4 Components to Know and Apply when Securing AI by Design4 Components to Know and Apply when Securing AI by Design

As enterprises adopt and develop AI applications, they must ensure they're baking security into the process. This is the concept of secure AI by design, where security isn't added after the fact but is built in from the ground up.

Rich Campagna, SVP, Network Security, Palo Alto Networks

February 11, 2025

4 Min Read
Robot finger selecting a lock icon on a screen
CREDIT: PEACHAYA TANOMSUP / ALAMY STOCK PHOTO

Enterprises are ramping up AI deployments throughout their operations.

Generative AI (GenAI) tool adoption alone has significantly increased in the past year. According to McKinsey & Company's 2024 global survey on AI, 65% of respondents said their organizations regularly use GenAI tools. In Palo Alto's "The State of Cloud-Native Security Report 2024," 100% of survey respondents said they're rolling out AI-assisted application development.

Integrating AI and large language models can fuel new productivity and efficiency benefits, but they also usher in new security risks. The answer isn't to compromise security for productivity or slow down the business in the interest of security. The answer lies in building security into the very fabric of AI-enabled applications -- in other words, securing AI by design.

New Risks Require a New Approach

For many enterprises, AI adoption is directly tied to either growing the top line -- via improved differentiation and creation of new revenue streams -- or improving the bottom line through efficiencies in core business functions. Yet success is more than adding an AI model to the existing infrastructure stack and moving on to the next thing. An entirely new supply chain and AI stack are involved, including models, agents and plugins. AI also calls for new uses of potentially sensitive data for training and inferencing.

Most AI-based tools and components are still nascent. Developers are feeling the pressure to develop these tools and components quickly so that organizations can deliver personal AI experiences to their users. Yet, many AI applications aren't built with security in mind. As a result, they can potentially expose sensitive data, such as confidential corporate information and customers' personal information. This mix of a compressed timeframe and emerging technology makes security even more complicated than it usually is with standard applications.

Hackers know this and are seizing the opportunity to target AI systems. These attacks jeopardize operational functionality, data integrity and regulatory compliance.

However tempting it might be, the answer isn't to ban AI use. Organizations that don't harness the power of this technology are likely to lag behind as their peers reap new efficiency and productivity benefits.

Secure AI by Design

To stay competitive, organizations need to balance possible gains from AI adoption with security -- without jeopardizing the speed of delivery. Secure AI by design is an extension of the Cybersecurity and Infrastructure Security Agency's Secure by Design principle. It offers a framework that prioritizes AI security, enabling enterprises to safeguard AI during development and deployment from specific and general security threats.

Key Components of a Secure AI by Design Approach

Comprehensive AI security includes the following components:

  1. Visibility. Secure AI by design provides a view into all aspects of the enterprise AI ecosystem: Users, models, data sources, applications, plugins and internet exposure across cloud environments. It lets users recognize how AI applications interact with models and other data while also highlighting possible gaps and high-risk communication channels between apps and models.

  2. Threat protection. It safeguards organizations against known and zero-day AI-specific attacks, malicious responses, prompt injection, leakage of sensitive data and more. It's designed to protect AI applications from malicious actors who try to take advantage of all the novel risks that AI components introduce into an application infrastructure.

  3. Continuous monitoring for new threat vectors. This model tracks constantly changing applications. It diligently protects and continuously monitors the AI ecosystem's runtime risk exposure. It should also assess new and unprotected AI apps, observe AI runtime risk and highlight any unsafe communication pathways coming from AI apps.

  4. Use of controls. It allows IT teams to make informed decisions about when to allow, block or limit access to GenAI apps -- either on a per-application basis or by using categorical or risk-based controls. These controls, for example, might block everyone except developers from accessing code optimization tools. Or they can allow employees to use ChatGPT for research purposes but never to edit source code.

Designed to be Secure

AI has the potential to transform every industry, much like cloud and mobile computing did in years past. Securing AI technologies is critical as businesses increase their development and deployment. Enterprises need a way to manage AI risks at every step of the journey.

To keep sensitive data secure, modern enterprises need a comprehensive approach to protect AI systems from a range of threats, ensuring their safe and effective use and paving the way for secure innovation. To do that, enterprises need to secure AI from the ground up.

About the Author

Rich Campagna, SVP, Network Security, Palo Alto Networks

Rich Campagna, SVP, Network Security, Palo Alto Networks

Rich Campagna is the senior vice president for network security, Palo Alto Networks' largest business, with more than 65,000 customers. His team of expert technologists have delivered Hardware and Software Firewalls, Cloud-native services, and the highly regarded PAN-OS operating system. These platforms consistently rank #1 in market share and have been recognized as Leaders in the Gartner Magic Quadrant for Firewalls for 12 consecutive years. He is a dynamic leader who is passionate about building high-performing teams that innovate and execute to establish strong differentiation and leadership in the market. Rich is a holder of several U.S patents, has co-authored 2 books on network security, and has won numerous nationally recognized awards for leadership and innovation.

See more from Rich Campagna, SVP, Network Security, Palo Alto Networks
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Brendan Carr appears before a Senate Committee on Commerce, Science, and Transportation hearing in 2023
Enterprise Connectivity
A New Administration and a New Direction for Networks
A New Administration and a New Direction for Networks

Jan 6, 2025

Wi-Fi 7 promises to deliver the additional performance and lower latency modern enterprise apps need today.
Wireless Networking
Wi-Fi 7: The State of the Market
Wi-Fi 7: The State of the Market

Jan 2, 2025

Organizations that modernize their networking and security infrastructure fast will be in pole position to seize AI opportunities
Enterprise Connectivity
Your Network is the Key to Surviving AI
Your Network is the Key to Surviving AI

Jan 9, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports