AI弹性：AI安全革命性基准模型 AI Resilience A Revolutionary Benchmarking Model for AI Safety

AIResilience:

ARevolutionaryBenchmarkingModelforAISafety

ThepermanentandofficiallocationfortheAIGovernanceandComplianceWorkingGroupis

/research/working-groups/ai-governance-compliance

©2024CloudSecurityAlliance–AllRightsReserved.Youmaydownload,store,displayonyour

computer,view,print,andlinktotheCloudSecurityAllianceat

subjectto

thefollowing:(a)thedraftmaybeusedsolelyforyourpersonal,informational,noncommercialuse;(b)thedraftmaynotbemodifiedoralteredinanyway;(c)thedraftmaynotberedistributed;and(d)thetrademark,copyrightorothernoticesmaynotberemoved.Youmayquoteportionsofthedraftas

permittedbytheFairUseprovisionsoftheUnitedStatesCopyrightAct,providedthatyouattributetheportionstotheCloudSecurityAlliance.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.2

Acknowledgments

LeadAuthors

Dr.ChantalSpleiss

Contributors

RomeoAyalin

FilipChyla

BeckyGaylord

FrederickHanigRockyHeckmanHadirLabib

LarsRuddikeit

AlexSharpe

AshishVashishtha

Reviewers

SounilYu

DebjyotiMukherjeeMichaelRoza

PeterVentura

UdithWickramasuriyaGovindarajPalanisamyMadhaviNajana

RakeshSharmaDavideScatto

PareshPatel

PiradeepanNagarajanGaetanoBisaz

HongtaoHao,PhDEllePyle

GauravSingh

KenHuang

KennethT.Moras

TolgayKizilelma,PhDAkshayShetty

SauravBhattacharyaPejuOkpamen

GabrielNwajiaku

MeghanaParwate

AkshatVashishtha

HemmaPrafullchandraRenataBudko

DesmondFoo

ScottS.NewmanGianKapoor

ImranBanani

ElierCruz

MadhavChablani

CSAGlobalStaff

RyanGifford

StephenLumpe

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.3

TableofContents

Acknowledgments 3

TableofContents 4

ExecutiveSummary 6

Introduction 6

PartI:UnderstandingtheFoundations 7

Governancevs.Compliance 7

GovernanceandCompliance:aMovingTarget 7

TheLandscapeofAI 9

ABriefHistoryofAI 9

TheLandscapeofAI 10

MachineLearning(ML) 10

TinyMachineLearning(tinyML) 10

DeepLearning(AdvancedML) 10

GenerativeArtificialIntelligence(GenAI) 11

ArtificialGeneralIntelligence(AGI) 11

TheLandscapeofTrainingMethods 11

SupervisedLearning 11

UnsupervisedLearning 12

ReinforcedLearning 12

Semi-supervisedLearning 12

Self-supervisedLearning 12

FederatedLearning 12

TrainingMethodsRegulationsandEthicalConsiderations 13

Licensing,Patenting&CopyrightofAITechnology 14

PartII:Real-WorldCaseStudiesandIndustryChallenges 15

ABriefHistoryofAICaseStudies 15

2016:Microsoft’sTay 15

2018:Amazon’sAIRecruitingToolwasBiasedAgainstWomen 15

2019:TeslaAutopilotAccidents 15

2019:HealthcareAlgorithmRacialBias 16

2019:AllegationsofAppleCardBias 16

2020:BiasedOffenderAssessmentSystems 16

2022:AirCanadaBoundbyChatbot'sRefundPolicy 16

2023:Lawsuit:UnitedHealth'sFaultyAIDeniesElderlyCare 17

2024:Google'sGemini:ALessoninAIBias 17

Industries:Regulations&Challenges 17

Automotive 17

Aviation 18

CriticalInfrastructure&EssentialServices 19

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.4

TheDelicateBalance:Performancevs.Security 19

TheAchillesHeel:IoTandEdgeAI 19

TowardsaFuture-ProofInfrastructure 20

ContinuousEvolution:ThePathAhead 20

TheRoadAhead 20

CurrentInitiatives 21

USExecutiveOrder14110(Oct2023) 21

EUAIAct 21

OECDAIPrinciples 21

