Kainos leads on creating UK government AI cyber security guidance

We authored the implementation guide for DSIT’s AI Cyber Security Code of Practice
Home · Insights · Kainos leads on creating UK government AI cyber security guidance
Date posted
31 January 2025
Reading time
5 minutes

The UK Government Department for Science, Innovation and Technology (DSIT) has published its new Code of Practice for AI Cyber Security, and Kainos is proud to have been a key partner in its development. DSIT commissioned Kainos to create the implementation guide that complements the Code and outlines how organisations can implement its 13 principles. Each iteration was reviewed by DSIT and National Cyber Security Centre officials. The Code and guide will be submitted to ETSI (The European Telecommunications Standards Institution) and used as the basis for a new global standard and accompanying guide.

Practical cyber security guidance mapped to the AI lifecycle

The guide is broken down by the stages of the AI lifecycle, making it easy for organisations to implement security best practices in areas including:

  • Raising awareness of AI security threats and risks
  • Designing AI systems for security as well as functionality and performance
  • Evaluating threats and managing risks to AI systems
  • Enabling human responsibility for AI systems
  • Identifying, tracking and protecting assets
  • Securing AI infrastructure and supply chains
  • Documenting data, models and prompts
  • Conducting appropriate testing and evaluation
  • Communicating and enabling end users
  • Monitoring system behaviour and maintaining regular security updates, patches and mitigations
  • Ensuring proper data and model disposal
image

John Sotiropoulos, Head of AI Security at Kainos, led this project. He commented: “The Code of Practice and implementation guide will play a key role in helping organisations achieve the optimal balance of innovation and security. It’s unique because it’s not just a list of standards and controls. Instead, it shows how key security principles should be applied across the AI lifecycle, demystifying everything from threat modelling, security by design and AI supply chain security to testing strategies, operations and decommissioning.” 

Concrete examples for implementing AI security best practices

The implementation guide isn’t a ‘one size fits all’ approach – it outlines how to implement the Code’s principles in various scenarios. Whether you’re a tech company developing AI capabilities, an SME exploring specific AI use cases, an enterprise using more complex machine learning or a government agency using an AI chatbot – the guide is clear on how to achieve the right protection.

Andy Kemp, Head of Public Sector at Kainos, commented: “We’re at a pivotal moment when it comes to AI security as the international regulatory landscape shifts and the pace of innovation globally accelerates. In this context, it’s not about what needs to be done from a cyber security perspective; it’s about how organisations should proceed. Kainos is at the forefront of helping bridge that gap, bringing experience of real-world implementations alongside ongoing work with government and on standards creation.”

Leading in the fast-moving AI security space

This contribution adds to Kainos’ near decade of experience delivering secure-by-design AI solutions. Our dedicated AI and data team of more than 200 experts supports large government and global organisations. This includes AI ethics, governance and cyber security capabilities that can be accessed in a unique modular approach and combined through responsible AI services.

Our secure-by-design AI methodology has enabled organisations to deliver value fast while supporting robust cyber resilience. It has been applied successfully in national-scale deployments that have proven AI’s transformative potential, including in longstanding partnerships with various public sector entities. For example, pioneering work with the Defence, Science and Technology Laboratory – part of the Defence AI Centre – involved implementing their ethics-by-design approach within the Ministry of Defence.

Furthermore, Kainos leads the creation of AI security standards internationally. This includes publishing best-selling material on adversarial AI and co-leading the influential OWASP (Open Web Application Security Project) Top 10 for LLM Standards and the OWASP Agentic Security Initiative. Working closely with the National Institute of Standards and Technology (NIST), the UK National Cyber Security Centre and the US AI Safety Institute Consortium, we also lead on creating AI security standards and guidelines organisations use.

Aislinn McBride, Chief Technology Officer at Kainos commented: “Kainos’ fusion of thought leadership, standards creation and successful AI implementations – with practical and actionable risk-based measures – enabled to us to create DSIT’s implementation guide. Kainos are leading the way in helping organisations unlock AI’s potential with confidence, and I am delighted that we've brought that to bear in DSIT.”

To learn more about how public sector organisations can capitalise on AI while addressing ethical, security and tech challenges, download our report – Enabling Public Sector AI Readiness: Confronting the Ethical, Technological and Organisational Barriers.

Contact our Responsible AI Team to discuss how we can support a resilient AI approach at your organisation.