Guidance on Securing AI Training & Operating Data

by John Jenkins

June 17, 2025

An alphabet soup of international governmental agencies that includes the NSA, CISA, and FBI have come up with best practices guidance on securing AI training and operating data.  Here’s an excerpt from the executive summary:

This Cybersecurity Information Sheet (CSI) provides essential guidance on securing data used in artificial intelligence (AI) and machine learning (ML) systems. It also highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes and outlines potential risks arising from data integrity issues in various stages of AI development and deployment.

This CSI provides a brief overview of the AI system lifecycle and general best practices to secure data used during the development, testing, and operation of AI-based systems. These best practices include the incorporation of techniques such as data encryption, digital signatures, data provenance tracking, secure storage, and trust infrastructure. This CSI also provides an in-depth examination of three significant areas of data security risks in AI systems: data supply chain, maliciously modified (“poisoned”) data, and data drift. Each section provides a detailed description of the risks and the corresponding best practices to mitigate those risks.

This guidance is intended primarily for organizations using AI systems in their operations, with a focus on protecting sensitive, proprietary, or mission critical data. The principles outlined in this information sheet provide a robust foundation for securing AI data and ensuring the reliability and accuracy of AI-driven outcomes.

The guidance’s objectives are to raise awareness of the potential data security risks in the development, testing, and deployment of AI systems, provide best practices and guidance for securing AI data throughout the AI lifecycle, and establish a strong data security foundation for AI systems “by promoting the adoption of robust data security measures and encouraging proactive risk mitigation strategies.”