Publication date:December 15, 2020
This report presents the Agency's active mapping of the AI cybersecurity ecosystem and its Threat Landscape, realised with the support of the Ad-Hoc Working Group on Artificial Intelligence Cybersecurity. The ENISA AI Threat Landscape not only lays the foundation for upcoming cybersecurity policy initiatives and technical guidelines, but also stresses relevant challenges. One area of particular significance is that of the supply chain related to AI and accordingly it is important to highlight the need for an EU ecosystem for secure and trustworthy AI, including all elements of the AI supply chain. The EU secure AI ecosystem should place cybersecurity and data protection at the forefront and foster relevant innovation, capacity-building, awareness raising and research and development initiatives.
The main highlights of the report include the following:
- Definition of the scope of AI in the context of cybersecurity following a lifecycle approach. Taking into account the different stages of the AI lifecycle from requirements analysis to deployment, the ecosystem of AI systems and applications is delineated.
- Identification of assets of the AI ecosystem as a fundamental step in pinpointing what needs to be protected and what could possibly go wrong in terms of security of the AI ecosystem.
- Mapping of the AI threat landscape by means of a detailed taxonomy. This serves as a baseline for the identification of potential vulnerabilities and eventually attack scenarios for specific use cases and thus serve in forthcoming sectorial risk assessments and listing of proportionate security controls.
- Classification of threats for the different assets and in the context of the diverse AI lifecycle stages, also listing relevant threat actors. The impact of threats to different security properties is also highlighted.
Search related content with: Threat landscape Internet of things