Recently, the UK government introduced a world-first AI network code of conduct for companies developing AI systems. This voluntary framework outlines 13 principles aimed at effectively mitigating potential risks such as AI-driven cyber attacks, system failures, and data breaches.

This code primarily targets developers, system operators, and data custodians responsible for creating, deploying, or managing AI systems. Vendors selling only AI models or components must adhere to other relevant guidelines.

The Department for Science, Innovation and Technology highlighted in a press release: "From protecting AI systems against hacker attacks and malicious damage to ensuring they are developed and deployed safely and reliably, this code will provide strong support for developers, helping them create safe and innovative AI products that drive sustained economic growth."

To enhance the security of AI systems, the code recommends several measures, including implementing AI security training programs, formulating detailed recovery plans, conducting risk assessments, maintaining security checklists, and actively communicating with end-users about how their data is used.

Notably, the release of this code follows the launch of the government's AI Opportunity Action Plan, which details 50 ways to promote AI industry development, aiming to make the UK a leader in the global AI field. Cultivating AI talent is seen as a key component.

In addition, just one day before the code was released, the UK National Cyber Security Centre (NCSC) urged software vendors to promptly eliminate so-called 'unforgivable vulnerabilities'. These vulnerability mitigation measures are not only inexpensive but well-documented, making them easy to implement. The NCSC's vulnerability management head pointed out that vendors have long prioritized functionality and rapid market entry over fixing vulnerabilities that could significantly enhance security. He believes that tools like the AI vendor code of conduct will help eliminate many vulnerabilities and ensure security becomes a core element of software development.

Besides launching the AI network code of conduct, the UK has joined forces with countries such as Canada, Dubai, Ghana, Japan, and Singapore to establish a new international cybersecurity workforce alliance. This alliance aims to collectively address the skills gap in the cybersecurity field, with members unifying approaches, adopting common terminology, sharing best practices and challenges, and maintaining ongoing dialogue and exchange. Given that women account for only a quarter of cybersecurity professionals, there is clearly significant room for improvement in this area.

For enterprises, this AI network code of conduct is equally important. According to recent research, up to 87% of UK businesses are not prepared for cyber attacks, and 99% of businesses have experienced at least one cyber incident in the past year. Moreover, only 54% of UK IT professionals express confidence in their ability to recover company data after an attack. Considering that UK cyber risks are widely underestimated, although the AI network code of conduct is currently voluntary, businesses should actively adopt these security measures to protect their AI systems and reduce the risk of cyber threats.