Labels
Posted by Went to the moon on

Security in the World of AI

The Reality of AI's Impact on Security

Look, AI is everywhere now. And I mean everywhere.

From farmers using it to predict crop yields, to doctors diagnosing diseases, to lawyers doing... whatever lawyers do with AI (probably billing more efficiently). The point is, AI has escaped the tech dungeon and is now running wild across every industry imaginable. With great power comes great... security headaches.

Think of AI like that one friend who got really popular really fast, suddenly everyone wants a piece, but nobody's quite sure how to keep them safe from all the weirdos.

The Three Ways You're Probably Using AI (Whether You Know It or Not)

Let me break this down into three buckets:

  1. Building AI models - You're the chef creating the recipe
  2. Building apps that use AI models - You're the restaurant using the chef's recipe
  3. Using AI-powered apps - You're the customer eating at the restaurant (looking at you, Gemini users)

Each one has its own security nightmares. Let's dive in.

  1. Building AI Models: Or How I Accidentally Memorized Everyone's Secrets

Building AI models has never been easier. What used to take a PhD and 5 years can now be done over a weekend with enough coffee and determination. I know this because I built a psychological health chatbot called Calma on LLaMA (okay fine, it was more fine-tuning than building from scratch, but still counts, right?).

Here's the thing though: data is everything. And handling that data? That's where things get spicy.

The CIA Triad (No, Not That CIA)

In cybersecurity, we have this holy trinity called the CIA triad: Confidentiality, Integrity, and Availability. When building models, confidentiality is the one taking the biggest beating.

Let me paint you a picture: You're working at a bank (fancy!), and your team decides to build a fraud detection model. You feed it thousands of real transactions, some legit, some fraudulent. Sounds good, right?

Wrong.

Here's where it gets weird. AI models are basically really expensive parrots, they're only as good as what you teach them. If your training data has PII (Personally Identifiable Information) like names, account numbers, or addresses, your model might just... remember that stuff.

Think about it: we used to worry about databases getting hacked. Now? An attacker might just politely ask your model for sensitive information through clever prompt engineering.

There are actual attack methods with cool names like model inversion and membership inference attacks where hackers can:

  • Figure out if specific data was used in training
  • In worst cases, get the model to literally spit out the private data it memorized

It's like teaching your parrot your credit card number and then being surprised when it screams it at the mailman.

Just like that, we've violated the C in CIA. Congratulations, we played ourselves.

Model Integrity and Bias: Keep Your Model Honest

But wait, there's more! (I sound like a TV infomercial, I know)

Beyond confidentiality, we need to protect our models during training from poisoning attacks. Imagine someone sneaking into your kitchen and adding random ingredients to your recipe, except instead of a weird-tasting cake, you get a model that outputs malicious content or makes biased decisions.

  1. Building Apps That Use AI: The API Security Tango

So you've got your model. Great! Now you want to build an app around it. This is where things get interesting in a "may you live in interesting times" curse kind of way.

You're dealing with:

  • Prompt injection attacks (basically SQL injection's cooler, younger sibling)
  • Insecure output handling (because your model might say some wild stuff)
  • API security (the bridge between your app and the model needs a bouncer)

This is application-level warfare, and your API is the frontline.

  1. Using AI Apps Responsibly: Yes, Even You

If you're just using Gemini or ChatGPT or whatever the kids are using these days, you're not off the hook either.

Data sanitization before input is your friend. Don't feed these things sensitive company data and expect it to stay secret. The AI doesn't sign NDAs (trust me, I checked).

Also, check what security features your AI vendor provides. Read the terms. I know, I know, nobody reads the terms. But maybe start?

The Three Pillars of AI Security (The Big Picture Stuff)

Let's zoom out for a second.

2.1 AI FOR Security

This is the good stuff, using AI to improve security. Think:

  • Better threat detection (AI spotting the bad guys faster than human analysts hopped up on Red Bull)
  • Security orchestration and automated response (SOAR platforms that don't sleep)
  • Analyzing massive datasets for anomalies (finding needles in haystacks, except the haystack is the entire internet)

2.2 Security AGAINST AI Threats

Plot twist: the bad guys have AI too. They're using it for:

  • Sophisticated phishing campaigns (goodbye "Dear Sir/Madam")
  • Deepfakes (because reality wasn't confusing enough)
  • Automated malware generation (malware that writes itself, thanks, I hate it)

2.3 Security OF AI Systems

This is securing the entire ML system against attacks like:

  • Model extraction (someone stealing your precious model)
  • Evasion attacks (tricking your model into making wrong decisions)

The Four Horsemen of Secure AI Systems

Or as I like to call it: What You Actually Need to Lock Down

3.1 Data Security

Secure the entire lifecycle:

  • Training data (handle it with care, remove PII, know where it came from)
  • Input data (filter in real-time, trust no one)
  • Output data (make sure your model isn't leaking secrets)

3.2 Model Security

Protect your intellectual property:

  • Secure storage (don't leave your models lying around)
  • Watermarking (like signing your artwork, but for AI)
  • Defense against adversarial inputs (the model equivalent of "I'm not touching you!")

3.3 Application Security

Standard stuff, but still critical:

  • Authentication and authorization (who are you and what are you allowed to do?)
  • Vulnerability testing (break your own stuff before someone else does)
  • Secure coding practices (yes, even with AI in the mix)

3.4 Infrastructure Security

The foundation everything sits on:

  • Cloud environment security (lock down those AWS buckets)
  • MLOps pipeline security (secure the entire deployment process)
  • Compute resource access controls (not everyone needs root access, Kevin)

The Bottom Line

AI security isn't just one thing, it's a whole ecosystem. You need to think holistically, from the data you collect to the infrastructure you deploy on.

The AI landscape is evolving faster than my ability to keep up with JavaScript frameworks (and that's saying something). New threats pop up daily, but so do new defenses.

The key? Stay curious, stay informed, and for the love of all that is holy, sanitize your data.

Now if you'll excuse me, I need to go check if my chatbot has been memorizing my therapy sessions.

What are your thoughts on AI security? Have you dealt with any of these issues? Let's chat in the comments, I promise my responses aren't AI-generated (or are they? 🤔)


Labels:

Comments

  1. AnonymousNovember 15, 2025 at 11:18 PM

    I just found your blogs, and I'm seriously intrigued!!

    ReplyDelete

Post a Comment

Say something Diego!