MDDI 演講稿 · 2024-10-16
Janil Puthucheary 高階政務部長在新加坡國際網路周 AI 高級別討論會上的主旨演講
要點
- • 題眼問題:「AI 能不能被安全地使用?」自 ChatGPT 2022 年爆發以來——這個問題對政府、產業、學界、使用者、採用都關鍵。
- • 新加坡的國際足跡:2023 年英國 AI 安全峰會參與;與英 NCSC、美 CISA 共同蓋章《Guidelines for Secure AI System Development》;2024 年釋出生成式 AI 治理框架(9 個維度)。
- • 「信任」是 Smart Nation 2.0 的核心原則。AI 既要面對「經典網路安全風險」(開源元件後門、模型操縱、對支撐軟體的攻擊),也要面對 AI 獨有的風險(資料抽取、模型操縱)。
- • CSA 釋出首版《保護 AI 指南與配套指南》——指南列出長期適用的核心原則、配套指南是社群協作產物(不是規定式,是「實務參考」)。
- • CSA × Resaro(新加坡 AI 保障公司)聯合發表論文——探討「AI 安全到底是什麼」以及各方角色。
- • 7–9 月新加坡承辦「Global Challenge for Safe and Secure LLMs」——300+ 國際參賽者、100+ 隊伍——來自中、德、日、馬、新、美。
完整譯文(繁體中文)
MDDI 英文原文譯文 · 翻譯日期: 2026-05-03
本文已從早期版本的網站遷移過來——格式可能有不一致之處。
數碼發展及新聞部高階政務部長 Janil Puthucheary 博士在「新加坡國際網路周」(SICW)AI 高級別討論會上的主旨演講(2024 年 10 月 16 日)
AI 能被安全地使用嗎?
各位閣下、
各位嘉賓、
各位女士、先生:
早安。
1. 我很高興出席這場關於人工智慧的「高級別討論會」。
AI 安全是一項國際性關切
2. 「AI 能不能被安全地使用?」
a. 這是我們許多人一直在思考的問題——尤其自 2022 年 ChatGPT 進入大眾視野以來——它對政府、產業、學界的工作都關鍵——對作為使用者的我們也關鍵——對我們對 AI 採用的信任也關鍵。
b. 我們關注的是——AI 能否被「做安全」、被「做可靠」、併成為「善的力量」。
3. 過去兩年——許多夥伴與朋友主辦了關於這一話題的國際討論。新加坡是其中的積極參與者——把我們在 AI 治理上的既有工作往前推。
a. 2023 年——我們在英國主辦的 AI 安全峰會上加入同行。這是跨邊界 AI 安全與安保對話中的重要里程碑。
b. 去年 11 月——新加坡也受邀與英國國家網路安全中心(NCSC)與美國網路安全與基礎設施安全域性(CISA)共同蓋章《Guidelines for Secure AI System Development》。這份檔案勾勒了系統持有者「在 AI 決策與 AI 安全框架」上應使用的原則。
c. 今年——在 AI 安全方面——經過國際諮詢過程——新加坡推出了首份生成式 AI 的《Model AI Governance Framework》。這是首個針對生成式 AI 治理的全面框架——它有 9 個維度——以確保這些模型被「整體地看待與回應」。
對 AI 的信任會促成採用
4. 在回應新興技術時——這是我們必須有的關鍵對話。雲端計算、人工智慧、量子計算等技術——為我們的產業與經濟帶來重大收益。但我們必須對風險與「如何管理它們」保持清醒——而不是「以艱難方式學到教訓」、然後在事後追趕——通過危機與「事情出錯」來給所發現的漏洞打補丁。
5. 這就是為什麼我們把「信任」作為核心原則——作為新加坡「Smart Nation 2.0」計劃的核心一部分。所有使用者——大型組織與個人——都必須能信任:技術(包括新興技術)會安全可靠,他們的安全與福祉會得到保障。
6. 這給到信心——去嘗試新用例、在下一波增長中部署新技術——並接到我們 Smart Nation 2.0 計劃中的更宏大目標——我們能為社群做什麼、能為我們的社會與機會帶來什麼樣的成長。
7. 因此——這不僅關於增長與生產力——這兩者是必要結果——但這同樣關於「把 AI 落地得好」。我們知道——在醫療等特定領域——必須採用更高的 AI 安全標準——以應對關鍵風險。
a. 我們必須保護 AI 系統不受惡意網路攻擊。我們知道——威脅行為者能在開源 AI 元件中插入後門、最終模型可能被操縱或擾亂、威脅行為者也可能對 AI 的支撐軟體發起經典攻擊。舊風險並未消失——它們只是被「疊加」上來——所以這些系統都需要更新與打補丁。
b. 我們必須保護 AI 模型——防止資料抽取的嘗試。所有這些都是「在 AI 方案上加強長期信任」的必要努力。
8. 這要求服務提供者、產業玩家與公共部門技術夥伴之間緊密合作——比如新加坡——醫療科技機構 Synapxe 與政府科技局(GovTech)。
9. AI 也在許多行業、並跨整個生態成長。因此——除了行業特定風險——我們還面臨系統性風險。這些已上升為我們的思考前沿——這是必須共同應對的國際挑戰。
