AI Threats Span the Full Stack. Your Security Strategy Should, Too.
Key Highlights
-
AI is expanding the attack surface. From user-facing chatbots to backend infrastructure, AI introduces new risks that demand more than just prompt guardrails.
-
Zero Trust must extend across the full stack. Applying strict identity-based controls from applications to data centers is essential to block lateral movement and stop sophisticated, automated threats.
-
Cyber-physical infrastructure is now a high-stakes target. Power, cooling, and building systems in data centers must be protected with the same rigor as data and applications to maintain uptime and security.
AI’s rapid evolution has put cybersecurity under the microscope. As they experiment with their AI systems and workflows, organizations are faced with growing risks. The result is a blurred view of what actually matters in securing AI environments.
In reality, securing AI is about so much more than just prompt guardrails. It must block rogue AI risks while also protecting confidential data, sensitive compute resources, and even the vital cooling systems on which high-performance AI depends.
Enterprise tech environments are more complex than ever, and as watershed advancements like AI give security teams more to account for, a holistic approach centered on securing the full stack is the best path forward. Fragmented approaches towards security will only leave weaknesses for savvy threat actors to exploit, while a top-to-bottom zero trust strategy enables rigorous architectures to be applied consistently throughout.
Otherwise, it is all too easy to miss the need for strict control when, for instance, a user is using an AI LLM to pull information from a confidential database, or an administrator is using a DCIM to adjust the settings on a cooling system.
Take, for example, a recent study by Anthropic and Carnegie Mellon, which simulated the infamous 2017 Equifax breach—one of the largest in history—using large language models (LLMs), which executed the attack without human help and at low cost.
Examples like these make clear just how quickly the threat landscape is evolving. When threats are malleable and generated by automated natural language prompt experimentation, cybersecurity needs to provide certainty with controls that cannot be bypassed or jailbroken.
Cybersecurity needs to provide certainty with controls that cannot be bypassed or jailbroken.
AIs and User Interfaces
User-facing applications, including AI components like models and chatbots, are the most visible element of the enterprise tech stack, requiring airtight protection and governance. A recent IBM report found that 13% of organizations reported breaches of AI models or applications, with 97% of those breached not having strong controls in place.
As threats against AI continue to take shape, corporate and IT leaders should be investing time and resources in implementing the strict Zero Trust protections for AI that they already demand for critical IT resources such as customer or financial data while also fitting those rigorous protections to the more dynamic and complex interactions seen in AI environments.
As McKinsey research indicates, organizations and their employees are eager to embrace the opportunities of AI, provided that security and privacy concerns can be put to rest. Zero Trust for AI enables those concerns to be addressed with certainty.
This is especially crucial inside the corporate data center, where new applications, including AI, are requiring new kinds of access and interaction control. Business users, data scientists, and automated agents are working collaboratively and dynamically with proprietary data and systems. As a result, Zero Trust architectures are needed across the full application stack to keep high-stakes information and systems secure.
Backend Systems
Securing the backend is another high-profile consideration, especially when threats can be more clandestine. Bad actors are likely to target underlying infrastructure when attempting to breach an organization, and with AI tools at their disposal, they’re better able to veil their threats than ever.
AI models thrive on data collection, and hackers who are able to gain entry into backend systems can potentially steal proprietary and personal information from the companies and/or employees they are targeting. If allowed to roam free, the results could be catastrophic and costly for victims, while being incredibly cost-efficient for the hackers.
As a result, authentication processes will be especially crucial to overall security moving forward. Tried-and-true methods like Zero Trust should be the first solution that companies look to, especially given that AI is hyper-generalized and broadens the overall attack surface.
Requiring repeated authentication, including MFA or even biometric verification, adds hurdles for malicious actors that either deters threats completely or stops them in their tracks. Meanwhile, Zero Trust’s identity-by-identity approach ensures that, even if attackers should gain a foothold somewhere, they won’t be able to use it to spread to other systems throughout the network.
Authentication processes will be especially crucial to overall security moving forward.
Data Centers and Cyber-physical Infrastructure
Data centers, including their cyber-physical infrastructure, have long powered our digital lives but have never held a higher-stakes role in security than they do today. According to real estate and data center investment firm JLL, data center capacity is expected to grow by 15% per year through 2027, but even that will not be sufficient to meet market demand.
Uptime is a central goal of data center environments, keeping user apps and AI models running around the clock. Higher energy demands place additional stress on facilities and shrink the margin of error for building systems.
Many data centers have made a shift towards liquid cooling to keep up, and some have even aimed to use harsh environments like deserts and the ocean to their advantage as energy and cooling sources, respectively.
Data center operators must ensure that power, cooling, physical security, building management systems, data center integrated management (DCIM) tools, and remote access tools for administrators and vendors do not become a backdoor for hackers. The same Zero Trust rigor that is needed for business applications, AI components, and confidential data is also needed for the cyber-physical systems that keep the data center running.
Interplay among the elements of the AI and application stack is the new cybersecurity reality. Security leaders must not only stay vigilant and attuned to the threat landscape but also need to expand the best Zero Trust architectures beyond their traditional uses. The best protection needs to be applied throughout the stack, from AI components, through apps and digital assets, to the underlying data center cyber-physical infrastructure.
The threat landscape has shifted from static vulnerabilities to the dynamic risks of AI, proprietary data, business applications, and cyber-physical infrastructure. Full-stack security is no longer optional. It’s the new baseline.
About the Author
Duncan Greatwood
CEO of Xage Security
Duncan Greatwood is the CEO of Xage Security. Most recently, he was an executive at Apple, helping to lead a number of Apple's search-technology projects and products. Prior to Apple, Duncan was CEO of Topsy Labs, the leader in social media search and analytics acquired by Apple in 2013. Prior to Topsy, he was founder and CEO of PostPath Inc., the email, collaboration and security company acquired by Cisco in 2008. Previously, Duncan held Vice President roles in Marketing, Corporate Development and Sales at Virata/GlobespanVirata/Conexant, as well as earlier engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales, marketing, operations, technology, and human experience to the task of driving growth at Xage. Duncan holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from London Business School.