The rapid advancement of Generative AI (GenAI) technologies offers transformative opportunities within Australia's critical technologies of national interest while introducing unique security challenges. This paper presents SecGenAI, a comprehensive security framework for cloud-based GenAI applications, with a focus on Retrieval-Augmented Generation (RAG) systems. SecGenAI addresses functional, infrastructure, and governance requirements, integrating end-to-end security analysis to generate specifications emphasizing data privacy, secure deployment, and shared responsibility models. Aligned with Australian Privacy Principles, AI Ethics Principles, and guidelines from the Australian Cyber Security Centre and Digital Transformation Agency, SecGenAI mitigates threats such as data leakage, adversarial attacks, and model inversion. The framework's novel approach combines advanced machine learning techniques with robust security measures, ensuring compliance with Australian regulations while enhancing the reliability and trustworthiness of GenAI systems. This research contributes to the field of intelligent systems by providing actionable strategies for secure GenAI implementation in industry, fostering innovation in AI applications, and safeguarding national interests.

翻译：生成式人工智能（GenAI）技术的快速发展为澳大利亚国家利益关键技术领域带来了变革性机遇，同时也引入了独特的安全挑战。本文提出SecGenAI，一个针对基于云的GenAI应用的综合性安全框架，重点关注检索增强生成（RAG）系统。SecGenAI涵盖功能、基础设施和治理需求，集成端到端安全分析以生成强调数据隐私、安全部署和共担责任模型的规范。该框架与澳大利亚隐私原则、人工智能伦理原则以及澳大利亚网络安全中心和数字转型机构的指导方针保持一致，有效缓解数据泄露、对抗性攻击和模型反演等威胁。SecGenAI的创新方法将先进的机器学习技术与稳健的安全措施相结合，在确保符合澳大利亚法规的同时，提升了GenAI系统的可靠性与可信度。本研究通过为工业界提供可操作的GenAI安全实施策略，促进了人工智能应用的创新并保障国家利益，从而为智能系统领域做出贡献。