a. 一旦關鍵 AI 基礎設施的關鍵部分受到擾動——許多公司可能失去對模型、工具與服務的訪問。
b. 使用者也將難以繼續他們的活動——如果他們圍繞 AI 構建了業務模型、流程模型——而 AI 方案被破壞。修復與恢復這些服務——可能需要一些時間——取決於已就位的安全與韌性措施。
c. 當這件事發生時——它會影響許多人——無論他們居住在何處、AI 模型部署在何處。
10. 這就是為什麼——把 AI 做安全、做可信——必須成為我們的優先。如果我們要持續擔心這些風險——任何人都很難採用 AI。
11. 這些是 AI 採用的必要條件——我們必須採取實操步驟——為「信任」打底。
我們在 AI 安全上的進展
12. 在描繪了「半空玻璃杯」之後——其實我們看到了不少進展。AI 在全球範圍以越來越快的速度被採用。這是「半滿玻璃杯」。在一些國家——我們也看到 AI 在關鍵基礎設施中的採用。
13. 我們知道——這種採用會放大許多經典的網路安全風險——可能影響 AI 的「機密性、完整性、可用性」(C/I/A)。還有 AI 模型與系統獨有的、未被授權的新風險。
14. 但我們並不是從零開始。AI 安全相對經典網路安全還很年輕——但已有許多既有努力——幫助開發者把合適的護欄放就位、保護他們的模型與系統。我所突出的許多對話——都是這一過程的一部分。
a. 例子繼續——美國國家標準與技術研究院(NIST)釋出了《AI 風險管理框架》——幫助使用者管理潛在 AI 風險。
b. 韓國科技部宣佈其計劃——以《實現可信 AI 戰略》(Strategy to Realise Trustworthy AI)讓 AI 更安全、更可信。
15. 昨天——在 SICW 開幕儀式上——尚達曼資深部長(應為 Teo Chee Hean)宣佈——新加坡網路安全域性(CSA)釋出我們《保護 AI 指南與配套指南》(Guidelines and Companion Guide for Securing AI)的首版。
a. 這些指南列出了系統持有者應使用的、關鍵且長期適用的原則——指引其對 AI 安全的方法——包括如何落地安全控制與最佳實踐。
b. 配套指南是一項「社群努力」——為系統持有者提供實操措施與控制項。它不是規定式的——而是支援系統持有者「在這一年輕空間中穿行」的資源。
c. 我要感謝我們的國際夥伴、產業玩家與專業人士的意見。我們就最初稿收到了正面反饋,以及如何改進的建議。
d. 我們做了努力來回應反饋——並把這些檔案作為「社群主導的資源」推出。我們希望繼續協作——讓 AI 在實踐中更安全。
16. 我也很高興宣佈——CSA 與新加坡 AI 保障空間的公司 Resaro 合作——共同撰寫一份關於「AI 安全風險」的論文。這份論文探討了「AI 的安全意味著什麼」、以及各方利益相關者應在這個空間中扮演什麼角色。指南、配套指南以及這份討論論文——都已連結到各位座位上的卡片上。論文與配套指南可線上獲取。
17. 我們也在發展本地的網路安全專業社群——發現保護 AI 的新技術。
a. 比如——7 月到 9 月——新加坡承辦了「Global Challenge for Safe and Secure Large Language Models」(面向安全可靠 LLM 的全球挑戰賽)。我自豪地分享——這一挑戰賽吸引了 300+ 名國際參賽者——開發穩健的安全措施與創新方法——緩釋對 LLM 的越獄(jailbreaking)攻擊、把 LLM 做得更安全。
b. 此次挑戰賽有 100+ 支隊伍——包括來自中國、德國、日本、馬來西亞、新加坡、美國等地——這反映了應對 AI 挑戰的全球努力。
c. 我們的頂級隊伍今天就在場。請與我一起祝賀並感謝他們——他們讓 AI 更安全的努力。
d. 接下來會有專題討論——討論之後——獲獎者將領獎。請留下來祝賀、支援並鼓勵他們——為他們卓越的工作——也鼓勵他們繼續做下去。
促進 AI 上的「公私對話」
18. 今天的專題討論——是我們作為政府官員與產業專業人士、研究者進行開放對話的重要機會——共同探索如何讓 AI 更安全。我也期待嘉賓們就「我們應優先關注的關鍵措施」與「迄今為止最有效的事情」分享意見。
19. 更重要的是——我期待這一對話能討論——利益相關方應如何繼續協作、改善他們在「政府機構、供應商、系統持有者、產業玩家、使用者」之間的關係——以守護 AI 的開發、部署與使用。
a. 每個人都有「在 AI 信任建設上」的利害關係。我們在一條船上——目前正處於 AI 開發、部署與採用的關鍵期。我們將協作——跨行業、跨司法轄區——儘早回應這些議題。
20. 感謝邀請我今天來。祝大家會議富有成效、網路周愉快。
英文原文
MDDI 官網原始記錄 · 抓取日期: 2026-05-02
This article has been migrated from an earlier version of the site and may display formatting inconsistencies.
