Deputy Editor, Infosecurity Magazine
AI research in the UK is vulnerable to nation-state hackers seeking to steal sensitive data and insights, a new report by the Alan Turing Institute has warned.
The Institute urged the government and academia to develop a long-term strategy to address systemic cultural and structural security barriers to effective AI research security.
The researchers noted that the UK’s “world-leading AI research ecosystem” is a high priority target for state threat actors who are looking to use the technology for malicious purposes.
Access to the underlying sensitive datasets used to train AI model could also provide strategic insights that impact defense planning and intelligence efforts.
China, Russia, North Korea and Iran are the states that pose the great threat to AI academic research, the Institute said.
Despite these risks, there are currently major constraints to AI research cybersecurity. These are creating opportunities for state threat actors to acquire knowledge or steal intellectual property (IP).
Much of this is born out of a “fundamental tension” between academic freedom and research security, according to the researchers.
The researchers noted that academics are under significant pressure to provide transparency about the data and methods they used to make their findings. Academic journals will often reject submissions where data and code are not made available.
These transparency practices “embed an inherent vulnerability in academic culture,” as threat actors can use this underlying data and described techniques for malicious purposes.
Informal peer-to-peer academic collaborations compound this issue due to the information-sharing culture of academia in early-stage research, the researchers added.
The report also found that academic research security can be more resource-intensive than other forms of due diligence because of the myriad considerations required to understand the potential risks.
This includes the large number of government departments involved in research security, which creates friction for academics and professional services staff seeking guidance.
This friction has resulted in a lack of incentives for researchers to follow non-binding government-issued security guidance.
Another major barrier is the lack awareness of the security threat to AI research within the academic community.
Individual academics often have to make personal judgements on the risks of their research, which can be challenging to do in practice.
“It is difficult for researchers to foresee and quantify the risks stemming from early-stage research – and understanding how research may be exploited by adversaries is not an easy task,” the report noted.
A lack of access to funding and poor talent retention in academia also introduces new vulnerabilities relating to research security.
Academics are sometimes incentivized to accept funding from dubious sources or accept higher-paid roles at organizations that that can then exploit their insight and expertise.
These organizations may be linked to nation-states with malicious intentions around AI research.
The report provided several recommendations for the UK government and academia to strike a balance between the open nature of academic AI research and effective research security practices.
These include:
About The Author
More Stories
Solving Crime Without Breaking Encryption
Community Snapshot—May
From Refugee to Digital Leader: How Justin Is Helping to Connect Rhino Camp