The resource provides guidance and an interactive tool to help organizations identify and manage security risks in AI systems.

The RAND Corporation released an AI Security Guide and Risk Assessment Tool designed to help organizations identify and reduce security risks associated with artificial intelligence systems.

The resource, available on RAND’s website, provides a framework and an interactive tool that organizations can use to evaluate vulnerabilities in AI systems and determine appropriate security controls throughout the lifecycle of those systems. The guide covers risks that can arise during the design, development, deployment, and operation of AI models.

According to RAND, the tool is intended for developers, cybersecurity professionals, and policy practitioners working with AI technologies. The guide outlines common security threats, including attacks that manipulate inputs, poison training data, tamper with models, or extract sensitive information from AI systems.

The framework takes a risk-based approach, directing users to identify the most relevant vulnerabilities for their specific AI system and environment and apply layered security controls proportionate to those risks. The tool provides tailored recommendations based on user responses.

The guidance also identifies conditions that may make certain AI systems higher risk, such as those used in safety-sensitive environments or those capable of influencing high-stakes decisions affecting health, safety, or economic outcomes.

RAND said the guide does not replace compliance frameworks, legal advice, or existing security standards. Instead, it is designed as a practical reference to help organizations understand vulnerabilities and implement safeguards aligned with established cybersecurity and risk-management frameworks.