TheArtificialIntelligenceandDataAct(AIDA) 21

Defense 22

ArtificialIntelligenceandEmergingTechnologiesinDefense 22

HistoricalRoleofAIinDefense 22

AIRegulationsandDefense 23

Education 24

Finance 24

GuidanceonModelRiskManagementSR11-7 25

Healthcare 27

ExploringTrustworthyAIinHealthcare 28

TrustworthyAIinHealthcareLiterature 28

KeyRequirementsfor“TrustworthyAI” 29

ConsolidatedList 29

ConclusionsfromtheHealthcareLiterature 30

BiasinHealthcare 30

FurtherApplicationsofML/AIinHealthcare 31

PartIII:AIResilienceReframed:BenchmarkingModelInspiredbyEvolution 32

Comparison:BiologicalEvolutionvs.AIDevelopment 32

DiversityandResilienceinAISystems 33

TheChallengeofBenchmarkingAIResilience 33

AIResilience-SuggestedDefinition 33

ProposedAIResilienceScore 34

IntelligenceAwareness 35

FundamentalDifferencesinIntelligentSystems 35

Bibliography 36

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.5

ExecutiveSummary

A(r)evolutionaryAIbenchmarkingmodelisintroducedtonavigatethecomplexlandscapeofAI

governanceandcompliance.Revenue-drivenadvancementsoutpaceregulatoryeffortstoestablish

safeguards,oftenfallingshortinensuringthatAIsystemsaretrulyrobustandtrustworthy.Leadershipaddressesthiscriticalgapbyintroducinganovelbenchmarkingmodelinspiredbyprinciplesofevolutionandpsychologytoprioritizerobustnessalongsideperformance,empoweringexecutivestoproactivelyassesstheoverallqualityoftheirAIsystems.

DrawinglessonsfrompastAIfailuresincasestudiesandanalyzingindustrieslikeautomotive,aviation,criticalinfrastructureandessentialservices,defense,education,finance,andhealthcare,weprovidepracticalinsightsandactionableguidanceforbusinesses.Weadvocateforintegratingdiverse

perspectiveswithregulatoryguidelinestopropeltheindustrytowardsmoreethicalandtrustworthyAI

applications.Thefocusontrustworthinessiskeyforminimizingrisks,protectingreputation,andfosteringresponsibleAIinnovation,deployment,anduse.

Thisdocumentempowerskeydecisionmakers,includinggovernmentofficials,regulatorybodies,and

industryleaders,toestablishAIgovernanceframeworksthatensureethicalAIdevelopment,deployment,anduse.AnovelbenchmarkingmodelisintroducedtoassessAIquality,providingapracticaltoolfor

long-termsuccess.

Introduction

TherapidevolutionofArtificialIntelligence(AI)promisesunprecedentedadvances.However,asAI

systemsbecomeincreasinglysophisticated,theyalsoposeescalatingrisks.Pastincidents,frombiasedalgorithmsinhealthcaretomalfunctioningautonomousvehicles,starklyhighlighttheconsequencesofAIfailures.Currentregulatoryframeworksoftenstruggletokeeppacewiththespeedoftechnological

innovation,leavingbusinessesvulnerabletobothreputationalandoperationaldamage.

Inresponsetothesechallenges,thisdocumentaddressestheurgentneedforamoreholisticperspectiveonAIgovernanceandcompliance.We'llexplorethefoundationsofAI,examineissuesacrosscritical

industries,andprovidepracticalguidanceforresponsibleimplementation.Wepresentanovelapproachthatcomparesthe(r)evolutionofAIwithbiology,andintroducesathought-provokingconceptof

diversitytoenhancesafetyofAItechnology.Differencesinintelligenceandthesuccessfulinteractionofsuchsystemsarediscussed.Aninnovativebenchmarkingframeworkispresentedtoincreasethesafetyandreliabilityofthisdisruptivetechnology.

