On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”) announced the publication of a joint Cybersecurity Information Sheet that provides best practices on how to secure data used in artificial intelligence (“AI”) and machine learning systems. The new guidance – authored by CISA, the National Security Agency’s Artificial Intelligence Security Center, the Federal Bureau of Investigation, and the cybersecurity authorities in Australia, New Zealand and the United Kingdom – was primarily developed for Defense Industrial Bases, National Security System owners, federal agencies, critical infrastructure owners and operators, and any organization that uses AI systems in their day-to-day operations. This guidance builds upon joint guidance on Deploying AI Systems Securely that was issued by the NSA in April 2024. The new guidance was issued to raise awareness of potential data security risks associated with the development, testing, and deployment of AI systems; provide companies with best practices for securing AI data across various stages of the AI lifecycle; and enable them to establish a strong foundation for data security in their AI systems.
The best practices proposed in the guidance include the use of data encryption, digital signatures, data provenance tracking, and a trusted infrastructure. The guidance also provides a brief overview of the AI system lifecycle and an in-depth examination of three significant areas of data security risks in AI systems: data supply chains, maliciously modified (“poisoned”) data, and data drift. Each of the three sections contains a detailed description of the risks and corresponding best practices to mitigate those risks. While data security is an ever-evolving field that requires continuous vigilance and adaptation to protect against emerging threats, the guidance urges companies to adopt these best practices and risk mitigation strategies to fortify their AI systems and protect the proprietary data used to develop and operate those systems.
CISA Resources | AI Data Security: Best Practices for Securing Data Used to Train and Operate AI Systems