Creating a Foundation for End-to-End AI Security Solutions
Your organization has caught the generative GenAI fever and is rolling out chatbots powered by cutting- edge models that promise to reveal valuable new insights and deep data linkages —– all accessible via plain-language prompts. You’re probably considering rRetrieval-aAugmented gGeneration (RAG) to add private, context-specific data to the model to address the risks of hallucinations and out-of-date or missing contexts. Your development team is under pressure to be first to market, and the business team may even be experimenting with things like “vibe coding” to get there even quicker. You’ll test and learn and then refine as you go. You’re keeping your private data sources on-premises, so you should still be covered for confidentiality, privacy, and regulatory requirements, right?
But here’s the deal — – while rRegulations generally trail innovation, but likewise fully-compliant out-of-the-box solutions tend to trail the regulatory mandates as they begin to be established. The “run fast” mentality could put you on a collision course with safety in critical domains such as healthcare, finance, autonomous vehicles, and agentic systems where “breaking things” can mean disastrous consequences. So, the question becomes: how do we keep innovating at today’s breakneck pace — without breaking the trust, security, and safety foundations our systems depend on?
Not Just Another Workload
I’ve been around IT and Enterprise systems for a long time. I started during the “PC Revolution,”, putting real data processing into the hands of ordinary consumers rather than just specialists with access to mainframes. Soon we were marching into the “Internet Revolution,”, with all its interconnected glory and chaos. The “Cloud Revolution” followed, enabling IT departments to become more agile and efficient by breaking free from the constraints of physical location and infrastructure ownership. And now the “AI Revolution” is careening forward, promising to disrupt even the basic ideas of where data can come from and how it can be used. Each of these eras required new ways of thinking about how we approach the core tenets of compute.
My primary area of focus is how to protect these systems, the data they process, and users and organizations that live and die by them. That hasn’t changed, and most of the cybersecurity principles we’ve lived by continue to apply. We still need to address the fundamental triad of Confidentiality, Integrity, and Availability. We still need to monitor networks and assets, manage access controls, secure our supply chains, and so on. It’s tempting to think of AI as “just another workload” and assume we’ll simply protect it like any other compute, but AI brings unique challenges we never faced before, at unprecedented scale.
Scale and Unpredictability
I’ve noted two significant new factors. The first is the sheer volume of data involved. In the past, a program had specific and well-defined data sources and outputs. We knew what was going in, and how it would be processed; we were the ones deciding after all. But now we scoop up massive troves of data from previously unutilized sources. Different types of data, such as audio/visual, machine logs, multi-lingual, specifications and diagrams, out-of-date documents, and unsupervised social posts are all being pulled into training sets. Garbage in, garbage out. This makes me wonder how I ensure only valid, accurate, appropriate, and relevant data drives my AI when it literally could be anything.
The second major factor is the non-deterministic nature of AI. Sure, I set up data sources, I codify a model training structure, I sample and test the outputs. But I don’t know the linkages AI will find amongst all that data., I can’t evaluate each logic tree that led to a prediction. I won’t be able to fully anticipate the biases, blind spots, and misunderstandings that will be buried in a vector database and ultimately drive a decision. I’ve set up the arena, but the movements won’t always be what I expect, and my outcomes are determined by unknown probabilities rather than IF-THEN directives.
Our approach to security must adapt to AI. Some controls, such as static defenses, signature-based detection, and perimeter-based security, will no longer work. Others that were previously niche will become commonplace. We live in a world with billions of personal compute endpoints, fabulously interconnected across the iInternet, with access to infinite data hosted in the world’s clouds, but now we have an evolving and unpredictable logic operating across it all. These are exciting times full of promise, but we’d better not shoot ourselves in the foot as we race to realize it.
