規制環境や安全性が重要な場で使われるAIシステムにおいて、プライバシー、漏えい、敵対的リスク、ガバナンス制約がどう影響するかを研究しています。
現在の中心仮説
High-stakes AI deployment is mainly an engineering and governance problem. Model quality matters, but the decisive questions are about threat models, access boundaries, logging, rollback, data stewardship, and the human ability to notice and contain failure.
2026年の見立て
In 2026, the serious question is not whether an AI feature can ship. It is whether it can fail safely, be audited under pressure, and remain governable across vendors, updates, and adversarial use.
人間中心設計の視点
Security controls only work when operators can tell what state the system is in, what the safe next action is, and who owns the next decision. Human-factors engineering is part of the defense surface.
翻訳状況
この研究方向ページは現在英語版のみです。共通ナビゲーションと周辺 UI は、選択した言語のままご覧いただけます。
Guidance from CISA, NSA, and partner agencies on deploying AI securely, first released on April 15, 2024, is still being operationalized in real systems, while the international Guidelines for Secure AI System Development keep pressure on teams to treat the full lifecycle as part of the attack surface. NIST's 2025 adversarial machine learning taxonomy further sharpens the threat vocabulary around model evasion, extraction, and poisoning. The practical lesson is straightforward: security cannot be bolted onto a model endpoint after procurement. It has to be designed through architecture, operations, and user-facing defaults from the start.
Default settings, permissions, and data paths should assume non-expert operators and common attacker behavior.
Reassess risks at design, procurement, deployment, maintenance, and retirement rather than only during launch.
Keep logs, versioning, and evidence retention in forms incident responders and compliance teams can actually use.
Design for partial compromise, rollback, isolation, and fail-safe degradation instead of assuming the model will stay well behaved.
Probe prompt injection, data poisoning, extraction, model evasion, and tool misuse under realistic attack paths.
Test whether models, logs, and retrieval layers expose sensitive data directly or through inference.
Measure detection latency, containment speed, rollback quality, and evidence availability during incidents.
Check whether controls, documentation, and review points satisfy the actual regulatory or institutional workflow.
Joint CISA, NSA, FBI, and partner guidance published on April 15, 2024 and still highly relevant for deployment threat modeling and controls.
International lifecycle guidance that keeps supply chain, maintenance, and decommissioning inside the security conversation.
A 2025 taxonomy that helps teams reason more precisely about attack classes and failure surfaces in AI systems.
A current navigation point for U.S. guidance on securing and using AI systems in operational environments.