriate regulatory bodies for their relevant constituents. Microsoft continues to prioritize the development of cloud services that align with US regulatory standards and cater to government requirements for security and compliance.

Unlike input attacks, model poisoning attacks take place while the model is being learned, fundamentally compromising the AI system itself. Imperceivable attacks are highly applicable to targets that the adversary has full control over, such as digital images or manufactured objects. For example, a user posting an illicit image, such as one containing child pornography, can alter the image such that it evades detection by the AI-based content filters, but also remains visually unchanged from the human perspective. This allows the attacker unfettered and, for all practical purposes, unaltered distribution of the content without detection. Taken together, these weaknesses explain why there are no perfect technical fixes for AI attacks.

AWS unveils new enterprise hardware to provide businesses with easy-to-use virtual desktops

For proper enforcement of these laws, governments have put in place regulatory bodies saddled with overseeing compliance. Fines or penalties are meted to organizations for non-compliance due to a breach of data protection rules. Although current laws offer the basics for the protection of data privacy and security, they must progressively evolve to continue to remain relevant with the speed of technological advancements. The interagency council’s membership shall include, at minimum, the heads of the agencies identified in 31 U.S.C. 901(b), the Director of National Intelligence, and other agencies as identified by the Chair.

For example, for a social network that has seen itself mobilized to spread extremist content, it can be expected that input attacks aimed at deceiving its content filters are likely. Regardless of the reason for doing so, placing AI models on edge devices makes protecting them more difficult. Because these edge devices have a physical component (e.g., as is the case with vehicles, weapons, and drones), they may fall into an adversary’s hands. Care must be taken that if these systems are captured or controlled, they cannot be examined or disassembled in order to aid in crafting an attack. In other contexts, such as with consumer products, adversaries will physically own the device along with the model (e.g., an adversary can buy a self-driving car in order to acquire the model that is stored on the vehicle’s on-board computer to help in crafting attacks against other self-driving cars). In this case, care must be taken that adversaries cannot access or manipulate the models stored on systems over which they otherwise have full control.

Governments publish AI security guidelines – and look who’s helped write them

In other contexts, it may be more appropriate and effective for agencies already regulating an industry to manage compliance mandates and details. In the context of self-driving cars, this may fall to DoT or one of its sub-agencies, such as NHTSA. In the context https://www.metadialog.com/governments/ of other consumer applications, this may fall to other agencies such as the FTC. Although law enforcement and the military share many similar AI applications, the law enforcement community faces its own unique set of challenges in securing against AI attacks.

Organizations that must manage complex datasets, particularly those in health care and government, can consider a new suite of solutions from AWS Partner C3 AI, designed to provide secure, efficient information retrieval and analysis. Any intrusion in government databases affects national security and damages the public’s trust. High-risk activities — like AI use in educational fields or training, law enforcement, assistance in legal actions, the management of critical infrastructure and other similar activities — would be allowed, but heavily regulated. There is even an entire section in the AI Act that applies to generative AI, allowing the technology but requiring users to disclose whenever content is AI-generated. The model owners would also need to disclose any copyrighted materials that went into the model’s creation, and would also be prevented from generating illegal content. With a secure cloud fabric, government agencies can create a non-bifurcated infrastructure that allows for a secure, private connection between their different cloud environments, regardless of whether they are hosted on public or private clouds.

Enabling AI Regulation Compliance for Enterprises

In conclusion, balancing the benefits of AI with the need for robust data privacy and security makes the AI-driven world go round. (i)    Within 120 days of the date of this order, the Director of NSF, in collaboration with the Secretary of Energy, shall fund the creation of a Research Coordination Network (RCN) dedicated to advancing privacy research and, in particular, the development, deployment, and scaling of PETs. The RCN shall serve to enable privacy researchers to share information, coordinate and collaborate in research, and develop standards for the privacy-research community. (ii)   Within 90 days of the date of this order, the Secretary of Transportation shall direct appropriate Federal Advisory Committees of the DOT to provide advice on the safe and responsible use of AI in transportation.

• Microsoft on Wednesday launched its new Azure OpenAI Service for government, which the company says will allow federal agencies to use powerful language models including ChatGPT while adhering to stringent security and compliance standards.
• China’s detention and “re-education” of Uighur Muslims in the Xinjiang region serves as a case study for how AI “attacks” could be used to protect against regime-sponsored human rights abuses.
• Governments should collaborate on policy frameworks that promote transparency, accountability, and responsible use of AI technologies.
• The EO also directs many federal regulators to prepare guidelines or rules or regulations for championing safety and security, data privacy, civil rights, and fairness in the use of AI in their specific sectors — all of which will arguably impact many private businesses developing or using AI technologies in the US.
• If this history is any indication, the systems holding these models will suffer from similar weaknesses that can lead to the model being easily stolen.
• (d)  The Federal Acquisition Regulatory Council shall, as appropriate and consistent with applicable law, consider amending the Federal Acquisition Regulation to take into account the guidance established under subsection 4.5 of this section.

