Software Engineering Institute

Cyber hygiene has come to represent the basic tools, processes, and knowledge necessary for operations of a secure and reliable system. Until now, the field of artificial intelligence (AI) has been developing at a fast pace with security a secondary consideration. The absence of a strong emphasis on security has led to the emergence of poor standard practices within the AI community, creating AI systems with inherent vulnerabilities and security issues. This work aims to identify and analyze these problematic practices specifically related to the hygiene of models and data in AI products. Furthermore, it also identifies remedial controls, inspired by traditional cybersecurity principles, to help the AI community strengthen its security posture and improve its overall cyber hygiene.