South Korea's Ministry of Science and ICT said on Thursday it will launch support programmes with the Korea Internet & Security Agency (KISA) to help improve security levels at small and medium-sized companies. The move follows up on the "AI-based cyber threat response private-sector information security promotion plan" announced at the 9th meeting of science and technology-related ministers on May 29.

Any domestic SME with insufficient security conditions can use the programmes for free. The seven programmes are a security investment guide, attack surface checks, software supply chain security system diagnostics, information security support for SMEs, AI vulnerability testing infrastructure, penetration testing and security vulnerability checks.

The security investment guide, offered as a web tool, allows companies to self-diagnose their security level and check investment priorities by budget. It is available on the regional information security centre website.

The attack surface check analyses vulnerabilities that can become channels for external hacking and presents response directions. Applications can be submitted through the KISA Protectorate website or at 16 regional information security support centres nationwide. The application deadline is Dec. 11 this year.

Software supply chain security system diagnostics provides open-source vulnerability checks, secure coding and dynamic diagnostics, and development environment checks. Software developers can apply through Protectorate, with priority support for SMEs.

The information security support programme for SMEs provides information security consulting, an IT security package (installed type) and an SECaaS package (subscription type) to SMEs in regions that have experienced security incidents or where security threats have been detected. It targets 100 companies for consulting and the IT security package and 400 companies for SECaaS, and will accept applications from late June on the regional information security centre website.

The AI vulnerability testing infrastructure provides an environment to check security vulnerabilities in SME software products using frontier AI models. Reservations will be available from July on the Information Security Industry Promotion Portal. Vulnerability testing tools and a software bill of materials generation tool can also be used for free at KISA's Garak office Information Security Industry Support Center and at the Pangyo Information Security Cluster.

Penetration testing supports practical checks using real hacking techniques for SMEs holding national strategic technologies and SMEs in sectors closely related to people's daily lives such as healthcare, telecommunications and education. With a target of 100 companies, applications can be submitted through the Win-Win Nuri website, and the programme will end once the budget is exhausted.

The security vulnerability check finds vulnerabilities in websites, apps and development and operations environments and provides technical support for remedial action. With a target of 250 companies, applications can be submitted through Protectorate, and the programme will end once the budget is exhausted.

Lim Jung-kyu (임정규), director general for information security network policy at the Ministry of Science and ICT, said SMEs with limited resources are inevitably more vulnerable to AI security threats. He said the ministry will work actively so that many companies can benefit.