You Built Your New AI Workload … Did You Secure It?

You Built Your New AI Workload … Did You Secure It?

'Gen AI' workloads are in need of security too!

Artificial Intelligence (AI) is no longer merely a sci-fi concept, but a tangible reality. Gone are the days of AI being solely a plot device in futuristic tales, although thanks for the nightmares, T-1000. Organizations are investing in AI to enhance workforce productivity and streamline user experiences. Just like any application, AI applications require robust security measures to safeguard data and ensure reliable functionality.

The rise of inference or generative workloads is propelled by advancements in AI and the need for real-time decision-making in various applications. With readily available pre-trained models and scalable platforms, organizations deploy AI for tasks like natural language processing and recommendation systems.

From virtual assistants to assisting developers in writing code, inference workloads enable personalized experiences and automation, shaping how businesses interact with data and users in the digital era.

Despite being novel, inference and generative AI workloads are fundamentally akin to any other application. They operate over the internet and depend on the same protocols as non-AI-driven applications. By ensuring the security of these AI workloads, we can streamline the process moving forward, leveraging established technologies that already safeguard thousands of applications from billions of attack requests daily.

In my role as a Developer Advocate at Akamai, I've collaborated with numerous global companies to bolster their application and network security, shielding their web applications and API microservices from global and ever-changing security threats.

Source: OWASP | A traditional AI architecture diagram.

The architecture of an AI workload

The architecture of inference or generative workloads is surprisingly similar to application architectures you might already be familiar with. Most workloads require servers that have the machine learning (ML) model deployed, and the servers process incoming requests.

For larger workloads, servers are duplicated and even containerized relying on load balancers to route requests properly. Databases are used to store input and output and all of this connects to your typical network infrastructure including firewalls, VPCs, etc. This is especially true if you are deploying your workload and your security policies in the cloud.

Inference and generative workloads, especially when publicly accessible on the internet, pose several security risks that organizations need to be aware of. With that in mind, we’ll walk through some of the common security considerations for AI applications:

  • Access Control - Your workloads, even if designed for internal consumption only, might be publicly accessible, so it is imperative to implement strong authentication mechanisms such as multi-factor authentication (MFA) to ensure that only authorized users can access the AI workload. I’d recommend using role-based access control (RBAC) to enforce granular access permissions, allowing users to access only the resources and functionalities they need.

  • Data Privacy and Leakage - Publicly accessible workloads may inadvertently expose sensitive data processed by AI models, leading to privacy breaches. Without proper access controls and encryption mechanisms, malicious actors can intercept or manipulate data transmitted to and from the inference workload, resulting in data leakage or unauthorized access.

  • Denial-of-Service (DoS) Attacks - AI workloads exposed to the internet are susceptible to DoS attacks, where attackers flood the system with a high volume of requests to overwhelm its resources and disrupt service availability. This could result in degraded performance or complete unavailability of the inference workload, impacting users and business operations.

  • API Security Risks - Publicly accessible workloads also typically expose the APIs that interact with AI models. These APIs are potential targets for attacks such as injection attacks, parameter tampering, or authentication bypass. Weaknesses in API security could enable attackers to exploit vulnerabilities and gain unauthorized access to the inference workload or sensitive data.

Above, I walked through some of the more temperamental security risks, but basic network security methods such as container security, firewalls, data encryption, and secure protocol usage are important layers of security to add as well.

There is quite a lot to take in and that is not even counting the security risks when it comes to attacking your AI model which is already prone to categorized types of attacks listed by OWASP’s Machine Learning Security Top Ten such as manipulation and poisoning attacks.

How Akamai can help secure your AI workload?

Public-facing AI workloads, AI workloads consisting of a front-end application (like a chatbot), and the APIs and microservices that interact with your AI model and DNS records can all be protected by Akamai’s App & API Protector.

A reference architecture on protecting AI applications.

App & API Protector and Edge DNS

Akamai's App & API Protector offers robust security solutions tailored to safeguard AI workloads from various threats. This solution offers:

  • DDoS Protection - adds comprehensive Distributed Denial of Service (DDoS) protection to mitigate the risk of DDoS attacks against your AI workload. By leveraging a globally distributed network infrastructure, Akamai can absorb and mitigate volumetric DDoS attacks, ensuring uninterrupted service availability for your AI applications.

  • Web Application Firewall - deploys a powerful Web Application Firewall (WAF) that can defend against a wide range of application-layer attacks, such as SQL injection, cross-site scripting (XSS), and API abuse. The solution helps protect against OWASP’s Top 10 Web Application Security Risks.

  • Bot Management - identifies and mitigates automated bot traffic targeting your AI workload. By distinguishing between legitimate user traffic and malicious bots, Akamai can prevent bot-driven attacks.

  • API Protection - offers API protection capabilities to safeguard your AI workload's APIs from abuse, exploitation, and unauthorized access. By implementing authentication, authorization, and rate limiting policies, Akamai can control access to your APIs and prevent malicious actors from exploiting vulnerabilities. The solution helps protect against OWASP’s Top 10 API Security Risks.

  • DNS Protection - offers essential DNS resolution services combined with robust security features, global scalability, and intelligent traffic management capabilities to enhance the security, reliability, and performance of your AI workload.

However, there are other cases in which your AI workload may not be designed for public access and is inherently a private AI workload that should only be consumed by trusted users. For instance, only your employees should have access to this application.

An overview of the Akamai Guardicore Platform.

Akamai Guardicore Platform

In today’s modern workforce, your private AI workload can be accessed from anywhere in the world. But how do you ensure that only your trusted users are able to access the AI workload?

The Akamai Guardicore Platform can assist here in a variety of ways:

  • Zero Trust Access - implements a Zero Trust security model, where access to the AI workload is strictly controlled and verified, regardless of the user's location or device. By enforcing least privilege access controls and multi-factor authentication (MFA), Guardicore ensures that only authenticated and authorized users can interact with the AI workload, even within the internal network.

  • Micro-segmentation - offers micro-segmentation capabilities to segment the internal network and isolate the AI workload from other systems and resources. By creating granular security policies based on application characteristics, Guardicore ensures that only authorized traffic flows to and from the AI workload, reducing the attack surface and minimizing the risk of lateral movement by attackers.

  • Threat Detection - provides comprehensive visibility into network traffic and application interactions, allowing organizations to monitor and analyze activities related to the AI workload in real time. By leveraging advanced threat detection and anomaly detection techniques, Guardicore can identify and respond to potential security threats or suspicious behavior targeting the AI workload. Adding in observability on security threats is an important part of any cybersecurity strategy.

The Akamai Guardicore Platform is also enhanced by AI/ML techniques to help optimize the threat detection itself. Rely on AI, to protect your AI, to fend off another AI sounds like a perfect way to handle it!

Source: OWASP | The OWASP Top for LLM Applications

Protect your AI workloads

In summary, securing AI workloads is paramount, and selecting a vendor like Akamai can provide the expertise and solutions necessary to protect against security threats effectively.

For further reading, I recommend the OWASP’s Machine Learning Security Top Ten which will give you additional security best practices for your AI workload.

The Akamai Guardicore Platform is a good choice for any Zero Trust implementation, we have created a helpful checklist to verify Zero Trust implementations which you can find here.

If you are looking to enhance the security of your AI workload and are in need of help, feel free to reach out to me on LinkedIn. I am happy to help find a solution that fits your needs.

And while we focused primarily on securing the architecture of your AI workload, next time, I will dive deeper in model security best practices. Read you on the next one!