MDDI 演講稿 · 2024-07-03
Janil Puthucheary 高階政務部長在 AiSP AI 安全峰會上的開幕致辭
要點
- • AI 引入新的安全風險——對抗性機器學習(MIT 讓 AI 誤把 3D 列印烏龜當作步槍;McAfee 通過改限速牌讓特斯拉早期 Mobileye 系統出錯)+ 經典威脅(微軟研究員誤暴露 38 TB 包含私鑰與 30,000+ 條 Teams 訊息的資料;ChatGPT 被誘導復現包含敏感資訊的訓練資料)。
- • 新加坡 CSA 在 2023 年 11 月與英國 NCSC、美國 CISA 共同蓋章《Guidelines for Secure AI System Development》;本月將公開諮詢《保護 AI 系統的技術指南》。
- • 「AI 安全」與「AI 服務網路安全」並存:暗網式 AI(WormGPT 等)能造高質量惡意軟體、個性化釣魚郵件、深度偽造;同樣——防禦方也能用 AI 做異常檢測、自主響應。
- • Deep Instinct 2024 年 6 月:美國 97% 受訪網路安全專家擔憂本組織會因 AI 惡意使用而遭遇安全事件。
- • 今天 AiSP 啟動「AI 特別興趣組」(AI SIG)——成員討論 AI 進展、分享洞察。
完整譯文(繁體中文)
MDDI 英文原文譯文 · 翻譯日期: 2026-05-03
本文已從早期版本的網站遷移過來——格式可能有不一致之處。
Tam Huynh 助理秘書長,
AiSP 成員、
各位女士、先生:
早安。我很高興出席今天 AiSP 首屆「AI 安全峰會」。
過去幾年——AI 快速擴散,並被部署到廣泛的空間。這顯著影響了威脅格局。我們知道——AI 的快速發展與採用——讓我們暴露在許多新風險之下。
其中包括「對抗性機器學習」——攻擊者可藉此破壞模型的功能。
a. 一個廣為人知的例子是——MIT 的研究者能讓 AI 把一隻 3D 列印的烏龜誤以為是步槍——即便從不同角度去看。
b. McAfee 的研究者也能通過對「AI 已被訓練識別的限速牌」做小改動——破壞特斯拉早期的 AI 系統 Mobileye。
c. 這一類風險相對新——我們需要做更多去更好理解它們。包括新加坡政府科技局(GovTech)在內的公私機構——一直在發展能力,模擬這種針對 AI 系統的攻擊——更好地理解它們如何影響 AI 安全。這樣做——也幫助我們把「正確的安全護欄」放就位。
AI 也容易受到經典網路威脅——包括對資料隱私的威脅。AI 的廣泛採用——使「資料被暴露、外洩或損壞」的威脅面增長。
a. 你們當中有人可能聽過——38 TB 資料被微軟 AI 研究人員意外暴露——他們當時正嘗試分享一個 AI 資料集。檔案中包含私鑰、密碼、以及超過 30,000 條使用者在 Microsoft Teams 上傳送的訊息。
b. 在「持續性攻擊」中——ChatGPT 也能被操縱以重現其訓練資料——這些資料可能包含敏感資訊——比如姓名、地址、電話號碼。
類似事件——會侵蝕公眾對「AI 模型安全、可靠」的信任與信心。
a. 沒有信任——個人與組織可能擔憂——這些工具會輸出錯誤、不一致或有害的結果。
b. 這反過來影響——產業能否最大化 AI 的好處——以及我們能否借力 AI 來推動新加坡數字經濟與社會的進一步增長。
我很高興看到——產業玩家——包括 AiSP 與其夥伴——在領導關於「如何讓 AI 更安全」的討論。我們都能在「培育一個保護使用者與系統、同時促進成長與創新的可信 AI 環境」上扮演角色。
在政府方面——新加坡網路安全域性(CSA)一直與產業夥伴及外國同行合作——開發系統持有者在「AI 採用方法」決策上應使用的清晰指南。
a. 比如——2023 年 11 月——CSA 與英國國家網路安全中心(NCSC)、美國網路安全與基礎設施安全域性(CISA)——共同蓋章《Guidelines for Secure AI System Development》。
我很高興宣佈——CSA 本月也將就《保護 AI 系統的技術指南》(Technical Guidelines for Securing AI Systems)公開徵求意見。