Start at the Foundation
We are starting to see some very good frameworks for addressing some of the unique aspects of securing AI. The OWASP Top-10 for LLMs and Gen AI Apps from the Open Worldwide Application Security Project is one these. It catalogues some of the primary vulnerability types, complete with attack scenarios and potential mitigations for each. MITRE’s ATT&CK framework and ATLAS are others for which Intel was a contributing developer. When assessing their security postures, most cybersecurity professionals consider network topologies, access controls, data architectures, DevOps practices, and more. Numerous software stack solutions are available to help solve this, and it’s generally taken for granted these will “just work” on whatever platform they reside on. But many still don’t consider the role the underlying platform plays in enabling secure solutions. Selecting the right foundation is actually your first security decision, and it can impact all the decisions that come after.
Defense-in-Depth: A Comprehensive Security Approach
Combating today’'s sophisticated threats requires a defense-in-depth strategy, where hardware and software are tightly optimized to enhance overall security. Intel has been a recognized leader in securing critical assets and data and offers a holistic approach to defend AI artifacts and workloads throughout their lifecycle.
Best-in-Class Platform Assurance
Product security is at the foundation of everything we do at Intel, and that’s proven by Intel’s number one rank in product security assurance compared with other top silicon vendors. Intel’s latest Product Security Report highlights how our proactive approach to identifying and mitigating vulnerabilities resulted in 96% of addressed vulnerabilities being were discovered by internal programs, rather than purely external researchers or attackers to find issues after -the -fact. AMD reported four times more firmware vulnerabilities in their hardware root- of -trust than Intel, and almost twice the number of vulnerabilities in their confidential computing technologies than Intel. This is especially significant since 43% of AMD’s platform firmware vulnerabilities were discovered externally.
Cryptographic Accelerators
Encryption and hashing sit at the heart of security solutions, and we just expect those to work. But we are approaching the era of quantum computing, where stronger algorithms and larger key sizes are required to resist the brute-force capabilities of future quantum computers. And these computationally -intense algorithms in turn put more strain on today’s processors. Intel is not only integrating the latest quantum-safe algorithms into our platform, but we’ve embedded encryption accelerators in our processors to support bulk crypto offload to significantly speed these computations and reduce the performance impact.
Hardware-Based Defenses
In protecting the application stack, security is only as good as the layers below it. Even the best application security techniques and architectures can be circumvented by vulnerabilities in the OS, attached components, supply chain, etc. This is why security should be rooted in the lowest layer possible, in the platform silicon. This begins with establishing a root of trust at the start of boot, with each level first validating the next before giving it permission to instantiate. Instructions in the processor can also identify and prevent return-oriented programming (ROP) and jump-oriented programming (JOP) attacks, which could be used to manipulate AI processing flows. And the processor also can provide low-level telemetry that can be utilized with AI to identify the processing signatures of ransomware and cryptojacking that would be otherwise undetectable by high-level monitoring.
Confidential and Trusted AI
It’s common practice to encrypt data in -transit to protect against interception while it’s sent across the network. And more and more data is also being encrypted at -rest in case of malicious or accidental exfiltration from storage. But data exists in another state as well: in -use. In traditional computing, the data is in an unencrypted state while it is being processed in memory. This makes data in -use vulnerable to attack via malicious admins and malware that can exploit vulnerabilities at the OS layer to gain access. There are literally thousands of logged vulnerabilities that can result in an escalation of privileges, essentially granting root access for the attacker to access the contents of memory, including the data that would otherwise be encrypted at -rest and in -transit. But perhaps even more frightening are the zero-day vulnerabilities that haven’t yet been discovered and patched.
Confidential cComputing technologies are rooted in hardware and provide trusted execution and encryption of memory, plus isolation and verification of the integrity of workloads, closing off low-level privilege escalations as a mechanism of attack. This is especially important where workloads run on infrastructure that is remote (such as edge) or not operated by the organization (such as in the cloud) but also applies for on-prem to reduce exposure to insiders and zero-days. Confidential AI solutions reduce the risk of attacks such as prompt injection, data and model poisoning, model theft, and sensitive data disclosure.
Conclusion
We’re stepping into a new epoch of compute. The old rules aren’t out, but new rules have been added, with more to come. We need to evolve our approach to security as well, with foundational capabilities rooted in the immutable core. Intel platforms have leading security built in by default, and deliver a security foundation to build upon.
