Lawmakers seek NSA playbook on AI security under bipartisan bill
A pair of Senate Intelligence Committee members are pushing the National Security Agency to get ahead of adversarial threats to U.S. artificial intelligence and related technologies, introducing the bipartisan Advanced AI Security Readiness Act on Wednesday.
The legislation from Sens. Todd Young, R-Ind., and Mark Kelly, D-Ariz., directs the NSA to develop an AI security playbook to prepare for and guard against threats from foreign adversaries.
The bill, which has a House companion led by Reps. Darin LaHood, R-Ill., Raja Krishnamoorthi, D-Ill., John Moolenaar, R-Mich., and Josh Gottheimer, D-N.J., specifically tasks the NSA’s AI Security Center with developing the playbook. The document should identify potential vulnerabilities and threats from abroad, in addition to locking into place security strategies and backup plans for advanced American AI systems.
“America’s leadership in advanced technology depends on our ability to protect it. As our foreign adversaries race to steal and exploit cutting-edge AI systems, we must stay ahead of these threats,” Young said in a press release. “The Advanced AI Security Readiness Act will ensure the intelligence professionals at NSA have the tools and direction needed to safeguard U.S. innovation and preserve America’s technology advantages.”
The playbook should identify vulnerabilities in AI tech and supply chains, with guidance focused specifically on cybersecurity challenges inherent in the protection of AI systems and computing environments.
The NSA’s cyber-focused playbook should also call out any elements of the AI supply chain that are especially susceptible to threat actors and, if compromised, would “meaningfully contribute” to a threat actor’s ability to develop their own covered AI tech or undercut the confidentiality, integrity or availability of U.S. AI systems.
Per the bill text, the playbook should also pull together strategies for handling cyber threats to AI systems, including measures to protect model weights, how best to fight back against insider threats, and other methods to combat theft or cyberespionage by adversaries.
“AI increasingly powers our defense, intelligence, critical infrastructure, scientific innovation, and much of our economy. If it’s vulnerable, we’re vulnerable,” Kelly said in the press release. “This bipartisan legislation gets the NSA prepared to spot attacks early and defend our country’s AI innovation from anyone trying to exploit it. As AI evolves, we need to stay ahead of the challenges it brings to keep Americans safe.”
The NSA won’t be flying solo on the creation of the playbook: The bill calls for the intelligence agency to work with notable AI developers and researchers, interview subject matter experts, host roundtable discussions and visit facilities.
The agency should also collaborate with any relevant Department of Energy-run national laboratories or other federally funded R&D centers that have expertise in AI security. The bill names the Commerce Department’s Bureau of Industry and Security, the National Institute of Standards and Technology’s Center for AI Standards and Innovation, the Department of Homeland Security and the Department of Defense as other agency partners in the playbook’s development.
If signed into law, the bill would be the latest in a string of recent AI security moves from the NSA. In April, the agency published a cybersecurity information sheet on best practices for deploying secure and resilient AI systems. A month later, the NSA’s AI Security Center released joint guidance with the FBI, the Cybersecurity and Infrastructure Security Agency and global government partners on securing data used to train and operate AI systems.
How the NSA uses AI has been of significant interest from privacy groups, including the ACLU, which in April 2024 sued the spy agency under the Freedom of Information Act for the release of studies, roadmaps and reports about how it was using AI and what kind of impact it would have on the civil liberties of Americans.
