Skip to main content

As artificial intelligence (AI) solutions become increasingly integrated into commercial enterprises, the need for reliable, robust AI security measures has never been greater. Some tools, such as computer vision (CV) and Natural Language Processing (NLP) models have been around for a while, but new tools, such as generative AI (GenAI), which includes ChatGPT, Midjourney, and many others, are very new and porous in terms of security.

No matter their structure or functionality, AI solutions offer numerous benefits at all levels of an organization, from enhanced innovation and improved decision-making in areas ranging from Operations to Finance, to increased efficiency and automated testing in the software development (DevOps) and machine-learning operations (MLOps) pipelines. However, they also present unique security challenges. 

Every security risk an organization faces must also be considered a business risk and, as such, must be addressed with a combination of creativity, precision, and speed. In this post, we identify and explain best practices for establishing a comprehensive, cross-functional AI security program to protect the people, processes, and property of a commercial enterprise. These suggestions support overall cybersecurity activities, including data loss prevention (DLP), threat detection and deflection, user authentication and access, to ensure the overall integrity of an organization’s AI systems and solutions.

Conduct a Comprehensive Risk Assessment

The foundation of any successful AI security program is a thorough risk assessment that identifies potential vulnerabilities, external threats, and internal risks associated with AI implementation across the enterprise. Consider the following factors during the risk assessment:

Model Exposure: Assess how and where AI models are deployed throughout the organization, whether they interact with external parties or third-party services, and what protocols are in place to protect the models.  

Adversarial Attacks: Understand the threats faced by the models used in-house and the ways the data fed into them can be manipulated.

Regulatory Compliance: Ensure that the AI security program aligns with relevant corporate, industry, and governmental data protection and privacy regulations, including regulations that may be in effect in localities, regions, or countries in which your organization does not have a physical presence, but conducts business.

Internal Threats: Identify potential risks posed by careless, clueless, or corrupt insiders who may have access to AI systems and reevaluate the permission status of those individuals.

Implement Secure Data Governance Protocols

AI heavily relies on large volumes of data, making data governance a critical aspect of AI security. Secure data governance involves:

Data Classification: Classify data based on its sensitivity, and restrict access to sensitive information to authorized personnel only. Include the data used to train AI models, data that is manipulated by AI tools, such as during analysis, interpretation, or collation activities, or data or intellectual property (IP) that could inadvertently be sent outside the organization by AI tools, such as a large language model (LLM) like ChatGPT, used by employees. Ensure strong DLP solutions, such as the following, are in place.

Data Encryption: Use encryption techniques to keep data safe while in transit, as well as when it is stored in databases and other systems, to prevent unauthorized access and data breaches.

Data Anonymization: Anonymize any data containing personally identifiable information (PII) to safeguard against unauthorized release.

Data Retention and Deletion: Establish clear policies for when and how to securely retain and delete data to minimize exposure to risk.

Ensure Model Explainability and Transparency

Model explainability and transparency are becoming more important to an organization’s AI security infrastructure as they relate to operational, as well as legal and compliance, concerns, as they can play a role in:

Bias Detection: Examine how models used in decision-making functions could be biased on certain issues, which, left undetected, might lead to discriminatory or unfair outcomes.

Error Identification: Provide human-in-the-loop/human-on-the-loop oversight by observing the predictions made by deployed models to detect potential errors and prevent unintended consequences.

Adversarial Attack Detection: Learn the typical model behavior to identify changes that could indicate adversarial attacks.

Establish a Cadence of Model Audits and Vulnerability Assessments

Models are software and, therefore, are not immune to vulnerabilities. Additionally, new threat vectors appear constantly. A regular cadence of audits and vulnerability assessments are crucial and should include, at minimum, the following:

Penetration Testing: Conduct “pen testing” to identify and address security weaknesses in AI systems before they become breaches or worse.

Adversarial Testing: Conduct stress-tests of models to determine their robustness and resilience when faced with adversarial attacks.

Code Review: Conduct reviews, preferably by experienced human developers, of model code to identify any potential security flaws or vulnerabilities; this is especially important if the development teams use AI tools to write code.

Patch Management: Stay current with security patches and updates for AI solutions in use.

Open Source Review: Conduct reviews of the security posture of open-source tools in use.

Secure the Model Deployment Environment 

Deployment conditions and environments can vary widely depending on the purpose of the model, and AI-dependent models are increasingly used on cloud platforms, edge devices, and internal infrastructure. Securing model deployment involves:

Secure Application Programming Interfaces (APIs): APIs are increasingly under siege as an attack surface. Ensure APIs connected to models in use are secured with appropriate access controls, including strictly enforced authentication and authorization mechanisms.

Container Security: When deploying models in containers, such as Docker, establish and follow container security protocols to prevent container breaches.

Network Security: Networks can be porous in small, but dangerous ways. Ensure all network configurations are secure, access is limited to authorized personnel, and AI infrastructure is isolated to enable monitoring of potential threats.

Monitoring and Incident Response: Establish monitoring systems and protocols to detect unusual activity occurring on networks, models, and other AI-dependent systems in use. Task a cross-functional team with establishing an organization-wide Incident Response Plan that can be implemented rapidly if a security breach occurs. Hold regular “table-top” simulations of a breach to allow people to understand their role in a crisis.

Educate Company Personnel About AI Security Issues and Plans 

Personnel working in an organization, whether employees or contractors, executives or interns, are both a significant security tool and a significant security risk. One thoughtless click in a phishing email–which are getting more sophisticated and difficult to identify daily–can ruin a cybersecurity team’s day, week, and month, but an alert staffer who recognizes a threat and reports it can save the organization time, money, and possibly even its reputation. Training and educating employees about AI security threats and appropriate responses can go a long way to preventing security breaches. Consider including the following in an organizational AI Security Program:

Security Awareness Training: Conduct regular security awareness training sessions to educate employees about AI-related threats your organization could face, given your industry and your organization’s risk profile.

Social Engineering Awareness: Educate employees about social engineering tactics that may target AI-related information and/or specific roles within the organization.

Incident Reporting Mechanism: Create a clear, simple, easy-to-initiate reporting mechanism so personnel can notify appropriate security teams about any suspicious activities or potential security incidents.

Establish a Zero-Trust Model

Describing an AI security program as following a zero-trust model is a short way of indicating that the security infrastructure grants no entity, irrespective of status or any other trait, inherent trust. Rather, every access request must be authorized and thoroughly verified before system access is granted to the person requesting access. Clearly, these land low on employees’ popularity and ease-of-use polls, but they are a stalwart defense against unauthorized access and activity. Implementing a zero-trust model for an AI security program involves:

Identity and Access Management (IAM): Develop and adhere to strict IAM policies to control access to AI-dependent systems, models, and data.

Continuous Monitoring: Adopt continuous monitoring and anomaly detection mechanisms to promptly detect unauthorized activities.

Multi-Factor Authentication: Enforce multi-factor authentication to provide an extra layer of security to user logins.

Least Privilege Principle: Grant users the minimum level of access required according to their roles and responsibilities.


As AI continues to reshape the enterprise landscape, ensuring the security of AI-dependent systems is of the highest importance. Implementing a comprehensive AI security program involves conducting risk assessments and regular audits, implementing data governance processes, supporting model explainability, ensuring secure model deployment, providing employee education, and adopting a zero-trust model. Following these “security first” best practices will assist organizations in fortifying their AI-dependent systems against potential threats and maintaining stakeholder trust while reaping the benefits of AI-powered solutions.