a. 這一組「自願性」的指南——意在補充關於 AI 安全的既有資源——為新加坡的系統持有者提供可應用的實操措施——回應對系統與使用者的潛在風險。
b. 我們邀請生態中的所有成員——包括 AiSP 成員、國際夥伴——為「我們如何改進這些指南」提供反饋。我們也理解——AI 在多種語境與用例中被使用。我們希望——這些指南務實有用。
c. CSA 將在接下來幾周內分享更多關於公開諮詢的細節。攜手——我們能為想加強 AI 工具安全的安全專業人士——提供一個有用的參考。
我希望產業夥伴與專業人士——繼續儘自己一份——確保 AI 工具與系統在惡意威脅面前保持安全——即便技術持續演化。
「AI 服務網路安全」
在這些努力同時——許多組織也在思考——如何保護自己免受「AI 濫用驅動的攻擊」。
a. 我們許多人擔心——生成式 AI 會被濫用——產生有說服力的、個性化的釣魚郵件——誘使使用者點選釣魚連結與附件。威脅行為者也能創造令人信服的深度偽造——讓使用者信以為真而被誤導。
b. 在網路安全特定層面——我們已經看到「暗網級 AI」(dark AI,如 WormGPT)的出現與上升——它顯示 AI 能被用來製造精密的惡意軟體——這些威脅——既有系統可能難以偵測。
這是國際級關切——比如 2024 年 6 月——Deep Instinct 報告——美國 97% 的受訪網路安全專家擔心——本組織會因 AI 的惡意使用而遭遇安全事件。
對「AI 被濫用」的擔憂——是自然的。但同樣重要的——是思考——AI 如何能成為「服務網路安全行業之善」的力量。就像威脅行為者把這一技術整合進自身行動——防禦者也必須學會掌握 AI 給工作帶來的好處。
我們許多人已經看到——AI 能成為安全運營的「價值倍增器」。若使用得當——AI 能幫防禦者以更高速度、更大規模、更高精度識別風險——幫我們更快回應。這能讓我們的團隊在面對網路威脅時——更高效、更有效。
即便是更精密的威脅——AI 也能幫助「拉平比賽場」。我們已經看到——機器學習演算法在「檢測異常、對潛在威脅掛載自主響應」的方案中越來越多被使用。我也期待——產業如何用 AI 增強我們今天擁有的網路安全工具——並如何幫我們獲得「決定性的優勢」。
「AI 特別興趣組」啟動
AI 仍是一項演化中的新興技術——未來幾年我們仍將看到用例數量增長。同時——我們也將發現需要管理的新風險。我們必須在這兩個優先事項之間——把「微妙的平衡」拿捏好——才能在「安全的領域裡創新」。
為此——我們的科技專業人士必須緊跟這項技術的發展與演化——尤其是從事信任、安全、網路安全工作的同行。
a. 這能幫我們做出關於「如何採用 AI、如何管理已知風險」的好建議。
b. 它也能幫我們塑造——「AI 應當依據安全的原則被開發」這一更廣義的對話。
今天——AiSP 啟動其「AI 特別興趣組」(AI SIG)。
a. 這一小組將為成員提供一個平臺——討論 AI 進展、交換關鍵洞察與經驗、與社群分享他們的知識。
b. 成員可以用這一平臺——討論網路安全行業如何在「與 AI 共存共發展」的同時——繼續確保數字領域可信而安全。
c. 當 AI 成為數字基礎設施的不可或缺組成時——這些將是關鍵議題。
感興趣的成員——可以聯絡 AiSP 秘書處——瞭解如何加入 SIG。我祝他們未來的對話順利。
結尾
我們都應當儘自己一份——確保 AI 能持續安全。這會影響我們的組織與使用者——在它們嘗試充分利用 AI 時——的信心。
a. 對需要更多指引的人——CSA 的指南會是一個有用的起點。請留意未來幾周——公眾如何獲取該指南——以及如何向 CSA 提供反饋。
同時——我們也可以意識到——AI 給網路安全帶來的機會。我們要緊跟這一空間的發展——並倡導採用「在對抗對手中證明有效」的 AI 工具。
我們也可以維持一個專家與同行的網路——在威脅格局演化時——可以彼此諮詢。AiSP 成員可以從「AI SIG」開始——它將由 Tam Huynh 先生主持。
祝大家今天的會議討論富有成效。非常感謝。
英文原文
MDDI 官網原始記錄 · 抓取日期: 2026-05-02
This article has been migrated from an earlier version of the site and may display formatting inconsistencies.