Thisapproachempowersdecision-makersandtechnicalteamsaliketoassessthesafetyand

trustworthinessofAIsystems.WeadvocateforintegratingdiverseperspectivesandregulatoryguidelinestofosterethicalAIinnovationandestablishstronggovernancepractices.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.6

PartI:UnderstandingtheFoundations

Governancevs.Compliance

Governanceandcomplianceareessentialaspectsoforganizationalmanagement,ensuringadherencetoregulations,ethicalprinciples,standards,andsustainabilitypracticesoutlinedinthebusinesscodeof

conduct.Alignmentwithaforementionedprinciplesandregulationsensureeffectivebusinesscontinuityandethicalpractice.

Governance

[1]

,whichreferstooverseeingandcontrollingsomething,isimplementedinatop-downapproach.Seniormanagementisresponsiblefordefiningstrategyandriskappetite,andestablishinga

governanceframeworkthroughpolicies,standards,and/orprocedures.Thesedirectivesshapetheorganization'soverarchingriskmanagementapproach,complianceobligations,anddecision-makingprocesses.Governancecreatesacultureofaccountability,transparency,ethicalbehavior,and

sustainabilitywhileprioritizingsecurityandprivacymeasuresacrossthecompany.

Contrarytothetop-downapproachofgovernance,Compliance

[2]

followsabottom-upapproach,whereemployeesatvariouslevelsimplementandadheretothegovernanceframeworkdefinedbysenior

managementtomeetregulatoryrequirements.Compliancefocusesonensuringadherencetolaws,

regulations,andindustrystandards,aswellasthegoverninginternalbusinesscodeofconduct.Itisa

crucialcomponentoforganizationalmanagementtoensurethattheorganizationoperateswithin

applicablelegalandregulatoryrequirements,acceptableethicalboundaries,andminimizedriskexposure.

GovernanceandCompliance:aMovingTarget

Whilegovernanceandcomplianceareclearlydefinedobjectives,theuseofanyAIchallengestraditionalapproaches.AIcanbeviewedfromvariousperspectives,suchasatechnology,asystemusingoneor

moremodels,abusinessapplication,orauserplatform.AIcanserveonesingle,oramultitudeof,end

users,anditcanbeusedbybusinesses,informationbrokers,orotherAItechnology,toperformtasks,

solveproblems,makedecisions,orinteractwiththeenvironment.Emergingbestpractices,standards,

andregulationssurroundingtheuseofAIcontinuetoevolve,makingitchallengingtohaveaconcretesetofcompliancerequirementstoimplementandmonitor.Forcompaniesconductinginternationalbusiness,thischallengegrowsexponentially.Mostregulationshaveoverlappingrequirementswithhardlyany

radicallynewpropositionstoimprovethesafetyofAIandthecurrentframeworkisbasedonthesegeneralrequirements.

●Humanoversight:EnsurethatAIsaresubjecttohumanoversightandcontrol,withmechanismsinplacetoenablehumaninterventionanddecision-makingwhennecessary.Humanoversight

mustbecoupledwithautomatedmonitoringastheprimarystep,withhumanoversightbeingcalledinforspecificallyidentifiedusecaseswherehumaninterventionisnecessary.Thismakesthisguidancescalableandpracticalapplicable.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.7

●Safetyandreliability:PrioritizesafetyandreliabilityinAItechnologytominimizetheriskofharmtoindividualsorsociety.Thisisachievedthroughrigoroustesting,validation,risk

assessmentprocesses,andtheimplementationofmechanismsinplaceforakill-switchorrecourseincaseoffailure.

●Ethicalconsiderations:EnsureAIadherestoethicalprinciples,respectshumanrights,andpromotesfairness.

