(Adnkronos) – The European Commission has presented an action plan to address in a structured way the risks and opportunities related to advanced artificial intelligence (AI) models in cybersecurity. This was learned from a statement issued by the community executive, which recalls how some new frontier models can be misused to identify vulnerabilities, automate attacks and increase the scale and speed of cyber incidents at an unprecedented rate.
The plan, which is based on the EU legal framework for AI and cybersecurity, aims to involve Member States, industry, and European bodies to strengthen the security of the community’s digital landscape in the face of vulnerabilities posed by advanced models: they will need to be evaluated, and related mitigation measures carefully examined, before their commercialization in the EU market, remaining within the scope of the AI Act. The Commission will launch a dedicated call to establish a European cybersecurity assessment capacity, which should be operational by 2027 and contribute to the regulatory function of the AI Office, and is committed to working with the EU Agency for Cybersecurity (Enisa) to define a European model for structured access to advanced AI capabilities in the cyber domain to support European public and private organizations.
Enisa and the Joint Research Centre (JRC) will be responsible for creating a secure platform to test AI in cybersecurity, including through simulated environments, with the aim of transferring skills to operators in critical sectors such as finance, energy, health, transport, and public administration, the text explains. Organizations are also called upon to intensify practices of cyber hygiene, risk management, and security by design, using already available AI capabilities, including open source ones, to identify and correct vulnerabilities more quickly. To support this work, Enisa will foster partnerships between public authorities, businesses, and the open-source community, with guidelines, recommendations, and a campaign dedicated to the security of critical open-source software.