CISA and the Joint Cyber Defense Collaborative (JCDC) have released the JCDC AI Cybersecurity Collaboration Playbook. It guides voluntary information sharing to address vulnerabilities and cyber threats, fostering collaboration among government, industry, and international partners.

The AI Cybersecurity Collaboration Playbook provides guidance to organizations across the AI community –including AI providers, developers, and adopters – for sharing AI-related cybersecurity information voluntarily with the Cybersecurity and Infrastructure Security Agency (CISA) and other partners through the Joint Cyber Defense Collaborative (JCDC). While focused on strengthening collaboration within JCDC, the playbook also identifies actionable information sharing categories applicable to broader critical infrastructure stakeholders and other sharing mechanisms. CISA encourages organizations to adopt the playbook’s guidance to enhance their own information-sharing practices, contributing to a unified approach to AI-related cybersecurity threats across critical infrastructure.

This playbook aims to:

• Facilitate collaboration between federal agencies, private industry, international partners, and other stakeholders to raise awareness of AI cybersecurity risks and improve the resilience of AI systems.
• Guide JCDC partners on how to voluntarily share information related to cybersecurity incidents and vulnerabilities associated with AI systems.
• Delineate information sharing protections and mechanisms.
• Outline CISA’s actions upon receiving shared information to strengthen collective defense.

AI safety topics, such as risks to human life, health, property, or the environment, are outside the intended scope of the JCDC AI Cybersecurity Collaboration Playbook. Stakeholders should address any risks or threats involving human life, health, property, or the environment in a timely and appropriate manner, in accordance with their own applicable process or procedures for such events. Similarly, issues related to AI fairness and ethics are also outside the scope of this playbook. This playbook does not create policies, impose requirements, mandate actions, or override existing legal or regulatory obligations. All actions taken under this playbook are voluntary. This playbook will undergo periodic updates, evolving to address these challenges through active collaboration among government, industry, and international partners.

Partners that supported this effort include: Cisco Security, Robust Intelligence (now part of Cisco), Cranium, Fortinet, Google, HiddenLayer, IBM, Microsoft, Palantir Technologies, Palo Alto Networks, GitHub, Protect AI, Scale AI, Stability AI, Zscaler, U.S. Bank, Australian Signals Directorate, Federal Bureau of Investigation (FBI)