Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion
a week ago
a week ago

Security baseline for AI

The Canadian Centre for Cyber Security just released some guidance on Security for AI.

 

https://www.cyber.gc.ca/en/guidance/generative-artificial-intelligence-ai-itsap00041

 

I feel this is a great baseline to build on.

 

Thoughts?

 

d

 

Reply
1 Reply
riffjim4069
Contributor I
a week ago
a week ago

My thoughts? The Canadian guidance (ITSAP.00.041) is a high-level awareness document, useful for non-technical audiences, but insufficient for cybersecurity and IT professionals seeking deep, operational guidance.  It's adequate for awareness – It clearly defines generative AI, high-level risks (e.g., hallucinations, bias, misinformation), and broad mitigation strategies.

However, it's weak for practitioners – Lacks specifics on:

  • Secure prompt engineering or guardrails
  • Detailed threat models (e.g., prompt injection, model poisoning)
  • Platform hardening, logging, secure deployment patterns
  • Nothing on operationalizing controls or threat detection

For practical, security-heavy GenAI adoption, folks should reference:

  • NIST AI RMF + GenAI Profile + Cyber AI Profile
  • MITRE SAFE‑AI & ATLAS
  • OWASP GenAI Top 10
  • CSA Prompt Guardrails
  • ISO 42001 (governance)
  • EU AI Act (high-risk model requirements)

Just my two-cents.  

Cheers!

Reply