VOOZH about

URL: https://thenewstack.io/the-new-realities-of-ai-security-architecture/

⇱ The New Realities of AI Security Architecture - The New Stack


TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
The New Stack does not sell your information or share it with unaffiliated third parties. By continuing, you agree to our Terms of Use and Privacy Policy.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Follow TNS on your favorite social media networks.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
1 of 2
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
Thanks for your opinion! Subscribe below to get the final results, published exclusively in our TNS Update newsletter:
NEW! Try Stackie AI
From clobbered drafts to real-time sync
Apr 14th 2026 10:00am, by David Moore
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by Loraine Lawson
2024-06-19 06:30:56
The New Realities of AI Security Architecture
sponsor-nginx,sponsored-post-contributed,
AI / API Management / Security

The New Realities of AI Security Architecture

AI security must be customized and tuned at the functional level to ensure that systems detect threats and bad intent without blocking normal behaviors.
Jun 19th, 2024 6:30am by Liam Crilly
👁 Featued image for: The New Realities of AI Security Architecture
Image from Ayesha kanwal on Shutterstock
NGINX sponsored this post.

We are in the early stages of enterprise AI adoption. Many organizations are experimenting with AI services delivered via API and running their own AI infrastructure and models. AI applications are unlike legacy applications and require a new security architecture. Old technologies such as filtering, firewalls and digital loss protection are no longer sufficient.

A new architecture must take into account the new attack surface of AI infrastructure. This includes inference and training and all the insertion points in the AI stack — additional model tuning via retrieval-augmented generation (RAG) or other modalities, for example.

What’s more, AI security must be customized and tuned at the functional level to properly ensure that responsible systems will detect and block threats and bad intent without blocking normal behaviors, which might inadvertently draw a red flag. This distributed architecture will put AI security gateways at key positions in the infrastructure stack. Each LLM-based service and application will need a number of security-focused AI companion tools to protect enterprises adequately.

In other words, your LLM needs an AI to secure it. This new architecture is like nothing we have seen before and will require a significant shift in the way we do security.

A Map of the AI Attack Surface

To effectively secure AI, we must first map the expanded attack surface it presents. This encompasses both the inference and training phases of AI models. For most AI applications, each phase includes multiple steps, dependencies and inputs. Each phase also requires different types of AI defenses suitable to its function and location in the stack.

AI Training Attack Surface

Training is the process of preparing AI models to shape their behavior and capabilities for specific (or sometimes general) use cases. Possible attack insertion points in this portion of AI infrastructure and application development include:

  • Underlying (internal) infrastructure: AI training is performed mainly on GPUs and other processors built for parallel processing of programming instructions. This infrastructure is deployed on familiar deployment architectures, such as containers built on Kubernetes. At this layer, infrastructure teams will also deploy ingress controllers and load balancers to manage and shape traffic.
    • How an AI gateway can help: Ensure training traffic is within expected parameters and only permitted from authorized sources. Identify anomalous behavior at the infrastructure layer and deliver resilience and continuity should infrastructure components be compromised.
  • Frameworks and libraries: To train AI models, teams deploy frameworks and toolchains such as PyTorch and TensorFlow, which rely on large external software libraries. For example, PyTorch dependencies are mostly managed and pulled from the Python Package Index (PyPI).
    • How an AI gateway can help: Analyze the use of frameworks and libraries to ensure that teams use datasets to induce specific model behaviors.
  • Data tuning and cleansing: Data training involves using a set of labeled examples to teach machine learning models to recognize patterns and make predictions. The quality and quantity of training data are critical to the accuracy and effectiveness of these models. High-quality training data ensures that the model can generalize well in response to new, unseen data, while poor-quality data can lead to inaccurate or biased predictions. Data pipelines often include not only ingestion of labeled examples but also modifications or edits to the dataset to induce specific model behaviors.
    • How an AI gateway can help: Prevent data poisoning attacks by insiders or outsiders tampering with data sources or seeking to inject bad or corrupt data into training databases. Ensure that models are not trained on unauthorized or sensitive (PII) data. Provide role-based access control to the data infrastructure.

AI Inferencing Attack Surface

Inferencing is the process that occurs when a trained AI model makes predictions or decisions based on new, unseen data. It involves feeding the new data into the model, performing computations based on the learned parameters and generating an output such as classification, prediction or generated text. Inference is also involved in the output of generative AI models for consumer applications, like ChatGPT.

  • Underlying (internal and external) infrastructure: Many of the same infrastructure elements used for training are also used for AI inferencing. Inferencing is less compute-intensive but is often more continuous, and is more likely to be distributed. Increasingly, infrastructure is distributed to the edge to improve latency, with key values and common responses cached closer to users. This further extends and more widely distributes the attack surface. There are also additional components for inferencing scenarios. For example, RAG, a technique used to deliver more relevant and accurate results by including documents alongside prompts, has its own data and compute infrastructure.
    • How an AI gateway can help: It can protect all the different infrastructure nodes against model poisoning and model theft while monitoring RAG processes to ensure that internal resources are not being hijacked or misused.
  • Frameworks and libraries: Use cases are largely the same across training and inferencing except for added external exposure (public applications or APIs).
    • How AI gateway can help: Like model training, an AI gateway can analyze frameworks and libraries to ensure that teams are using only legitimate packages and not introducing compromised or unauthorized dependencies.
  • Application interface: Unlike training, in the inference stage, the AI system is exposed to the public or to API consumers. This means the application ingests prompts and then responds accordingly. This is the most exposed attack surface. It can also affect the underlying infrastructure because it can be viewed as an entry point for other types of attacks or techniques used to compromise internal systems. This can also be a highly distributed exposure because AI services may power components of other applications and thus may be exposed to abuse in that manner.
    • How an AI gateway can help: Provide prompt sanitization and monitoring and speaking to the model training AI gateway to ensure signs of model drift or bias inducement are not emerging at runtime. Model theft monitoring and mitigation are also critical functions.

The Future of AI Security Must Be Evenly Distributed

AI security is different. Training and inference are divided into two distinct phases, each with different needs and risks. Compared to legacy application architectures, AI applications have different behaviors, deployment patterns and novel attack surfaces. This requires a fundamental shift in our approach to security architecture.

To effectively protect against the wide range of potential attacks on AI models’ training and inferencing stages, the logical path forward is to put AI where the AI is. That is, the AI gateway can’t be a perimeter checkpoint. It must be more like a human nervous system — distributed to be close to the action, customized to specific attributes and constantly communicating.

NGINX, now a part of F5, is the company behind the popular open source project, NGINX. NGINX offers a suite of technologies to develop and deliver modern applications including NGINX Plus for load balancing, App Protect for security, and NGINX Ingress Controller to get control of Kubernetes.
Learn More
The latest from NGINX
TRENDING STORIES
Liam Crilly, senior director of product management at F5, wrote his first web app in 1993, and has enjoyed working with internet software ever since. Liam has led various products across F5, including NGINX open source projects.
Read more from Liam Crilly
NGINX sponsored this post.
SHARE THIS STORY
TRENDING STORIES
SHARE THIS STORY
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.
The New Stack does not sell your information or share it with unaffiliated third parties. By continuing, you agree to our Terms of Use and Privacy Policy.