Keynote Address by SMS Janil Puthucheary at the Singapore International Cyber Week (SICW) High-Level Panel on AI on 16 Oct 2024
CAN AI BE SECURE?
Your excellencies,
Distinguished guests,
Ladies and gentlemen,
Good morning.
1. It is my pleasure to be here with you at this High-Level Panel on Artificial Intelligence.
AI Security is an International Concern
2. “Can AI be Secure?”
a. This is a question many of us have grappled with, more so since the explosion of ChatGPT into our consciousness in 2022, but it’s been relevant to our work in the government, industry, academia, and it is relevant to us as users, and relevant in our trust in the adoption of AI.
b. We are concerned with whether AI can be made safe, can be made secure, and be a force for good.
3. Many of our partners and friends have hosted international discussions on this topic in the past two years. Singapore has been an active participant in this space, building on our existing work in AI governance.
a. In 2023, we joined our counterparts at the AI Safety Summit, hosted by the UK. This was an important milestone in dialogues on AI safety and security, across borders.
b. In November of last year, Singapore was also invited to co-seal the “Guidelines for Secure AI System Development”, developed by the UK’s National Cyber Security Centre, or the NCSC, and the US’s Cybersecurity and Infrastructure Security Agency. This document outlines principles that system owners should use to guide their decision-making about AI, and their frameworks for AI safety.
c. This year, for AI safety, Singapore has launched a Model AI Governance Framework for Generative AI, following an international consultation process. This is the first comprehensive framework for the governance of Generative AI. It has nine dimensions to ensure that these models are seen and addressed in totality.
Trust in AI will Enable Adoption
4. In addressing emerging technologies, these are the sorts of critical conversations we need to have. Technologies like cloud computing, Artificial Intelligence, and quantum computing promise significant benefits to our industries and economies. However, we must be clear-eyed about the risks, and how we will manage them, rather than learn the lessons the hard way, subsequently try to play catch up, and patch the vulnerabilities that we discover through crisis and something going wrong.
5. This is why we have made trust a core principle, a core part of Singapore’s plan for Smart Nation 2.0. All users – large organisations and individuals – must be able to trust that technology, including emerging technology, will be secure and reliable, that their safety and well-being are assured.
6. This provides the confidence to try new use cases and deploy new technologies in the next bound of growth, and this feeds into some of our larger aims in developing this Smart Nation 2.0 plan—what we can do for our communities, and what we can do to grow our society and our opportunities.
7. So, this is not just about growth and productivity—those are necessary outcomes, but this is also about implementing AI well. We know that we must adopt a higher standard for safety and security of AI in certain domains, such as healthcare, to address key risks.
a. We must protect our AI systems against malicious cyberattacks. We know threat actors can insert backdoors into open-source AI components, final models can be manipulated or disrupted. Threat actors could also mount classical attacks on the software supporting AI. The old risks haven’t gone away. They’ve just been added to, so these systems all need to be updated. They need to be patched.
b. We must protect AI models against attempts to extract data. And all these are necessary efforts to strengthen long-term trust in AI-based solutions.
8. This requires close partnership between service providers, industry players, and public sector technology partners, such as what we have in Singapore, Synapxe, our Healthcare Technology Agency and the Government Technology Agency of Singapore.