●Dataprivacyandsecurity:Enhanceddataprotectionandsecuritymeasuresshouldbe

implementedtoprotectsensitiveinformationandprivacy,preventingunauthorizedaccessormisuseofdata.Duringthedesignphases,privacy-by-designandsecurity-by-designfocusonmitigatingrisksearlyintheprocess(reflectingshift-leftinDevSecOps).Thislimitsbolt-on

securityandunforeseenriskexposureinthefinalproduct.

●AIModelandDataConsiderations:

●Biasmitigation:AddressbiasesindataandalgorithmdesignandregularlymonitorandevaluateAIsystemsforbiasanddiscrimination.Biasisacomplextopicthatbalances

necessaryinformationandalgorithmswiththeriskofstereotypicclassification.

●Transparency:EnsuretransparencyinAIbyclearlyexplaininghowitworks,includingthealgorithmsandfactorsinfluencingtheirdecisions.ImplementingXAI(explainableAI)

[2]

,

[3]

helpstofostertrustandbuildthefoundationofinformeddecisionswhileuncoveringpossiblebias.Inhealthcare,thisiscrucialandacknowledged.Regardlessoftheindustry,theusershouldbeinformediftheoutputwasproducedbyAI.

●Consistency:ConsistentdataensuresthattheAImodellearnsfromaccurateand

reliableexamples.Thisiscrucialforthemodeltogeneratecorrectandusefuloutputs.Inconsistentorconflictingdatacanconfusethemodel,leadingtoinaccuraciesinthegeneratedtextorinformation.

●Accountability:Establishmechanismsforaccountabilityandresponsibilityinthedesign,development,deployment,anduseofAI,includingclearlinesofresponsibilityfor

addressinganyissuesthatmayarise.Currently,theresponsibilityforpreventingharmtotheend-userprimarilyfallsontheAIapplicationprovideralone.Additionalmeasures,

suchasmanualsor“modelcards”

[4]

andspecificusertraining,couldhighlightashared

responsibilitybetweentheproviderandtheenduserandoutlinethedegreeoftransparencythattheendusercanexpect.

●Robustness:DevelopAIthatiswelldesignedandresilienttoadversarialattacks,dataperturbations,andotherformsofinterferenceormanipulation.Thispaperproposesanewperspectivetoevaluaterobustnesstoenhanceglobalsafety.

●Compliancewithregulations:Ensurecompliancewithrelevantlaws,regulations,andstandardsgoverningthedevelopmentanddeploymentofAIapplicationsincluding,butnotlimitedto,dataprotectionalsoregardingthetradingofdata,privacy,andsafety.

AdoptinganapproachgroundedinsharedresponsibilityacrossthehighlycomplexsupplyandvaluechainiscrucialtoensuringthecreationofsafeandtrustworthyAI.Thisinvolvesatleastthetechnicalteam,thecomplianceteam,thelegalteamand,dependingonspecificfactors,manyotherteamsaswell.TheWhiteHouseMemorandumfrom28March2024

[5]

requeststhatallagenciesmustdesignateaChiefAIOfficer(CAIO)within60days.Thisroleallowsstrategicandpurposefulmanagementandalignmentofall

involvedteamstotransform“sharedresponsibility”intoatraceablemeasurement.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.8

TheLandscapeofAI

Inthischapter,anoverviewisgiventointroduceAIwithabriefhistory,AItechnologies,andtraining

methods.Todiscusstheimportanceofdataisbeyondthescopeofthisoverviewbutitisacknowledgedthatitisanextremelyimportanttopicandisaddressedin-depthbyotherCSAWorkgroups.

ABriefHistoryofAI

BelowaresomemilestonesofArtificialIntelligencelisted,notconsideringaspecificperspectivebutgivinganoverviewofthemajordevelopmentsinthisfield.

