AI Security: A 2-Minute Primer
Machine learning systems are no longer experiments in a lab; they sit on the inference path for products, support tickets, and internal tools. AI security is the discipline of keeping those systems correct, private, and available, generating a new threat surface. Beyond classic IT security around servers, we begin to look at models, data, and prompts themselves.
Threat surface
Attackers may try to extract training data or model weights, jailbreak a policy so the model ignores safety rules, or poison upstream data so the model learns the wrong thing. Supply-chain risk matters too: fine-tunes, LoRA adapters, and third-party datasets are all code you execute, whether or not you are cognizant of their existence.
Defenses in practice
Organizations combine governance (who may deploy a model, with what evaluation), runtime controls (output filters, tool allowlists, rate limits), and red-teaming that treats the model like an attackable surface. It is important to note human-in-the-loop and logging / audit trails are necessary, as the only safeguards to detect drift and abuse after launch.
Why it intersects with government
Public-sector systems often face stricter compliance, longer procurement cycles, and adversaries with both technical and political goals. Security work here is less about chasing the latest benchmark and more about traceability, least privilege, and provenance: knowing what data trained the model, what version is in production, and what a given answer depended on.
Further reading
This note is a sketch, just enough context to start the right conversation.