AI Risk Management Should Incorporate Both Safety and Security

TL;DR

This paper emphasizes the importance of integrating both safety and security perspectives in AI risk management, highlighting their interplay, conceptual differences, and proposing a unified framework for better collaboration.

Contribution

It introduces a unified reference framework to clarify the distinctions and interactions between AI safety and security, promoting holistic risk mitigation.

Findings

Safety and security are often treated separately, causing gaps in risk management.

A unified framework helps clarify concepts and improve cross-disciplinary collaboration.

Integrating safety and security leads to more effective AI risk mitigation strategies.

Abstract

The exposure of security vulnerabilities in safety-aligned language models, e.g., susceptibility to adversarial attacks, has shed light on the intricate interplay between AI safety and AI security. Although the two disciplines now come together under the overarching goal of AI risk management, they have historically evolved separately, giving rise to differing perspectives. Therefore, in this paper, we advocate that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security, and unambiguously take into account the perspectives of both disciplines in order to devise mostly effective and holistic risk mitigation approaches. Unfortunately, this vision is often obfuscated, as the definitions of the basic concepts of "safety" and "security" themselves are often inconsistent and lack consensus across communities. With AI risk management being increasingly cross-disciplinary, this issue is particularly salient. In light of this conceptual challenge, we introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security, aiming to facilitate a shared understanding and effective collaboration across communities.