Wednesday, July 01, 2026

Securing AI Systems: Protecting Data, Models, & Usage

 Securing AI Systems: Protecting Data, Models, & Usage - YouTube by IBM

Based on the video's details and structure, here is a summary of Securing AI Systems: Protecting Data, Models, & Usage hosted by IBM Distinguished Engineer Jeff Crume:

Core Framework: The "Donut" Model

The presentation revolves around a structured approach to cybersecurity in generative AI, which viewers and commenters frequently refer to as the "donut paradigm." This strategy focuses on securing three critical vectors: Data, Models, and Usage.


Key Chapters & Concepts

1. Security Capabilities & Shadow AI (0:53 - 1:41)

  • The Threat of Shadow AI: Similar to "Shadow IT," this occurs when employees use unsanctioned, third-party AI tools to complete corporate tasks. This introduces severe vulnerabilities, such as leaking intellectual property or proprietary code into public models.

  • Modern Attack Vectors: The video addresses advanced threats unique to the AI era, specifically prompt injection attacks (manipulating an AI's behavior via malicious inputs) and data poisoning.

2. The Implementation Lifecycle (2:46 - 7:23)

To defend against these threats, organizations must navigate through four distinct strategic pillars:

  • Discover: Identifying what AI tools, models, and data repositories exist within the organization's ecosystem.

  • Assess: Benchmarking discovered assets against compliance frameworks and security protocols to find vulnerabilities.

  • Control: Deploying security infrastructure—such as limiting the types of Personally Identifiable Information (PII) that can be sent to an LLM or establishing strict data usage policies.

  • Reporting: Creating clear, auditable governance metrics to continuously monitor compliance and track threat configurations over time.


Note on Industry Frameworks: The video highlights leveraging standard security frameworks like OWASP (specifically the Top 10 for Large Language Models) and MITRE ATLAS to successfully build and govern these AI defense matrices.




What Is AI Security? | IBM

Ref from: John B.

No comments: