The Register: Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups

Apr 23, 2025

—

Source URL: https://www.theregister.com/2025/04/23/exnsa_boss_ai/
Source: The Register
Title: Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups

Feedly Summary: Bake in security now or pay later, says Mike Rogers
AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers.…

AI Summary and Description: Yes

Summary: The text emphasizes the importance of incorporating security measures into AI development from the outset. Mike Rogers, a former NSA director, advocates for proactive safety and security integration in AI systems, drawing parallels with historical cybersecurity practices to prevent future vulnerabilities and risks in AI applications.

Detailed Description: The statement made by Mike Rogers highlights a crucial best practice in AI development by emphasizing the importance of building security into models from the beginning rather than attempting to add it later. This approach resonates particularly with professionals involved in AI, cloud computing, and information security. Here are the primary points conveyed:

– **Proactive Security Integration**: Establishing security as part of the design phase for AI models can reduce inherent risks.
– **Historical Context**: Rogers references the initial phases of cybersecurity, suggesting that lessons learned from past vulnerabilities in IT can inform and improve current AI development practices.
– **Risks of Retroactive Solutions**: Attempting to ‘bolt on’ security after deployment can lead to more significant vulnerabilities and increased costs associated with mitigating those risks post-hoc.
– **Professional Implications**: AI engineers and associated security professionals are encouraged to adopt development methodologies that prioritize security, potentially leading to more robust and resilient AI systems.

This insight holds significant implications for security and compliance professionals, as it highlights the need for an integrated approach to both AI development and security management. By viewing security as inherent rather than adjunctive, organizations can foster a culture of security-first thinking that could enhance compliance with regulations and mitigate future risks associated with AI systems.

2 2025 3 4 5 a Act after AI AI applications AI development ai model AI models AI systems and app Application applications art as Best building by C CI CIA Cloud cloud computing co compliance compliance professionals Computing Context cost Costs crew culture Current cyber cybersecurit Cybersecurity cybersecurity practices D day days de deployment design development development practices e Engineer engineers event fact first for future g GIS H high Highlight http HTTPS implications in information information security infosec integration IRS J k l led Li M made man management measures Mode model models N no NSA o of on OPM opt organization organizations out point post potential pre proactive proactive security professionals R rag rate RCE red Regulation regulations Risk risks Ro s safe safety sec security security and compliance security integration security management security measure security measures security practices security professionals Sig size SoC solutions source SSO state system systems T text the to Tor TP UI up ups US V vulnerabilities Wi x