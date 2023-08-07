An essential part of shipping software securely is red teaming, which involves emulating real-world adversaries and their tactics to identify risks and enhance security. Microsoft has a history of red teaming emerging technology, and in 2018, they established the AI Red Team, dedicated to probing AI systems for failures.

Microsoft is now sharing best practices from their team to help others proactively hunt for failures in AI systems and improve their security posture. The practice of AI red teaming has expanded to include probing for security vulnerabilities as well as other system failures, such as generating harmful content. Red teaming is crucial for understanding the risks associated with AI systems, including prompt injection and ungrounded content generation.

Microsoft recently committed to subjecting all high-risk AI systems to independent red teaming before deployment, reflecting their commitment to responsible AI.

The goal of this blog is to provide security professionals with an understanding of how AI red teaming intersects with traditional red teaming and empower them to implement red teaming for both AI and traditional systems.

Over the years, Microsoft’s AI Red Team has developed and shared content to help security professionals implement AI securely. They have collaborated with MITRE, industry partners, and academia to create resources like the Adversarial Machine Learning Threat Matrix and the automation tool Microsoft Counterfit.

Security-related AI red teaming aligns with Microsoft’s responsible AI principles, impacting the way they ship AI products. For example, before releasing the new Bing chat experience, a team of experts probed for security and responsible AI risks, informing risk measurements and mitigations.

AI red teaming can take place at the base model level or the application level. Red teaming the base model helps identify misuse, scope capabilities, and understand limitations. Application-level red teaming takes a system view and probes for failures beyond the model-level safety mechanisms.

Probing for both security and responsible AI risks provides insights into threats and compromises to AI systems. AI red teaming encompasses security goals like model theft as well as fairness and harmful content issues. It helps prioritize defense investments and identify issues early.

By sharing their learnings, Microsoft aims to shape the AI Red Team program and enable organizations to implement AI red teaming effectively.