惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
B
Blog
GbyAI
GbyAI
P
Proofpoint News Feed
量子位
The Register - Security
The Register - Security
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
V
Visual Studio Blog
B
Blog RSS Feed
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Recent Announcements
Recent Announcements
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
雷峰网
雷峰网
Stack Overflow Blog
Stack Overflow Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
O
OpenAI News
月光博客
月光博客
H
Hacker News: Front Page
S
Security Affairs
W
WeLiveSecurity
The Hacker News
The Hacker News
aimingoo的专栏
aimingoo的专栏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
T
The Blog of Author Tim Ferriss
Spread Privacy
Spread Privacy
Blog — PlanetScale
Blog — PlanetScale
J
Java Code Geeks
S
Securelist
Microsoft Azure Blog
Microsoft Azure Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
A
About on SuperTechFans

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
How to implement zero trust for AI
Damon Garn · 2026-05-12 · via Search Security Resources and Information from TechTarget

putilov_denis - stock.adobe.com

As organizations embed AI into business systems, they also expand the attack surface. Applying zero trust to AI can help mitigate the risk.

AI environments involve complex data pipelines, model-training infrastructure, APIs and third-party components, all of which introduce new security risks.

Modern security techniques-- with and without AI -- recognize that traditional trusted-network approaches are inadequate. AI systems ingest new data, interact with users and integrate with other platforms, creating multiple entry points for attackers. A zero-trust model with continuous verification, strict access controls and ongoing monitoring offers a practical framework for protecting AI systems without slowing innovation.

Read on to learn how to apply zero-trust principles to AI by securing data, models, workflows and people.

AI security risks

AI systems create security challenges that most traditional defenses do not address. Specific threats include the following:

  • Data poisoning manipulates the training data to alter the model's behavior.
  • Model theft involves attackers extracting proprietary models through APIs or compromised infrastructure.
  • Prompt injection and malicious inputs can include threat actors manipulating AI systems to reveal sensitive data or bypass safeguards.
  • AI supply chain risks occur when attackers exploit vulnerabilities in third-party data sets, models and libraries.
  • Sensitive data leakage involves confidential data exposed through AI outputs or logs.

Because these risks affect every stage of the AI lifecycle, comprehensive security is essential.

Building a zero-trust framework for AI

To protect the entire AI lifecycle, it is essential to have an effective zero-trust framework that covers data ingestion, model training, model storage, deployment and inference, and ongoing monitoring.

To succeed, focus the framework on three key areas: securing AI data pipelines, protecting models and AI infrastructure and continuously monitoring AI workflows.

Securing AI data pipelines

Data pipelines are one of the most valuable -- and vulnerable -- parts of AI systems. Untrusted or manipulated data can compromise the entire AI system, so CISOs should prioritize pipeline security. Protect these data sets before they enter training or inference workflows by:

  • Verifying the origin and integrity of data sets.
  • Tracking data lineage and provenance.
  • Restricting who can access and modify data sets.
  • Implementing automated validation to detect anomalies or poisoning attempts.
  • Maintaining strict data set version control and access logs.

Protecting models and AI infrastructure

AI models often represent significant intellectual property and operational value. Treat models as high-value assets. Protect models by:

  • Securing model registries with strong authentication.
  • Encrypting models at rest and in transit.
  • Limiting who can train, modify or deploy models.
  • Restricting access to inference APIs.
  • Implementing rate limits to reduce the risk of model extraction.

Separating AI development, training and production environments can further reduce exposure and block attackers from moving laterally through the infrastructure.

The overall goal is to help prevent model theft, tampering and unauthorized use.

Continuously monitoring AI workflows

Zero trust requires continuous verification rather than one-time authentication. Security teams must monitor the entire AI lifecycle; this includes monitoring training pipelines, model-deployment processes, query patterns, inference APIs and user interaction with AI systems. Indicators of compromise to look out for include unusual query volumes, abnormal output behavior, suspicious automation activity and signs of prompt-injection attempts.

Teams should integrate AI telemetry into existing security monitoring platforms to detect and respond to threats faster.

Reinforce zero trust with governance and security tools

AI security is about more than configuring a few settings and rotating log files. Controls must be supported by strong governance and specialized security tools. Security teams should deploy tools that provide visibility across the AI lifecycle, such as model-monitoring platforms, data-lineage tracking tools, AI risk management systems and prompt-injection detection. For the best visibility, coverage and consistency, integrate these tools with existing identity management and security monitoring systems.

Equally important is establishing governance policies that define how to develop and deploy AI systems. Organizations should set standards for data set approval and validation, model testing and validation, deployment authorization and third-party AI integrations.

Use clear governance to align AI initiatives with security, compliance and ethical commitments.

In addition, train developers, data scientists and business users on security awareness to reduce human error and encourage responsible use of AI systems across the organization.

AI is already part of core business operations, but it introduces new and evolving security risks by expanding the attack surface. Adopt a zero-trust approach to protect AI systems by verifying every user, service and data source. By securing pipelines, protecting models and continuously monitoring AI activity, leaders can support innovation while maintaining strong security and governance.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.

Next Steps

Startup founder says trust is biggest barrier to AI agents

Dig Deeper on Application and platform security