My responses to the eighth and final theme of the Canada AI Survey, focusing on the security of Canadian infrastructure and capacity.
This is part 8 of “Responses to the Canada AI Survey” - a series containing my responses to the eight themes of the Canadian government’s public consultation on artificial intelligence.
Theme 8: Security of the Canadian Infrastructure and Capacity
Q1: What are the emerging security risks associated with AI, and how can Canada proactively mitigate future threats?
Every application of AI that is deployed becomes a new attack surface. This is particularly challenging when this AI is non-deterministic. Doubly so if the software was written with AI tools.
However, we cannot guard against tools and content we don’t create. Phishing and impersonation attempts are already clear examples, where the level of sophistication has increased with the help of AI.
Q2: How can Canada strengthen cybersecurity and safeguard critical infrastructure, data and models in the age of AI?
Canada should further strengthen software development practices in the face of the following which each create new ways for security holes to appear: 1) AI software development tooling 2) Deployed AI models and functions these models perform 3) data these models ingest to guard against threats such as prompt injection.
We need strong, human-coded guardrails for each use case and deployment. Cybersecurity professionals are sufficiently spooked by the dangers of AI. We need to extend current practices in both preventing and addressing security flaws.
Q3: Where can AI better position Canada’s protection and defence? What will be required to have a strong AI defensive posture?
There has been a large, but mostly fruitless effort, to detect AI. However, as we move from assuming content is real to assuming it is fake until proven otherwise, it starts making sense to start authenticating real content instead. Certain sectors should have policies and interoperable systems for content provenance and authenticity. These can be for strictly internal use, but also can benefit the wider public, particularly in the media landscape.