Your organization has caught the generative GenAI fever and is rolling out chatbots powered by cutting- edge models that promise to reveal valuable new insights and deep data linkages —– all accessible via plain-language prompts. You’re probably considering rRetrieval-aAugmented gGeneration (RAG) to add private, context-specific data to the model to address the risks of hallucinations and out-of-date or missing contexts. Your development team is under pressure to be first to market, and the business team may even be experimenting with things like “vibe coding” to get there even quicker. You’ll test and learn and then refine as you go. You’re keeping your private data sources on-premises, so you should still be covered for confidentiality, privacy, and regulatory requirements, right?
But here’s the deal — – while rRegulations generally trail innovation, but likewise fully-compliant out-of-the-box solutions tend to trail the regulatory mandates as they begin to be established. The “run fast” mentality could put you on a collision course with safety in critical domains such as healthcare, finance, autonomous vehicles, and agentic systems where “breaking things” can mean disastrous consequences. So, the question becomes: how do we keep innovating at today’s breakneck pace — without breaking the trust, security, and safety foundations our systems depend on?
Not Just Another Workload
I’ve been around IT and Enterprise systems for a long time. I started during the “PC Revolution,”, putting real data processing into the hands of ordinary consumers rather than just specialists with access to mainframes. Soon we were marching into the “Internet Revolution,”, with all its interconnected glory and chaos. The “Cloud Revolution” followed, enabling IT departments to become more agile and efficient by breaking free from the constraints of physical location and infrastructure ownership. And now the “AI Revolution” is careening forward, promising to disrupt even the basic ideas of where data can come from and how it can be used. Each of these eras required new ways of thinking about how we approach the core tenets of compute.
My primary area of focus is how to protect these systems, the data they process, and users and organizations that live and die by them. That hasn’t changed, and most of the cybersecurity principles we’ve lived by continue to apply. We still need to address the fundamental triad of Confidentiality, Integrity, and Availability. We still need to monitor networks and assets, manage access controls, secure our supply chains, and so on. It’s tempting to think of AI as “just another workload” and assume we’ll simply protect it like any other compute, but AI brings unique challenges we never faced before, at unprecedented scale.
Scale and Unpredictability
I’ve noted two significant new factors. The first is the sheer volume of data involved. In the past, a program had specific and well-defined data sources and outputs. We knew what was going in, and how it would be processed; we were the ones deciding after all. But now we scoop up massive troves of data from previously unutilized sources. Different types of data, such as audio/visual, machine logs, multi-lingual, specifications and diagrams, out-of-date documents, and unsupervised social posts are all being pulled into training sets. Garbage in, garbage out. This makes me wonder how I ensure only valid, accurate, appropriate, and relevant data drives my AI when it literally could be anything.
The second major factor is the non-deterministic nature of AI. Sure, I set up data sources, I codify a model training structure, I sample and test the outputs. But I don’t know the linkages AI will find amongst all that data., I can’t evaluate each logic tree that led to a prediction. I won’t be able to fully anticipate the biases, blind spots, and misunderstandings that will be buried in a vector database and ultimately drive a decision. I’ve set up the arena, but the movements won’t always be what I expect, and my outcomes are determined by unknown probabilities rather than IF-THEN directives.
Our approach to security must adapt to AI. Some controls, such as static defenses, signature-based detection, and perimeter-based security, will no longer work. Others that were previously niche will become commonplace. We live in a world with billions of personal compute endpoints, fabulously interconnected across the iInternet, with access to infinite data hosted in the world’s clouds, but now we have an evolving and unpredictable logic operating across it all. These are exciting times full of promise, but we’d better not shoot ourselves in the foot as we race to realize it.