(B)  issuing guidance, or taking other action as appropriate, in response to any complaints or other reports of noncompliance with Federal nondiscrimination and privacy laws as they relate to AI. Models meet this definition even if they are provided to end users with technical safeguards that attempt to prevent users from taking advantage of the relevant unsafe capabilities. (i)  The term “critical infrastructure” has the meaning set forth in section 1016(e) of the USA PATRIOT Act of 2001, 42 U.S.C. 5195c(e). (f)  The term “commercially available information” means any information or data about an individual or group of individuals, including an individual’s or group of individuals’ device or location, that is made available or obtainable and sold, leased, or licensed to the general public or to governmental or non-governmental entities. (a)  The term “agency” means each agency described in 44 U.S.C. 3502(1), except for the independent regulatory agencies described in 44 U.S.C. 3502(5).

Subscribe to Privacy Compliance & Data Security

While hardening soft targets will raise the difficulty of executing attacks, attacks will still occur and must be detected. Policymakers should encourage improved intrusion detection for the systems holding these critical assets, and the design of methods profiling anomalous behavior to detect when attacks are being formulated. While an ounce of prevention is worth a pound of cure, it is imperative to know when prevention has failed so that the system operator can take the necessary mitigation steps before the adversary has time to execute an attack. After data is collected, it generally requires processing to prepare it for use with training AI systems. This preparation process presents opportunities to steal or poison the dataset and, therefore, the downstream AI system. These reviews should be formal, identify emerging ways data can be weaponized against systems, and be used to shape data collection and use practices.

It provides a secure and private multi-cloud connection that supports both data lakes and AI infrastructure. By leveraging this technology, government agencies can unlock the full potential of cloud-based resources, while still maintaining the security, privacy, and compliance requirements that are essential to their mission. Because of this, secure cloud fabric is likely to play an increasingly important role in the federal government’s digital transformation efforts in the years to come.

If an attacker poisons the dataset by changing some of the images of “Alice” to ones of “Bob,” the system would fail in its mission because it would learn to identify Bob as Alice. Therefore Bob would be incorrectly authenticated as Alice when the system was deployed. The platform is further enriched with “functional intelligence” through integration with leading enterprise solutions, including with ServiceNow’s Virtual Agent platform to augment employee and customer service access. An additional overlay of “domain-specific intelligence” is rolling out to support workflow augmentation in strict security, defense and public sector organizations, and includes a new partnership with Ask Sage, Inc. which specializes in enhancing decision quality and accelerating response times in public sector organizations. Generative AI can help government reimagine and transform government services in critical areas, including HHS, education, sustainability and more.

For this reason, we believe in the added benefit for both our public and private partners to embrace the global impact of Conversational AI – again, review the unexhaustive list of benefits above. Another alternative is to work with a trusted provider of AI solutions designed specifically for local government agencies. To mitigate the skills gap issue, local government agencies must invest in upskilling their workforce, fostering partnerships with academic institutions and industry leaders, and attracting and retaining top AI talent.

Scale content creation and understanding.

Furthermore, OMB has been further tasked with establishing systems to ensure agency compliance with guidance on AI technologies, including ensuring agency contracts for purchasing AI systems align with all legal and regulatory requirements and yearly cataloging of agency AI use cases. However, it also has requirements that extend towards US Government contractors who work with these agencies and departments. With care, transparency, and responsible leadership, conversational AI can unlock a brighter future, one where high-quality public services are profoundly more accessible, inclusive, and personalized for all. With careful adoption, conversational AI enables public sector agencies to deliver better services to citizens through automation and data-driven insights. The technology opens the door for more efficient, inclusive, and responsive governance. Within the public sector, conversational AI has the potential to augment and even fully automate aspects of citizen services by providing 24/7 support for everyday administrative tasks.

Finally, local governments should regularly review their generative AI security policies to remain up-to-date and aligned with evolving security threats and best practices. Our Enterprise license is ideal for government bodies who require multiple teams, as it leverages our unique Hub & Spoke architecture. Each team operates their GRC activities from a dedicated Spoke, ensuring data and operational separation with unrestricted access to modules, users, content, audits and a powerful AI engine, all connected to a central Hub for centralized administration, content management, and aggregate reporting. “In the next few months, we want to have some research completed that helps people understand generative AI from a definitional context. The capabilities offered by Azure OpenAI Service can significantly benefit government customers. These include accelerating content generation, streamlining content summarization, optimizing semantic search, and simplifying code generation.