Assistant Secretary Mr. Tam Huynh,
AiSP Members,
Ladies and gentlemen,
Good morning. I am happy to be joining you today for AiSP’s first AI Security Summit.
Over the past couple of years, AI has proliferated rapidly and been deployed in a wide variety of spaces. This has significantly impacted the threat landscape. We know that this rapid development and adoption of AI has exposed us to many new risks.
This includes adversarial machine learning, which allows attackers to compromise the function of the model.
a. A well-known example is how researchers at MIT were able to trick AI to think that a 3D-printed turtle was a rifle, even if the turtle was viewed from different angles.
b. Researchers at McAfee were also able to compromise Tesla’s former AI system, Mobileye, by making small changes to the speed limit signs that the AI had been taught to recognise.
c. This class of risks is relatively new and we need to do more to understand them better. Both public and private entities, including the Government Technology Agency of Singapore, have been developing capabilities to simulate such attacks on AI systems, to understand better how they can affect the security of AI. And by doing so, this will help us to put the right safeguards in place.
AI is also vulnerable to classic cyber threats, including those to data privacy. In particular, the widespread adoption of AI has led to a growth in the threat surface for data to be exposed, exfiltrated, or damaged.
a. Some of you may have heard how 38 terabytes of data were accidentally exposed by Microsoft AI researchers, who were trying to share an AI dataset. The files included private keys, passwords, and more than 30,000 messages sent by users, on Microsoft Teams.
b. In other types of attacks - persistent attacks - ChatGPT can also be manipulated to reproduce its training data, which may contain sensitive information – like names, addresses, and phone numbers.
Incidents like this undermine public trust and confidence that AI models are safe, secure, and reliable.
a. Without trust, individuals and organisations might fear that tools will produce incorrect, inconsistent, or harmful output.
b. This, in turn, affects whether the industry can maximise the benefits of AI, and whether we can leverage the use of artificial intelligence to drive further growth in the digital economy and society in Singapore.
I am heartened to see that industry players, including AiSP and its partners, are leading discussions on how we can make AI more secure. We can all play a part in fostering a trusted AI environment that protects users and systems, while facilitating growth and innovation.
On the government front, the Cyber Security Agency of Singapore has been working with industry partners and foreign counterparts to develop clear guidelines that system owners should use, when making decisions on the approach to adopt AI.
a. For example, in Nov 2023, CSA co-sealed the “guidelines for secure AI system development”, which was developed with the UK’s National Cyber Security Centre (NCSC) and US’s Cybersecurity and Infrastructure Security Agency (CISA).
