top of page
Search

UK Releases Cyber Security Code of Practice for AI

  • Writer: Katarzyna Celińska
    Katarzyna Celińska
  • 1 day ago
  • 2 min read

The UK Government has published the AI Cyber Security Code of Practice and an accompanying Implementation Guide, offering an actionable, standards-aligned framework to secure AI systems across all phases of their life cycle—from design to decommissioning.

 

🔐 Core Principles:

The Code outlines 13 core security principles:

✅ Raise awareness of AI threats and risks

✅ Design AI for security and performance

✅ Evaluate threats and manage risks

✅ Enable human oversight

✅ Track and protect assets

✅ Secure infrastructure

✅ Secure the supply chain

✅ Document data, models, and prompts

✅ Test and evaluate systems

✅ Communicate with end-users

✅ Apply regular security updates

✅ Monitor AI system behaviour

✅ Ensure secure data/model disposal

 



Each principle is mapped to best practices from global frameworks (NIST, OWASP, ISO/IEC, ETSI, MITRE, and more), bridging AI-specific risks like data poisoning, adversarial manipulation, model inversion, and prompt injection with classic cyber defense principles.

 

🛠️ Implementation Guide:

✅ Includes detailed mappings of threats and controls across AI system types and lifecycles.

✅ Supports role-specific training for developers, data custodians, and security personnel.

✅ Offers integration with industry practices like MITRE ATLAS, NIST AI RMF, and OWASP AI Exchange.

✅ Provides real-world implementation scenarios.

It ensures provisions like logging, access control, secure MLOps, and responsible supply chain practices are clearly aligned to actual risk mitigation techniques.

 

The principles introduced in this code are nothing new for seasoned cybersecurity professionals. Many of the provisions—though framed for AI—echo the timeless truths of cyber hygiene, secure development, and risk governance.

What I truly appreciate is the level of alignment this document offers: it integrates with the best from OWASP, ISO, NIST, and even the AI Act. The implementation guide shows threats, controls, use cases, and references to deeper standards.

AI introduces new threat vectors, but the foundations remain the same. Frameworks, layered defense, governance, and continual testing are just as important. This document is a baseline—but a solid one, especially for organisations preparing to scale or certify their AI capabilities.

 

Read the Full Resources: Link

 

 
 
 

Comments

Stay in touch

kontakt@itgrc.pl

BW ADVISORY sp. z o.o. 

ul. Boczańska 25
03-156 Warszawa
NIP: 525-281-83-52

Privacy policy

  • LinkedIn
  • Youtube
bottom of page