← Back to all briefings

Cybersecurity · Credibility 91/100 · · 2 min read

Executive Order 14110 on Safe, Secure, and Trustworthy AI — October 30, 2023

President Biden directed NIST, DHS, and sector risk agencies to advance secure-by-design development, critical infrastructure resilience, and AI red-teaming safeguards.

Executive briefing: On President Biden signed Executive Order 14110, launching a comprehensive set of actions to manage AI safety and security risks. The order instructs NIST to develop AI safety standards and testing guidance, directs DHS and sector risk management agencies to issue critical infrastructure-specific AI risk mitigation frameworks, and requires the expansion of secure-by-design practices to protect software and model supply chains.

Key security directives

  • NIST AI safety framework. NIST must publish guidelines for red-teaming, secure development, and capability evaluations that agencies and industry can adopt.
  • DHS critical infrastructure guidance. The Cyber Safety Review Board will evaluate AI-related incidents, while CISA and sector leads will update performance goals to cover AI-enabled threats.
  • Supply-chain risk management. Developers of powerful AI models must report safety test results to the U.S. government and meet secure-by-design expectations for software and model releases.

Control alignment guidance

  • NIST AI RMF. Integrate the AI Risk Management Framework with cybersecurity governance processes to document model inventories, threat scenarios, and control ownership.
  • Zero Trust architectures. Update identity and data segmentation policies to prevent AI systems from expanding lateral movement paths or exposing sensitive training data.
  • Secure development lifecycle. Embed adversarial testing, provenance tracking, and model release gates into CI/CD pipelines consistent with the executive order.

Operational recommendations

  • Stand up cross-functional AI security councils to monitor forthcoming DHS and NIST guidance and assign owners for compliance actions.
  • Inventory AI model use cases supporting critical infrastructure services and assess whether reporting or safety testing obligations apply.
  • Strengthen supplier due diligence questionnaires to capture AI development practices, secure training data handling, and red-team readiness.
  • United States
  • Artificial intelligence
  • Critical infrastructure
  • Secure by design
Back to curated briefings