Figure1:HistoryofArtificialIntelligence

[6]

2018:BERT:IntroducedbyGoogle,thismodelrevolutionizedlanguageunderstanding.BERT'suseoftheTransformerarchitectureandpre-trainingonmassivetextdatasetsenabledittooutperformprevious

modelsinvariouslanguagetasks.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.9

2019:GTP-2with1.5billionparameters

2020:LLMswith175billion-530billionparameters

2021:LLMswithuptoatrillionparametersfocusingonimprovingefficiencyintrainingandhandlingcomplextaskswithadvancedreasoningandfactualaccuracy.

2022:ChatGTP-3goesviral

Beyondsize:researchersareworkingnowonefficiencyintraining,alignmentwithhuman’svalue,safetyandmultimodality(incorporatingimages,audio,andotherdatatypes).

ThisbriefhistoryofAIdemonstratestheevolutionfromthemostbasiccalculatortoGenAIwithArtificialGeneralIntelligencestillonthehorizon.

TheLandscapeofAI

DifferentAItechnologiesarepresentedanddiscussed.

MachineLearning(ML)

MachineLearningisabranchofAIandcomputersciencethatfocusesonusingdataandalgorithmstoimitatehumanlearning,graduallyimprovingamodel’saccuracy

[7]

.

TinyMachineLearning(tinyML)

TinyMachineLearningisbroadlydefinedasafieldofMachineLearningtechnologiesandapplicationsthatincludehardware(dedicatedintegratedcircuits),algorithms,andsoftwarecapableofperformingon-devicesensordataanalyticsatextremelylowpower,typicallyinthemWrangeandbelow,enablingavarietyofalways-onusecasesandtargetingbatteryoperateddevices

[8]

,suchasInternetofThings

(IoT)devices.

DeepLearning(AdvancedML)

DeepLearningisamethodinAIthatteachescomputerstoprocessdatainawaythatisinspiredbythehumanbrain.DeepLearningmodelscanrecognizecomplexpatternsinpictures,text,sounds,andotherdatatoproduceaccurateinsightsandpredictionsusingneuralnetworks.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.10

GenerativeArtificialIntelligence(GenAI)

GenerativeArtificialIntelligencereferstodeep-learningortransformermodelsthatcantakerawdataand“learn”togeneratestatisticallyprobableoutputswhenprompted.Unliketheaboveclassificatorymodelsthatareprimarilyusedforclassificationandpatternrecognitiontasks,GenerativeAImodelsareusedforsynthesisofdata,matchinghigh-orderpatternsoflearningdataand/orpredictiveanalytics.Atahigh

level,generativemodelsencodeasimplifiedrepresentationoftheirtrainingdataandpredictthenextsetsimilar,butnotidenticalto,theoriginaldata

[9]

.

ArtificialGeneralIntelligence(AGI)

ArtificialGeneralIntelligenceisatheoreticalformofAIusedtodescribeacertainmindsetofAI

development.Itinvolvesanintelligenceequal(orsuperior)tohumansandaself-awareconsciousnessthatcanlearnandsolvecomplexproblems,andplanforthefuture

[10]

.

TheLandscapeofTrainingMethods

ArtificialIntelligencecanbegroupedintothefollowingtypes

[11]

:

Figure2:TypesofMachineLearning

SupervisedLearning

SupervisedLearningisastyleofMachineLearningwherealgorithmslearnfrom“labeleddata”.Itisusedforclassificationandregressionproblems.“Labeleddata”providesknowninputsanddesiredoutputs,allowingthealgorithmtoidentifypatternsandbuildamodelforpredictingoutcomesonpreviously

unseendata.

Exampleforclassificationalgorithms:decisiontrees,randomforests,linearclassifiers,andsupportvectormachines.

Exampleforregressionalgorithms:linearregression,multivariateregression,regressiontrees,andlassoregression.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.11

UnsupervisedLearning

UnsupervisedLearningisastyleofMachineLearningwherealgorithmsanalyzeunlabeleddata.Thegoalistodiscoverhiddenpatterns,groupings,patterns,orinsightswithinthedatawithoutpredetermined

outcomes.Aproperlytrainedmodelisabletomakepredictionsusingunseendata.