9. AI has also grown in many sectors, and across our entire ecosystem. Therefore, there are not just the sector-specific risks, we also face systemic risks. These have come to the fore in our thinking, and this is really an international challenge that we have to tackle together.
a. If there are disruptions to key parts of our critical AI infrastructure, many companies can lose access to their models, tools, and services.
b. And users will find it difficult to continue with their activities, if they build their business model, process model around AI and the AI solutions have been corrupted. Efforts to repair and restore these services could take some time, depending on the security and resilience measures that are in place.
c. And as this happens, it affects many people, regardless of where they reside and where the AI models have been deployed.
10. This is why it must be a priority for us to make AI secure, and trustworthy. If we had to worry constantly about such risks, it would be difficult for any of us to adopt AI.
11. These are the necessary conditions for AI adoption, and we need to take practical steps to provide a base of trust.
Our Progress in AI Security
12. Having painted the “glass half-empty” picture, actually we are seeing quite a bit of progress. There is a lot of AI adoption across the globe at an increasing pace. This is now the “glass half-full”. In some countries, we are seeing AI adoption in critical infrastructure.
13. Now we know that this adoption increases many classical cybersecurity risks. This can affect the confidentiality, integrity, and availability of AI. There are new risks unique to AI models and systems which are not authorised.
14. But we are not starting from zero. AI security is relatively nascent compared to the classical cybersecurity, but there are many existing efforts to help developers put the right guardrails in place, and to secure their models, secure their systems, and the many conversations that I’ve highlighted are part of this process.
a. The examples continue: the US National Institute of Standards and Technology has released an AI Risk Management Framework. This will help users to manage potential AI risks.
b. The Ministry of Science and Technology in South Korea has also announced its plans to make AI more safe, secure, and trustworthy, in its “Strategy to Realise Trustworthy AI”.
15. Yesterday, at the SICW Opening Ceremony, Senior Minister Teo Chee Hean announced that the Cybersecurity Agency of Singapore is publishing the first edition of our Guidelines and Companion Guide for Securing AI.
a. These guidelines set out key, evergreen principles that system owners should use to guide their approach to security of AI, including how they implement security controls and best practices.
b. The companion guide is a community effort to provide system owners with practical measures, and controls. This is not meant to be prescriptive, but is a resource to support system owners to navigate this nascent space.
c. I would like to thank our international partners, industry players, and professionals for their comments. We received positive feedback on our initial draft, along with suggestions on how to improve it.
d. We have taken effort to address the feedback, and have put the documents out as a community-led resource. We hope to continue working together to make AI more secure in practice.
16. I am also pleased to announce that CSA has worked with Resaro, a Singaporean company in the AI assurance space, to co-author a paper on AI security risks. This paper explores what security of AI means, and discusses the role that all stakeholders should play in this space. The Guidelines, the Companion Guide, and this discussion paper are all linked on the card that you may have seen on your seats. The paper and the companion guide are available online.
17. We are also developing our local community of cybersecurity professionals, to discover new techniques for securing AI.
a. For example, from July to September, Singapore hosted a Global Challenge for Safe and Secure Large Language Models, or LLMs. I am proud to share that this challenge saw more than 300 international participants to developing robust security measures and innovative approaches to mitigate jailbreaking attacks on LLMs, and to make LLMs more secure.
b. We had more than 100 teams in this challenge, including groups from China, Germany, Japan, Malaysia, Singapore, and the United States. This is a reflection of the global effort to tackle the challenges of AI.
c. Our top teams are in the audience with us today. Please join me in congratulating them and thanking them for their effort to make AI more secure.
d. We will have the panel discussion after this and after the panel discussion, the winners will receive their prizes. Please stay on and congratulate them, support them and encourage them for the great work that they have done, which we will encourage them to keep on doing.
Facilitating a Public-Private Conversation on AI
18. The panel today is an important opportunity for us as government officials to have an open dialogue with industry professionals, together with researchers, and explore how AI can be made more secure. I look forward to our panellists’ comments on the key measures we should prioritise, and what has been most effective so far.
19. More importantly, I look forward to how the dialogue can discuss how stakeholders should continue to work together and improve their relationships across government agencies, vendors, system owners, industry players, and users, to safeguard the development, deployment and the use of AI.
a. Everyone has a stake in building trust in AI. We are in this together and we are at a critical period for the development, deployment, and adoption of AI. We will work together to address these issues early – across sectors, and across jurisdictions.
20. Thank you for inviting me to be with you today. I wish you all a fruitful session, and a wonderful Cyber Week.