|
Work item:
|
X.sgGenAI
|
|
Subject/title:
|
Security Guidelines for Generative Artificial Intelligence Application Service
|
|
Status:
|
[Carried to next study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
-
|
|
Liaison:
|
ITU-T SG13, SG16, ISO/IEC JTC 1/SC 27, ISO/IEC JTC 1/SC 42
|
|
Supporting members:
|
China, Alibaba, China Unicom, Soonchunhyang University
|
|
Summary:
|
Nowadays, multiple powerful and versatile Generative AI (GenAI) applications have been released, which adds convenience to our lives significantly. The industry focuses on the rapid implementation of GenAI and uses the powerful capabilities of GenAI application service to achieve high work efficiency.
However, the GenAI application service also faces various unpredictable risks and complex challenges. There are two broad risk classes of GenAI application service: risks of general AI system and specific risks of GenAI application service. Similar to general AI system, GenAI faces data privacy disclosure, model attack risks, and so on. Meanwhile, GenAI application service faces specific risks such as prompt injection attack, abuse violations, API attack and supply chain attack. Therefore, it is necessary to analyze the risks and security requirements of GenAI application service and provide security guidelines to mitigate the identified risks.
Accordingly, this recommendation identifies and outlines a range of potential risks and provides the corresponding security requirements and security guidelines that should be implemented to securely run AI application services.
Nowadays, multiple powerful and versatile Generative AI (GenAI) applications have been released, which adds convenience to our lives significantly. The industry focuses on the rapid implementation of GenAI, and uses the powerful capabilities of GenAI application service to achieve high work efficiency.
However, the GenAI application service also faces various unpredictable risks and complex challenges. There are two broad risk classes of GenAI application service: risks of general AI system and specific risks of GenAI application service. Similar to general AI system, GenAI faces data privacy disclosure, model attack risks, and so on. Meanwhile, GenAI application service faces specific risks such as prompt injection attack, abuse violations, API attack and supply chain attack.. Therefore, it is necessary to analyze the risks and security requirements of GenAI application service, and provide security guidelines to mitigate the identified risks.
Accordingly, this recommendation identifies and outlines a range of potential risks, and provide the corresponding security requirements and security guidelines that should be implemented to securely run AI application services.
|
|
Comment:
|
incubation queue
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2024-03-11 11:49:14
|
|
Last update:
2024-09-25 10:57:43
|
|