I am pleased to announce that CSA will also be releasing its “Technical Guidelines for Securing AI Systems” for public consultation this month.
a. This set of voluntary guidelines are intended to complement existing resources on the security of AI, and provide practical measures that system owners in Singapore can use to address potential risks to systems and users.
b. We invite all members of the ecosystem, including Members of AiSP, and international partners, to provide their feedback on how we can improve the guidelines. We understand that AI is used in a wide range of contexts, and across multiple use-cases. We want to ensure that these guidelines are practical and useful.
c. CSA will release more details on the public consultation in the following weeks. Together, we can provide a useful reference for security professionals looking to enhance the security of their AI tools.
I hope that industry partners and professionals will continue to do their part to ensure that AI tools and systems are kept safe and secure against malicious threats, even as techniques evolve.
AI for Cybersecurity
In parallel to these efforts, many organisations are also thinking about how to secure ourselves against attacks that are driven by the misuse of AI.
a. Many of us are concerned about how generative AI can be misused to generate convincing, personalised emails that trick our users into clicking phishing links and attachments. Threat actors can also create convincing deepfakes and trick our users into believing misinformation and disinformation.
b. Specific to cybersecurity, we have seen the use and the rise of dark AI like WormGPT, which shows that AI can be used to create sophisticated malware. These threats may be difficult for existing systems to detect.
The concern is international – for example, in Jun 2024, Deep Instinct reported that 97% of cybersecurity experts surveyed in the US were concerned that their organisations would suffer a security incident, caused by malicious use of AI.
It is natural that we are concerned about how AI can be misused. However, it is just as important for us to consider how AI can be a force for the good of the cybersecurity sector. Just as threat actors integrate this technology into their operations, defenders need to learn to master the benefits that AI can bring to their work.
Many of us have seen how AI can be a valuable force multiplier for security operations. If used properly, AI can help defenders identify risks at greater speed, scale, and precision, which can help us to address risks more quickly. This can help us to make our teams more efficient, and effective, as we defend against cyber threats.
Even for more sophisticated threats, AI can help to level the playing field. We have already seen an increase in the use of machine-learning algorithms in solutions to detect anomalies, or to mount an autonomous response to potential threats. I look forward to hearing how the industry can use AI to improve the range of cybersecurity tools we have today, and how this can help us to gain a decisive advantage.
Launch of AI Special Interest Group
AI is still an evolving, emerging technology, and we will continue to see a growth in the number of use cases in these next few years. At the same time, we will discover new risks, which will need to be managed. We will need to strike a careful balance between these two priorities, to ensure that we innovate in a safe domain.
And in doing so, our tech professionals need to stay up to date on how this technology develops and evolves – especially for those of us who work in trust, safety and cybersecurity.
a. This will help us to make good recommendations on how AI is adopted, and how we can manage the known risks.
b. It will also help us shape the wider conversation on how AI should be developed, in line with the principles of safety and security.
Today, AiSP will be launching its AI Special Interest Group.
a. This group will provide a platform for members to discuss AI developments, exchange key insights and experiences, and share their knowledge with the community.
b. Members can use this platform to discuss how the cybersecurity sector can continue to ensure the digital domain is trusted, and secure, while co-existing and co-developing with AI.
c. These will be critical topics as AI becomes an integral part of digital infrastructure.
Interested members can reach out to the AiSP Secretariat for details on how to join the SIG. I wish them the best in their future conversations.
Conclusion
We should all play our part in ensuring that AI can continue to be safe, and secure. This will affect the confidence of our organisations and users as they try to make full use of what AI can offer.
a. For those who need more guidance, CSA’s guidelines will be a useful place to start. Please keep an eye out for details on how the public can access the guidelines in the coming weeks, and how to provide your feedback to CSA.
At the same time, we can be aware of the opportunities that AI can bring for cybersecurity. We can keep ourselves abreast of developments in this space, and advocate for the adoption of AI tools that prove to be effective against our adversaries.
We can also maintain a network of experts and peers that we can consult, especially as the threat landscape develops. AiSP members can start with the AI SIG, which will be chaired by Mr. Tam Hyunh.
I wish you a series of fruitful discussions at the conference today. Thank you very much.