#Sec4AI4Secs: AI for better security, security for better AI.
The Sec4AI4Sec project aims to develop innovative security-by-design methodologies to address vulnerabilities in modern systems. Unlike traditional efforts focusing on software and hardware components, Sec4AI4Sec includes the emerging frontier of AI-enabled components. These components, identified as critical assets under the European Digital Resilience and Sovereignty strategy, encompass data, AI-driven software, runtime platforms, development pipelines, and the human actors involved (developers and data scientists).
#Dual Approach: Sec4AI and AI4Sec
Sec4AI4Sec recognizes that AI plays two pivotal roles in cybersecurity:
- Sec4AI: AI components embedded in deployed systems extend the attack surface with new vulnerabilities, including adversarial attacks, poisoning, bias, and interpretability challenges. Traditional testing tools (e.g. SAST, DAST) fall short in addressing these issues.
- AI4Sec: AI-powered tools support DevOps teams in secure coding and vulnerability mitigation. However, high false-positive rates and lack of structured methodologies hinder their adoption in certification frameworks.
The project’s ultimate goal is to establish robust assurance methods for AI-augmented systems, thereby facilitating cybersecurity certification.
#Objectives and Outcomes
Sec4AI4Sec outlines seven key objectives (Figure 1).
The first and last objectives tie together the approach to security and AI in a coherent and applicable whole.
- O1 - Certification methods for AI/ML components: development of comprehensive assurance processes rather than reliance on unverified tool outputs, which could exacerbate technical debt.
- O7 - Real-world case studies: validation will occur through pilots addressing critical cybersecurity scenarios aligned with European Digital Sovereignty goals
The remaining objectives tackles the two perspectives
- O2: Benchmarking frameworks: support the development of trustworthy security benchmarking data as a key step to standardize the evaluation of AI-driven tools and models.
- O3: Robustness and fairness testing: create attack algorithms and testing methodologies to identify AI-specific vulnerabilities of AI-models.
- O4: Runtime monitoring and correction: develop non-invasive monitoring techniques of AI-augmented systems to detect threats, correct misconfigurations, and update assurance protocols before exploits occur.
- O5: Reduce false positives: design AI-driven tools to accurately locate security flaws, minimizing false positives in vulnerability detection tools
- O6: Automate patches: employ AI to create, validate, and recommend secure patches for identified vulnerabilities to software developers
This multifaceted approach ensures that Sec4AI4Sec addresses the immediate security challenges of AI systems and paves the way for sustainable, long-term resilience in AI-driven ecosystems.
#Real-World Validation and Strategic Impacts
The project focuses on three critical domains towards the EU Resilience Act and Digital Compass priorities:
- 5G core virtualization,
- Autonomous systems in aviation, and
- Third-party software quality and security assessments.
#Team Members
A diverse consortium of leading universities, innovative SMEs, large enterprises, and a center for digital innovation has collaborated to ensure a comprehensive and multi-faceted approach.