IGF 2023 WS #33 Ethical principles for the use of AI in cybersecurity

Wednesday, 11th October, 2023 (06:15 UTC) - Wednesday, 11th October, 2023 (07:45 UTC)
WS 1 – Annex Hall 1

Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security
New Technologies and Risks to Online Security

Organizer 1: Jochen Michels, 🔒Kaspersky
Organizer 2: Genie Gan, 🔒
Organizer 3: Dennis-Kenji Kipker, University of Bremen
Organizer 4: Gladys O. Yiadom, Kaspersky

Speaker 1: Noushin Shabab, Private Sector, Asia-Pacific Group
Speaker 2: Amal El Fallah Seghrouchni, Civil Society, African Group
Speaker 3: Dennis-Kenji Kipker, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Anastasiya Kazakova, Civil Society, Eastern European Group


Genie Gan, Private Sector, Asia-Pacific Group

Online Moderator

Jochen Michels, Private Sector, Western European and Others Group (WEOG)


Gladys O. Yiadom, Private Sector, Western European and Others Group (WEOG)


Panel - 90 Min

Policy Question(s)

A. What are the key ethical principles that should be considered when using AI in cybersecurity? B. What concrete measures must be taken by different stakeholders to implement the ethical principles in practice and make them verifiable? C. How can a permanent multistakeholder dialogue and exchange on this be stimulated?

What will participants gain from attending this session? Attendees will receive input on what ethical considerations should be considered when using AI in cybersecurity and will be able to share ideas on this with the panelists and other attendees. The ideas will be discussed, new suggestions will be made, and the proposals will be further developed. The goal is to develop a basis that can serve as a guideline for industry, research, academia, politics and civil society in developing individual ethical principles.


We are currently witnessing a swift development of artificial intelligence (AI) which has the potential to bring many benefits to the world, including the strengthening of cybersecurity. AI algorithms help with rapid identification and response to security threats and automate and enhance the accuracy of threat detection. While numerous general ethical principles for AI have already been developed (e.g. in 2021, the UNESCO adopted Recommendations on the Ethics of AI), there is currently no specific set of ethical principles for the development, distribution, and use of AI components in cybersecurity. Due to the particular opportunities but also risks of AI in cybersecurity, there is a need for a broad dialogue on such specific ethical principles. For this reason, Kaspersky has developed initial ideas on which aspects should be taken into account here. These will be discussed and further developed in the workshop. Some key ethical principles could be as follows: • The human must remain in control: While AI systems are designed to operate in a self-contained and autonomous mode, human control remains as an important element of their implementation. • Developed and used for cybersecurity: The one and only goal of AI systems developed for digital security is to provide users with the best cybersecurity solutions and services that cannot be used to negatively impact any system. • Safety comes first: While designing and developing AI systems for cybersecurity, it has to be ensured that their operation does not negatively affect users or their infrastructure. • Be transparent: Openness and readiness for dialogue with users and stakeholders as well as clearness in the model of operations of algorithms should be key goals. • Maintain privacy: Training data play a vital role in the implementation of AI systems. Processing such data must be based on respecting and protecting people's privacy.

Expected Outcomes

After the session, an impulse paper on “Ethical principles for the use of AI in cybersecurity“ will be published. It will reflect the discussion results and will be made available to the IGF community. In addition, the paper can be sent to other stakeholders to gather complementary feedback. Kaspersky will also develop and publish its own principles based on the paper, providing a best practice for the cybersecurity industry.

Hybrid Format: The moderators will actively involve the participants in the discussion, for example through short online surveys at the beginning, after the initial statements and at the end of the session. The survey tool can be used both by onsite participants and by online participants. This will generate additional personal involvement and increase interest in the hybrid session. During the „Roundtable“-Part, active participation is possible for both onsite and online participants, as all participants should actively contribute their ideas. Both onsite and online participants will have the same opportunities to participate. Planned structure of the workshop: • Introduction by the moderator • Survey with 2 questions • Presentation of the draft principles by Kaspersky speaker • Brief impulse statements by other speakers with their view on the principles • Survey with 2 questions • Moderated discussion with the attendees onsite and online – Roundtable • Survey with two questions • Wrap-up