AI Security: A 2-Minute Primer
Machine learning systems are no longer experiments in a lab; they sit on the inference path for products, support tickets, and internal tools. AI security is the discipline of keeping those systems correct, private, and available under adversarial use—not only classic IT security around the servers, but the models, data, and prompts themselves.
Threat surface
Attackers may try to extract training data or model weights, jailbreak a policy so the model ignores safety rules, or poison upstream data so the model learns the wrong thing. Supply-chain risk matters too: fine-tunes, LoRA adapters, and third-party datasets are all code you execute, whether or not you call them that.
Defenses in practice
Organizations combine governance (who may deploy a model, with what evaluation), runtime controls (output filters, tool allowlists, rate limits), and red-teaming that treats the model like an attackable surface. For high-stakes domains, human-in-the-loop and logging / audit trails are not optional extras—they are how you detect drift and abuse after launch.
Why it intersects with government
Public-sector systems often face stricter compliance, longer procurement cycles, and adversaries with both technical and political goals. Security work here is less about chasing the latest benchmark and more about traceability, least privilege, and provenance: knowing what data trained the model, what version is in production, and what a given answer depended on.
Further reading
This note is a sketch, not a survey paper—enough context to orient a conversation, not to design a full program of record.