Late last week, the White House issued a National Security Memorandum (NSM) on Artificial Intelligence (AI) which aims to ensure that ongoing and future advancements in AI technologies are beneficial to the US public. The memorandum also ensures that the US remains the top location to incubate and innovate in this developing space.
Yubico applauds this effort as it underscores the importance of securing the broader AI ecosystem and supply chain in the US and globally against espionage and data theft – especially as adversaries continue taking any means to obtain key intellectual property. The proactive guidance related to usage and research, as well as plans to develop international consensus, demonstrates that the current administration is taking the threats AI enables seriously and is building in safeguards and trustworthiness that could include protections against deep fakes and phishing attacks. It also shows a willingness to engage international partners in both the public and private spaces to move forward with AI tools in a responsible way.
Key cybersecurity takeaways of the NSM for organizations
Specifically, the NSM directs three primary steps that encapsulate and enable government bodies to succeed at the goals for managing climate risks. To further these goals, the NSM makes several calls to action, including: investing to ensure the US leads the development of “Safe, Secure, and Trustworthy AI,”; ensuring that the US government is well positioned to harness AI tools while “protecting human rights and democratic values”; and finally, moves to ensure an international consensus around the governance of AI tools.
This directive and related calls to action seek to leverage and demonstrate how the head of the Executive Branch views risks related to these technologies. Of the most interest to practitioners who inhabit the Identity Space (and related fields) are the moves to build an AI Safety Institute and a “Framework to Advance IA Governance and Risk Management in National Security.” To support and achieve the goals of both of these efforts, strong identity needs to be central to planning.
AI tools – including Natural Language Processing (NLP) Algorithmic pattern recognition, and Image or video generation – unlock capabilities for smaller threat actors that historically were only available to nation state actors. We can expect instances of fraud to only increase as these tools continue to lower the bar for nefarious groups and individuals. These tools can also be used by actors in non-malicious ways that end up adding confusion to our intellectual property landscape, and if these tools are not well governed then they may also introduce or reinforce unwanted bias into decision making processes. We have already seen instances where these types of algorithms when used in an ungoverned way lead to segregation and hardship in oblique and nearly invisible ways.
To comply with many of the goals set forth in the NSM, non-repudiation is needed – the concept that dictates a party cannot be disassociated from a transaction. Stated otherwise, it provides a mental framework for solidly associating an identity with an action. Actors need to be identifiable, and their digital identities need to be tied to a real life person or be certified as coming from a legitimate non-human identity. In order to achieve many of the goals, especially those related to protection against impersonation, one must rely on a strong method of non-repudiation.
Passkeys as the solution for identity challenges in the face of AI threats
As with many other security solutions, identity is a foundational element of cybersecurity. Passkeys, and specifically device-bound passkeys like YubiKeys, are a natural solution for many of these identity problems. They enable proven phishing-resistant based authentication solutions and a user-focused experience to provide the capabilities needed to achieve the stated goals around protecting systems from AI based impersonation and/or abuse.
Phishing-resistant authentication, enabled by device-bound passkey solutions like passkeys, can also ensure the safety of code and manufacturing pipelines. By eliminating the most common vectors that threat actors use to breach networks to steal data, organizations and entities can ensure they align with the NSMs stated goals of ensuring AI research and development is not threatened by external actors.
Yubico offers solutions that are uniquely able to meet and exceed the needs of both public and private bodies to meet and comply with many of the goals outlined. The YubiKey acts as a phishing-resistant portable root of trust – enabling a user-friendly device-bound passkey solution. It can be integrated into authentication workflows that support cross device and cross environment authentication, as well as solutions for other identity centric tasks that leverage PKI solutions to enable the highest levels of authentication – with support for both passwordless and traditional multi-factor authentication (MFA) scenarios.
To learn more about how the YubiKey can be fully integrated into a Zero Trust architecture, read our whitepaper, Modern Authentication for the Federal Government. See how modern security is helping the Federal Government battle rising cyber threats in our new infographic here.
Interested in implementing YubiKeys for your business or have any questions? Reach out to our team today.