Examplealgorithms:k-means,k-medoids,hierarchicalclustering,Apriori,andFPGrowth.

ReinforcedLearning

ReinforcedLearningisastyleofMachineLearningwhereanagentinteractswithanenvironmentand

learnsthroughtrialanderror.Theagentreceivesrewardsorpenaltiesbasedonitsactions,allowingittoadjustitsbehaviorandoptimizeitsdecision-makingprocessovertime.

Examplealgorithms:ReinforcedLearning,MarkovDecisionProcess,Q-learning,PolicyGradientMethod,andActor-Critic,butmanymoreexist.

Semi-supervisedLearning

Semi-supervisedLearningbridgesthegapbetweensupervisedandunsupervisedlearning.Itutilizesasmallamountoflabeleddataalongsidealargerpoolofunlabeleddata.Thisapproachisvaluablewhenobtaininglabeleddataiscostlyortime-consumingsinceitallowsthemodeltoleveragepatternsfoundwithintheunlabeleddataaswell.

Self-supervisedLearning

Self-supervisedLearningisaformofUnsupervisedLearningwherethemodelgeneratesitsownlabelsfromtherawinputdata.Itachievesthisthroughtechniqueslikepredictingmaskedwordsinasentenceor

predictingthenextframeinavideosequence.Thisallowsforlearningrobust,generalizablerepresentationsofdataevenwithouthuman-providedlabels.

FederatedLearning

FederatedLearningisanadvancedMachineLearningtechniquedesignedtotrainalgorithmsacross

decentralizeddevicesorserversholdinglocaldatasamples,withoutexchangingthem.Thismethod

addressessignificantconcernsrelatedtoprivacy,security,anddatacentralizationbykeepingsensitivedataontheuser'sdevice,ratherthantransferringthedatatoacentralserverforprocessing(Figure3).Thismethod,introducedin2016,allowsdataprivacytobepreservedtoagreaterextentbysharingonlyparameters,notdata.FederatedLearningoffersaframeworktojointlytrainaglobalmodelusingdata

setsstoredinseparateclients.Thisoffersagoodoptionforindustrieswhereprivacyiscrucial,asoriginaldataisconsideredimpossibletorecover

[12]

.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.12

Figure3:ArchitectureforaFederatedLearningsystem

[12]

Anotheradvantageofthismodel,notdiscussedintheabovepaper

[12]

,istheabilitytoleveragethe

“wisdomofthecrowd”

[13]

.Neuronsinthehumanbrainapplythisconcepttoproduceexactinformationfromnon-deterministicneuralprocesses.

Currently,FederatedLearningseemstohavethepotentialtointegrateprivacy,performance,androbustnessbasedondiversity.Thislearningmethodisnotdiscussedmuch,butitispromisingin

industriesorapplicationswheredataprivacyandconfidentialityareparamountandalsohelpsaddresstheissuesarounddataresidency.

However,therearealsopotentialprivacyconcernswithFederatedLearningincludingtheriskofmalicioususersdisruptingmodelaggregation,whichcanimpactmodelaccuracyorleadtoprivacydisclosures.

Attackscantargetmodelupdatessharedduringtraining,possiblyallowingfortheextractionofrawtrainingdata.Toaddresstheseconcerns,researchersproposeprivacy-preservingtechniqueslike

differentialprivacy,distributedencryption,andzero-knowledgeprooftosafeguarddataandfilteroutanomaliesfrommaliciousactors.FederatedLearning,likeanyotherlearningmethod,requiresthat

adequatecybersecuritymeasuresareinplace.

