Page 83 - AI Standards for Global Impact: From Governance to Action
P. 83
AI Standards for Global Impact: From Governance to Action
12 Challenging the status quo of AI security
ITU-T Study Group 17 (Security) organized a workshop on “Challenging the status quo of AI
security” highlighting the dual impact of AI on security: AI not only poses threats (such as Part 2: Thematic AI
exacerbating social engineering attacks and now the first sophisticated attack automation
including adaptative code generation) but also brings opportunities of new paths for solving
security problems.
The workshop aimed to tackle key current issues with contributions from attendees to be
compiled into a report guiding future AI security directions. The core significance here resides
in facilitating a transition from a surface range of technologies towards the consolidation of
a streamlined set of solutions, principles, and recommendations. This aims to reduce market
inefficiencies and unnecessary losses of capital, resources, and time stemming from redundant
endeavours.
With expert speakers and panelists from industry and academia organizations, this workshop
was structured around prominent and emerging aspects of AI, and in particular agentic and
multi-agentic AI, its associated digital identity, security, and trust aspects and future directions.
It will provide guidance for subsequent technological integration, international cooperation,
and directions for related standardization work. All the presentations made at the workshop
can be accessed here.
12�1 Keynote: Framing agentic AI and identity with a strategic lens
Two mental models were presented: OODA (Observe, Orient, Decide, and Act) Loop and DIKW
(Data, Information, Knowledge, and Wisdom) Pyramid as a broader context for greater clarity
on how to understand challenges with agentic AI and identity. The Cynefin framework was also
introduced as a tool to assess the right time for standardization and what new standards may
be needed.
Key takeaways:
a) Mental models are essential to frame a common understanding and help form a
consensus across contributors to design the appropriate meta-model, like how the
open systems interconnection (OSI) model for networks’ interconnection in ITU-T X.200-
series Recommendations was designed 40 years ago, before all the constituencies of
the standards are produced and agreed. This time this is about an OSI model for AI or
agentic AI.
b) As AI capabilities are centred around knowledge, corresponding control measures should
also be knowledge oriented.
c) In the Cynefin Framework, standards are premature in chaotic, and it is also somewhat
early in complex. The real opportunity for standards arises when moving from complex to
complicated, and they become more effective when moving from complicated to clear.
Agentic AI is currently between chaotic and complex.
d) When using the meta/mental model of sensing, sense making, decision making and
acting, the evolution of AI until its full maturity with agentic AI shows standardization gaps.
e) There may be patterns to follow in setting standards, such as drawing lessons from existing
meta models (e.g. OSI model for Networks, Cyber Defence Matrix, etc.) and considering
the commonalities across different AI approaches.
f) Compared to traditional cyber defence, AI system has greater context, which means
shifting from Data and Information to Knowledge and Wisdom in the so-called DIKW
71
