South Korea's Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) published a manual and guidelines to respond to security threats to artificial intelligence (AI) services.
The ministry and KISA said on Tuesday they published an "AI Security Threat Response Manual" and an "AI Security Red-Teaming Guide" to respond effectively to AI service security threats and strengthen on-site security inspection capabilities.
As AI technology spreads rapidly across industries and services, new types of security threats are also increasing, including prompt injection, abuse of privileges and data leaks.
AI security threats are increasing the importance of AI red teams, which identify security vulnerabilities from an attacker’s perspective and develop response measures. An AI red team refers to an organisation that deliberately induces problematic behaviour in an AI model to find vulnerabilities and risks.
The two newly published guides systematically organise key security threats and cases that can occur in AI environments. They focus on inspection and response measures that can be used in the field and on ways to operate red teams.
The AI security threat response manual includes AI security threat classification and diagnosis, industry-specific threat scenarios and response measures by AI security threat. It classifies AI-specific security threats, including data threats, model threats, agent threats, supply chain threats and high-performance model threats, and provides practice-oriented response measures.
The AI security red-teaming guide is a government-issued reference for practitioners seeking to operate AI security red teams. It is based on ISO/IEC 42119-7, an international draft standard for AI red-teaming, to align with internationally accepted criteria.
The red-teaming guide covers the full process of operating AI security red teams, from planning and team composition to preparation, implementation and reporting results. It also includes a red-teaming checklist, inspection tools and job descriptions for red team personnel. The ministry reflected stakeholder opinions and consulted academic experts to improve field usability and expertise.
Lim Jeong-gyu (임정규), director general for information security network policy at the ministry, said security threats are evolving rapidly alongside the spread of AI technology. He said he hopes the guide will raise the security level of AI services and serve as a standard that can be used in the field.