The complex and evolving threat landscape of frontier AI development requires a multi-layered approach to risk management ("defense-in-depth"). By reviewing cybersecurity and AI frameworks, we outline three approaches that can help identify gaps in the management of AI-related risks. First, a functional approach identifies essential categories of activities ("functions") that a risk management approach should cover, as in the NIST Cybersecurity Framework (CSF) and AI Risk Management Framework (AI RMF). Second, a lifecycle approach instead assigns safety and security activities across the model development lifecycle, as in DevSecOps and the OECD AI lifecycle framework. Third, a threat-based approach identifies tactics, techniques, and procedures (TTPs) used by malicious actors, as in the MITRE ATT&CK and MITRE ATLAS databases. We recommend that frontier AI developers and policymakers begin by adopting the functional approach, given the existence of the NIST AI RMF and other supplementary guides, but also establish a detailed frontier AI lifecycle model and threat-based TTP databases for future use.

翻译：前沿人工智能发展的复杂且不断演变的威胁态势需要采用多层级的风险管理方法（"纵深防御"）。通过梳理网络安全与人工智能框架，我们概述了三种有助于识别人工智能相关风险管理漏洞的途径。首先，功能化途径识别风险管理方法应涵盖的核心活动类别（"功能"），例如美国国家标准与技术研究院（NIST）网络安全框架（CSF）和人工智能风险管理框架（AI RMF）所采用的方式。其次，生命周期途径将安全防护活动分配至模型开发生命周期的各个阶段，如DevSecOps和经合组织（OECD）人工智能生命周期框架所示。第三，基于威胁的途径识别恶意行为者使用的战术、技术与程序（TTPs），例如MITRE ATT&CK和MITRE ATLAS数据库中的分类方法。鉴于NIST AI RMF及其他补充指南已存在，我们建议前沿人工智能开发者和政策制定者首先采用功能化途径，同时应建立详细的前沿人工智能生命周期模型和基于威胁的TTP数据库以供未来使用。