Skip to content
← All posts

Why most AI security guidance fails in production

There is no shortage of AI security guidance. NIST, OWASP, ISO, and a dozen vendors publish frameworks for securing AI systems. Most of these documents are well-intentioned and technically accurate.

Most of them also fail when applied to real production systems.

The abstraction problem

AI security frameworks tend to operate at the wrong level of abstraction. They describe risks (prompt injection, data poisoning, model inversion) without providing actionable implementation patterns. Teams read the guidance, understand the risk, and then have no clear path to mitigation.

A document that says "validate model outputs" is correct but unhelpful. What does validation look like for a summarization model? For a code generation agent? For a classification pipeline feeding into an access control system?

Mismatched threat models

Many frameworks import threat models from traditional software security without accounting for how AI systems differ:

  • Input validation assumes you can define a valid input schema. LLM inputs are natural language with infinite valid forms.
  • Access control assumes clear subject-object relationships. AI agents blur the line between user and system.
  • Output encoding assumes outputs go to a known renderer. AI outputs may feed into arbitrary downstream systems.

What works instead

Production AI security requires:

  1. Context-specific controls rather than generic checklists
  2. Runtime monitoring rather than design-time review alone
  3. Layered defense that assumes each individual control will sometimes fail
  4. Behavioral baselines that detect drift rather than relying on static rules
  5. Human escalation paths for edge cases that automated controls cannot resolve

The organizational gap

The deepest failure is organizational. AI security guidance is written by security teams for security teams. The people who actually build and operate AI systems (ML engineers, data scientists, platform teams) rarely read these documents.

Effective AI security requires embedding security practitioners in AI teams, building security into the development toolchain, and expressing requirements as code rather than prose.

The framework that works is the one your engineers can implement without reading a 200-page PDF.

← Back to all posts