Start at the Foundation
We are starting to see some very good frameworks for addressing some of the unique aspects of securing AI. The OWASP Top-10 for LLMs and Gen AI Apps from the Open Worldwide Application Security Project is one these. It catalogues some of the primary vulnerability types, complete with attack scenarios and potential mitigations for each. MITRE’s ATT&CK framework and ATLAS are others for which Intel was a contributing developer. When assessing their security postures, most cybersecurity professionals consider network topologies, access controls, data architectures, DevOps practices, and more. Numerous software stack solutions are available to help solve this, and it’s generally taken for granted these will “just work” on whatever platform they reside on. But many still don’t consider the role the underlying platform plays in enabling secure solutions. Selecting the right foundation is actually your first security decision, and it can impact all the decisions that come after.
Defense-in-Depth: A Comprehensive Security Approach
Combating today’'s sophisticated threats requires a defense-in-depth strategy, where hardware and software are tightly optimized to enhance overall security. Intel has been a recognized leader in securing critical assets and data and offers a holistic approach to defend AI artifacts and workloads throughout their lifecycle.
Best-in-Class Platform Assurance
Product security is at the foundation of everything we do at Intel, and that’s proven by Intel’s number one rank in product security assurance compared with other top silicon vendors. Intel’s latest Product Security Report highlights how our proactive approach to identifying and mitigating vulnerabilities resulted in 96% of addressed vulnerabilities being were discovered by internal programs, rather than purely external researchers or attackers to find issues after -the -fact. AMD reported four times more firmware vulnerabilities in their hardware root- of -trust than Intel, and almost twice the number of vulnerabilities in their confidential computing technologies than Intel. This is especially significant since 43% of AMD’s platform firmware vulnerabilities were discovered externally.
Cryptographic Accelerators
Encryption and hashing sit at the heart of security solutions, and we just expect those to work. But we are approaching the era of quantum computing, where stronger algorithms and larger key sizes are required to resist the brute-force capabilities of future quantum computers. And these computationally -intense algorithms in turn put more strain on today’s processors. Intel is not only integrating the latest quantum-safe algorithms into our platform, but we’ve embedded encryption accelerators in our processors to support bulk crypto offload to significantly speed these computations and reduce the performance impact.
Hardware-Based Defenses
In protecting the application stack, security is only as good as the layers below it. Even the best application security techniques and architectures can be circumvented by vulnerabilities in the OS, attached components, supply chain, etc. This is why security should be rooted in the lowest layer possible, in the platform silicon. This begins with establishing a root of trust at the start of boot, with each level first validating the next before giving it permission to instantiate. Instructions in the processor can also identify and prevent return-oriented programming (ROP) and jump-oriented programming (JOP) attacks, which could be used to manipulate AI processing flows. And the processor also can provide low-level telemetry that can be utilized with AI to identify the processing signatures of ransomware and cryptojacking that would be otherwise undetectable by high-level monitoring.
Confidential and Trusted AI
It’s common practice to encrypt data in -transit to protect against interception while it’s sent across the network. And more and more data is also being encrypted at -rest in case of malicious or accidental exfiltration from storage. But data exists in another state as well: in -use. In traditional computing, the data is in an unencrypted state while it is being processed in memory. This makes data in -use vulnerable to attack via malicious admins and malware that can exploit vulnerabilities at the OS layer to gain access. There are literally thousands of logged vulnerabilities that can result in an escalation of privileges, essentially granting root access for the attacker to access the contents of memory, including the data that would otherwise be encrypted at -rest and in -transit. But perhaps even more frightening are the zero-day vulnerabilities that haven’t yet been discovered and patched.
Confidential cComputing technologies are rooted in hardware and provide trusted execution and encryption of memory, plus isolation and verification of the integrity of workloads, closing off low-level privilege escalations as a mechanism of attack. This is especially important where workloads run on infrastructure that is remote (such as edge) or not operated by the organization (such as in the cloud) but also applies for on-prem to reduce exposure to insiders and zero-days. Confidential AI solutions reduce the risk of attacks such as prompt injection, data and model poisoning, model theft, and sensitive data disclosure.
Conclusion
We’re stepping into a new epoch of compute. The old rules aren’t out, but new rules have been added, with more to come. We need to evolve our approach to security as well, with foundational capabilities rooted in the immutable core. Intel platforms have leading security built in by default, and deliver a security foundation to build upon.
.png)
