Industry Leaders Expand Threat-Informed Defense to AI-Enabled Systems

Written by Suneel Sundar.

As artificial intelligence (AI) becomes increasingly integrated into various industries, the importance of securing AI-enabled systems cannot be overstated. Recognizing this critical need, the Center for Threat-Informed Defense is launching a major initiative to bolster security for AI-enabled systems by enhancing the existing MITRE ATLAS™ framework.

New Research Initiative: Secure AI

On June 11, 2024, the Center for Threat-Informed Defense launched its most collaborative project to date: the Secure AI research project. This initiative will enhance the community knowledge base of threats to AI-enabled systems and develop strategies to mitigate these risks. A diverse group of industry leaders from communications, financial, healthcare, and technology sectors have joined to create this community resource. Participating organizations include:

• AttackIQ, Inc.
• BedRock Systems
• Booz Allen Hamilton
• CATO Networks
• Citigroup
• CrowdStrike, Inc.
• FS-ISAC
• Fujitsu
• HCA Healthcare
• HiddenLayer
• Intel
• JPMorgan Chase Bank, N.A.
• Microsoft Corporation
• Standard Chartered
• Verizon Business

These organizations are contributing their technical expertise and resources to create practical tools and strategies for securing AI systems.

Enhancing MITRE ATLAS

The Secure AI research project is focused on the enhancement of MITRE ATLAS. ATLAS is a globally-accessible knowledge base that documents adversary tactics and techniques observed in real-world attacks and realistic demonstrations from AI red teams and security groups. ATLAS is modeled after and complementary to MITRE ATT&CK®, raising awareness of the rapidly evolving vulnerabilities of Al-enabled systems as they extend beyond cyber. The Secure AI project will:

• Expand the ATLAS knowledge base through incident sharing metrics and mechanisms.
• Document new case studies within ATLAS that address vulnerabilities in industry-relevant systems, including generative AI.
• Describe new relevant mitigations based on documented AI incidents.
• Align ATLAS tactics, techniques, and procedures (TTPs) with the current version of MITRE ATT&CK TTPs.

Collaboration and Community Involvement

The Center for Threat-Informed Defense invites additional industry participants to contribute their technical expertise and funding to this vital research. We are also seeking data contributors who can share AI incident data and insights to enhance the project’s impact. Your participation will assist with these important efforts to build a comprehensive understanding of threats to AI-enabled systems and strengthen the defenses of those systems across industries.

By collaborating on this important research, industry leaders will secure AI-enabled systems and protect against emerging cyber threats. Contact us at ctid@mitre-engenuity.org to join us in this effort and make a lasting impact on the cybersecurity community.

About the Center for Threat-Informed Defense

The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.

© 2024 MITRE Engenuity, LLC. Approved for Public Release. Document number CT0123