{"id":5933,"date":"2025-05-18T05:05:06","date_gmt":"2025-05-17T21:05:06","guid":{"rendered":"https:\/\/cicserver.com\/4-components-to-know-and-apply-when-securing-ai-by-design\/"},"modified":"2025-05-18T05:05:06","modified_gmt":"2025-05-17T21:05:06","slug":"4-components-to-know-and-apply-when-securing-ai-by-design","status":"publish","type":"post","link":"https:\/\/cicserver.com\/de\/4-components-to-know-and-apply-when-securing-ai-by-design\/","title":{"rendered":"4 Components to Know and Apply when Securing AI by Design"},"content":{"rendered":"


\n<\/p>\n

\n

Enterprises are ramping up AI deployments throughout their operations.<\/span><\/p>\n

Generative AI (GenAI) tool adoption alone has significantly increased in the past year. According to McKinsey & Company’s <\/span>2024 global survey on AI<\/a><\/span>, 65% of respondents said their organizations regularly use GenAI tools. In Palo Alto’s “<\/span>The State of Cloud-Native Security Report 2024<\/a><\/span>,” 100% of survey respondents said they’re rolling out AI-assisted application development.<\/span><\/p>\n

Integrating AI and large language models can fuel new productivity and efficiency benefits, but they also usher in new security risks. The answer isn’t to compromise security for productivity or slow down the business in the interest of security. The answer lies in building security into the very fabric of AI-enabled applications — in other words, securing AI by design.<\/span><\/p>\n

New Risks Require a New Approach<\/h2>\n

For many enterprises, <\/span>AI adoption<\/a><\/span> is directly tied to either growing the top line — via improved differentiation and creation of new revenue streams — or improving the bottom line through efficiencies in core business functions. Yet success is more than adding an AI model to the existing infrastructure stack and moving on to the next thing. An entirely new supply chain and AI stack are involved, including models, agents and plugins. AI also calls for new uses of potentially sensitive data for training and inferencing.<\/span><\/p>\n

Most AI-based tools and components are still nascent. Developers are feeling the pressure to develop these tools and components quickly so that organizations can deliver personal AI experiences to their users. Yet, many AI applications aren’t built with security in mind. As a result, they can potentially expose sensitive data, such as confidential corporate information and customers’ personal information. This mix of a compressed timeframe and emerging technology makes security even more complicated than it usually is with standard applications.<\/span><\/p>\n

Hackers know this and are seizing the opportunity to target AI systems. These attacks jeopardize operational functionality, data integrity and regulatory compliance.<\/span><\/p>\n

However tempting it might be, the answer isn’t to ban AI use. Organizations that don’t harness the power of this technology are likely to lag behind as their peers reap new efficiency and productivity benefits.<\/span><\/p>\n

Secure AI by Design<\/h2>\n

To stay competitive, organizations need to balance possible gains from AI adoption with security — without jeopardizing the speed of delivery. Secure AI by design is an extension of the Cybersecurity and Infrastructure Security Agency’s <\/span>Secure by Design<\/a><\/span> principle. It offers a framework that prioritizes AI security, enabling enterprises to safeguard AI during development and deployment from specific and general security threats.<\/span><\/p>\n

Key Components of a Secure AI by Design Approach<\/h2>\n

Comprehensive AI security<\/a><\/span> includes the following components:<\/span><\/p>\n

\n
    \n
  1. \n
    <\/p>\n
    \n

    Visibility.<\/span><\/span> Secure AI by design provides a view into all aspects of the enterprise AI ecosystem: Users, models, data sources, applications, plugins and internet exposure across cloud environments. It lets users recognize how AI applications interact with models and other data while also highlighting possible gaps and high-risk communication channels between apps and models.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n

  2. \n
    <\/p>\n
    \n

    Threat protection<\/span><\/span>. It safeguards organizations against known and zero-day AI-specific attacks, malicious responses, prompt injection, leakage of sensitive data and more. It’s designed to protect AI applications from malicious actors who try to take advantage of all the novel risks that AI components introduce into an application infrastructure.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n

  3. \n
    <\/p>\n
    \n

    Continuous monitoring for new threat vectors<\/span><\/span>. This model tracks constantly changing applications. It diligently protects and continuously monitors the AI ecosystem’s runtime risk exposure. It should also assess new and unprotected AI apps, observe AI runtime risk and highlight any unsafe communication pathways coming from AI apps.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n

  4. \n
    <\/p>\n
    \n

    Use of controls<\/span><\/span>. It allows IT teams to make informed decisions about when to allow, block or limit access to GenAI apps — either on a per-application basis or by using categorical or risk-based controls. These controls, for example, might block everyone except developers from accessing code optimization tools. Or they can allow employees to use ChatGPT for research purposes but never to edit source code.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ol>\n<\/div>\n

    Designed to be Secure<\/h2>\n

    AI has the potential to transform every industry, much like cloud and mobile computing did in years past. Securing AI technologies is critical as businesses increase their development and deployment. Enterprises need a way to <\/span>manage AI risks<\/a><\/span> at every step of the journey.<\/span><\/p>\n

    To keep sensitive data secure, modern enterprises need a comprehensive approach to protect AI systems from a range of threats, ensuring their safe and effective use and paving the way for secure innovation. To do that, enterprises need to secure AI from the ground up.<\/span><\/p>\n<\/div>\n