TrainingMethodsRegulationsandEthicalConsiderations

WhiletherearenospecificregulationsgoverningMLtraining,itisimpactedbythemajorregulatoryframeworks,includingtheGeneralDataProtectionRegulation(GDPR),theEUAIAct,andthe

OrganisationforEconomicCo-operationandDevelopment(OECD)principlesonAI.Further,regulationsgoverningMachineLearning(ML)andartificialintelligence(AI)trainingarerapidlyevolvingas

technologyadvancesandarecoveredin“

PrinciplestoPractice:ResponsibleAIinaDynamicRegulatory

Environment

”.Additionally,manygovernmentbodiesareactivelydevelopingregulationsandfacilitatingcooperativeindustryeffortstothesameeffect.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.13

RegulationsgoverningMachineLearning(ML)andartificialintelligence(AI)havesignificantimplicationsfordatamonetizationandtheuseofAItoguidebusinessdecisions.Theseeffectsmanifestinvarious

ways,includingoperationalchanges,strategicadjustments,andethicalconsiderations,aswellas

limits/requirementsondatacollectionanduse,bias,anddataquality.Certainplatforms,forexample,haveforbiddentheusageoftheirdataforAItrainingpurposes(suchasX:“crawlingorscrapingthe

Servicesinanyform,foranypurposewithoutourpriorwrittenconsentisexpresslyprohibited”

[14]

)orhavesolditunderalicensingagreement(suchasReddit

[15]

).

Meetingregulatoryrequirementscanintroducesignificantcompliancecosts,especiallyforbusinesses

operatingacrossmultiplejurisdictions.Despitethechallenges,regulationsalsoofferopportunities.

Businessesthatadeptlynavigatetheregulatorylandscapecandifferentiatethemselvesbyofferingmoresecure,transparent,andethicalAIsolutions.Thiscanappealtoincreasinglyprivacy-consciousconsumersandpartners,potentiallyopeningnewmarketsorcreatingstrongercustomerloyalty.

Licensing,Patenting&CopyrightofAITechnology

ManyMachineLearningframeworksandlibrariesfollowtheOpenSourceInitiativeLicensing,suchasApache2.0

[16]

orMIT

[17]

.Certainlicensingmightforbidcommercialuseoftheresultingapplication.

TheEuropeanPatentOffice’s(EPO)revisedGuidelinesforExamination

[18]

,

[19]

havebeenmadepublicandincludeafewsignificantchangestotheEPO’sprocedureforreviewinginnovationsinthedomainsofMLandAI.RecentamendmentsmandatethatapplicantsforAIorMLinventionsfurtherelucidate

mathematicaltechniquesandtraininginput/datainamannerthoroughenoughtoreplicatethetechnicalresultoftheinventionovertheentiretyoftheclaim.Thearticlecitedbelowstatesthat“caselawsuggeststhatthestructureofanyneuralnetworksused,theirtopology,activationfunctions,endconditions,and

learningmechanismareallrelevanttechnicaldetailsthatanapplicationmightneedtodisclose”.Thisarticle

[20]

summarizesfurtherimplicationsandexpoundsonthistopic.

OnJanuary23,2024,theJapanAgencyforCulturalAffairs(ACA)releaseditsdraft“ApproachtoAIandCopyright”forpubliccomment,toclarifyhowingestionandoutputofcopyrightedmaterialsinJapan

shouldbeconsidered.OnFebruary29,2024,afterconsideringnearly25,000comments,additional

changesweremade.Thisdocument,createdbyanACAcommittee,willlikelybeadoptedbytheACAinthenextfewweeks.Thisarticle

[21]

providesasummaryofthekeypointsofthedraftitselfandas

modified.

TherearedisputesaboutcopyrightinSingapore

[22]

;thisiscurrentlyaveryvolatilefield.Itisfurtheraddressedinalsoin“

PrinciplestoPractice:ResponsibleAIinaDynamicRegulatoryEnvironment

”.

©Copyright2024,CloudSecurityAlliance.Allrightsreserved.14

PartII:Real-WorldCaseStudiesandIndustryChallenges

Inthispart,afewindustr