That’s the Problem.

Security professionals have a battle-tested design paradigm. Do AI engineers have an equivalent? Below we have proposed a“Securing AI Systems By Design Framework” framework to consider.

“A secure system should be designed to fail gracefully in the face of an attack.”

— Bruce Schneier, Cryptographer, Security Technologist, Fellow at Harvard Kennedy School

“Security must be designed in — not bolted on.”

— Gary McGraw, Software Security Expert, Author of Software Security

These two sentences represent decades of hard-won institutional knowledge. They didn’t come from theory. They came from watching systems fail in predictable, preventable ways — and from the sustained effort of researchers, practitioners, and standards bodies to codify what “designed to fail safely” actually means in practice.

Most security professionals know this paradigm cold. Ask any seasoned practitioner what they mean by default deny, least privilege, or assume breach, and you’ll get a precise answer — probably with war stories attached. Institutions like CISA, NCSC, and NIST have formalized these principles into guidance that over 140 technology companies have pledged to follow. The Secure by Design movement exists precisely because the industry learned, painfully, that security cannot be retrofitted.

Read the full article on Medium: https://medium.com/@paulvolosen/ai-systems-are-designed-to-answer-e609907fe271

Paul Volosen, Chief Security Architect