South Korea publishes the first government standard for AI red teaming
On July 8, 2026, South Korea's Ministry of Science and ICT released two guidelines that turn 'we red-teamed our AI' from an unverifiable claim into an auditable one — the first such government standard anywhere.
What is this?
On July 8, 2026, South Korea’s Ministry of Science and ICT (MSIT) released two formal government guidelines — the AI Security Threat Response Manual and the AI Security Red Teaming Guide. Together they establish what appears to be the first official, auditable government standard for how organizations should identify AI-specific security threats and structure the adversarial testing teams that hunt for them.
The move addresses a gap that researchers have flagged for years. Georgetown’s Center for Security and Emerging Technology stated in October 2025 that “red-teaming practices vary widely, and there are few established standards or best practices,” and 2026 systematic reviews described AI red-teaming as fragmented, with limited threat modeling and inconsistent evaluation metrics. Until now, an organization’s claim to have red-teamed its AI has been a self-attestation against no agreed baseline. The guidelines were unveiled at Seoul’s 15th Information Protection Day ceremony, with keynote presentations from CISA, the UK AI Safety Institute, and Google.
How it works
The two documents cover different halves of the problem, and that separation is the point.
The Red Teaming Guide is practitioner-facing. It defines how an AI security red team should be structured, staffed, and operated in production, and which adversarial methodologies it must apply. It combines two goals that are often conflated: security testing (protecting the AI system from external attack) and safety testing (preventing the system from producing harmful output).
The Threat Response Manual is operator-facing. It catalogues the threat scenarios developers and operators are most likely to face, mapped across the AI lifecycle rather than onto frameworks built for deterministic software. Three families stand out: training-time attacks such as model poisoning and backdoor injection, which embed dormant triggers into the model long before deployment; inference-time attacks such as prompt injection, which exploit the fact that a language model follows natural-language instructions wherever they appear in its context; and privacy attacks such as membership inference, which can reveal whether a specific person’s data was in the training set. For each, the Manual sets out practical countermeasures.
The guidelines sit inside a layered regime — Act, Enforcement Decree, Notices, Guidelines — that Seoul has been building since its AI Framework Act (“AI Basic Act”) passed in December 2024. Earlier drafts already flagged red-teaming as a good practice; the July 8 documents are the first to define it concretely.
Why it matters
South Korea’s AI Basic Act took effect on January 22, 2026, with a one-year administrative-fine grace period, so enforcement can begin as early as January 22, 2027. The July guidelines are part of the rulemaking sprint to put compliance infrastructure in place before that date.
The law reaches beyond Korean borders. Foreign operators above defined thresholds — roughly 1 trillion KRW in prior-year total revenue, 10 billion KRW in AI-service revenue, or more than one million average daily domestic users — face obligations if their systems affect the Korean market, and must designate a domestic representative. Organizations running “high-impact AI” in sectors such as healthcare, finance, energy, transportation, and education now have a defined standard their programs will be measured against. Compliance pressure is converging from two directions at once, since the EU AI Act’s high-risk provisions are slated to take effect in August 2026.
There is a diplomatic backdrop too. Korea’s AI Safety Institute signed memoranda of understanding with OpenAI on June 17 and Anthropic on June 18, 2026, and holds bilateral agreements with Google DeepMind, OpenAI, and Anthropic — making it one of the most internationally connected AI safety bodies outside the EU and the US.
Defenses
For any team operating AI systems that touch Korean users, the guidelines translate into a concrete near-term checklist:
- Obtain translations early. The July 8 documents are published in Korean only, with no English version announced. Teams in scope should commission translations rather than wait.
- Stand up or document a red-team program that meets the Guide’s operational standards. A program that tests only for chatbot jailbreaks does not meet the bar; the standard expects coverage of training-time and privacy attacks as well.
- Assess high-impact systems against the Threat Response Manual. Walk each deployment through the Manual’s scenarios — poisoning, inference attacks, AI-assisted intrusions — and record the countermeasures in place.
- Separate reactive from proactive work. Good incident response does not substitute for a structured red team, and vice versa; the two documents exist precisely because organizations tend to have one and not the other.
- Align with parallel frameworks. Mapping controls to the NIST AI RMF and the EU AI Act reduces duplicate effort as the August 2026 and January 2027 deadlines approach.
The broader significance is narrow but real: in South Korea, the sentence “we’ve red-teamed our AI” now has a definition it can be audited against.
Status
| Item | Value |
|---|---|
| Guidelines released | July 8, 2026 (MSIT) |
| Documents | AI Security Threat Response Manual; AI Security Red Teaming Guide |
| Governing law | AI Framework Act (“AI Basic Act”) |
| Act effective date | January 22, 2026 |
| Enforcement (after grace period) | As early as January 22, 2027 |
| Scope | Operators of “high-impact AI”; extraterritorial above thresholds |
| Language | Korean only (no English translation announced) |
Key dates: December 2024 — AI Framework Act passed. January 22, 2026 — Act took effect. July 8, 2026 — Threat Response Manual and Red Teaming Guide released. January 22, 2027 — earliest enforcement.
Sources
- → https://www.techtimes.com/articles/319978/20260709/south-korea-codifies-ai-red-teaming-ending-era-unverifiable-security-claims.htm
- → https://www.mlex.com/mlex/articles/2498274/south-korea-issues-guidelines-on-ai-related-cyber-threats-red-teaming-practices
- → https://ourtake.bakerbotts.com/post/102low8/south-korean-ministry-of-science-and-ict-issues-package-of-regulations-to-supplem
- → https://cset.georgetown.edu/publication/south-korea-ai-law-2025/