Waylon Krush, CEO of ZeroTrusted.AI
Artificial Intelligence (AI) is advancing at an unprecedented pace, rapidly reshaping industries and economies. Yet, as AI capabilities grow, so do the risks associated with its deployment. From adversarial threats and unauthorized access to data leaks and manipulation, AI security remains dangerously underdeveloped.
Recent discussions at the AI Summit in Paris and reports from Axios highlight an urgent reality: governments and enterprises are embracing AI at full speed but failing to implement effective security measures in parallel. While Europe attempted to regulate AI preemptively, the U.S. and UK have opted for an “innovate first, regulate later” approach.
The result? A global AI arms race where security, ethics, and governance are afterthoughts rather than core priorities. If we are to remain leaders in AI, we must take AI security seriously—now.
Zero Trust AI: A Concept We Must Implement, Not Just Discuss
For years, cybersecurity professionals have emphasized Defense in Depth—a layered security approach that, while effective in theory, was rarely implemented comprehensively. This piecemeal approach left many organizations exposed to 99% of both sophisticated and unsophisticated attacks.
AI security is at risk of following the same path.
Zero Trust Architecture (ZTA) has been widely discussed as the answer to securing AI, but in most cases, it remains an idea, not a practice. AI models are fundamentally different from traditional IT systems:
· They are not programmed in the same way as traditional software.
· They evolve independently, sometimes in ways we don’t fully understand.
· They can be influenced by their own training data, external actors, and even their own generated outputs.
Despite these unique challenges, AI security frameworks continue to rely on outdated security controls. Implementing Zero Trust AI means treating AI not as a trusted internal system but as a potentially compromised actor—requiring continuous monitoring, strict access controls, and validation at every stage of its operation.
If AI is truly as powerful as we claim, why are we still relying on perimeter-based security models to protect it? I get it – you already spent your security and privacy budget on your traditional tools – and your team and even the tools are integrating AI with or without anyone’s formal permission.
AI Security Is Not Just About Bad Code—It’s About Who Controls AI
For decades, cybersecurity teams have dealt with poorly coded, under-maintained technology stacks. AI is different—it is capable of:
✔ Identifying and exploiting vulnerabilities faster than human hackers.
✔ Generating malicious content, such as deepfakes, at an unprecedented scale.
✔ Bypassing traditional security controls by adapting to detection methods.
Perhaps the most alarming development is the proliferation of jailbroken AI models. These widely available, unrestricted AI models are being used for:
· Automating malware and phishing attacks.
· Creating highly convincing deepfake videos and voice manipulation.
· Generating synthetic identities and fraudulent documentation.
I have recently had some first hand experience with these tools – actually being used against me pretty effectively initially. Despite these dangers, there is no universally accepted framework for securing AI deployments. Organizations rely on a mix of compliance-driven security policies and traditional cybersecurity tools, neither of which are designed to handle the speed and scale of AI evolution.
If we continue down this path, AI will become the biggest security risk of the next decade—not because it is inherently dangerous, but because we failed to secure it properly.
Governments Are Investing in AI—But Not in AI Security
Governments around the world are pouring billions into AI research and development. Yet, almost no funding is being allocated to securing AI systems.
Historically, major technological breakthroughs—such as the Internet and nuclear power—were developed alongside corresponding security and containment measures. AI is the exception.
For every $20 invested in AI research, at least $1 should be invested in AI security and adversarial testing.
This is not about slowing AI progress—it’s about ensuring AI is safe, reliable, and aligned with human interests. Without proper security investments, we risk developing AI systems that:
· Can be exploited by nation-state actors and cybercriminals.
· Are vulnerable to manipulation by external forces.
· May, at some point, act in ways we don’t fully understand.
The security of AI is not just an industry issue—it is a national security priority. Governments should mandate AI security investments, just as they do for cybersecurity, critical infrastructure, and financial regulations. I actually agree with the US and UK – why sign a treaty to slow down development when our countries are not going to be the ones creating the significant threats – it will most likely be organized crime and nation states that do not follow rules and regulations – not to mention are incentivized to use them against us. This is more of a new arms race – but the big difference is we may not need Russia or the US to launch to ensure mutual destruction.
Organizations Are Already Feeding Sensitive Data into AI—Without Safeguards
Many executives assume their AI models are secure simply because they are internally deployed. This is a critical misunderstanding.
Employees are uploading confidential documents into AI systems daily. AI models are absorbing corporate trade secrets and sensitive data. Without proper security measures, this data could be exposed in future AI outputs.
Organizations must implement real-time AI monitoring, strict access controls, and encryption protocols to ensure sensitive data is not unintentionally fed into external models or used for unintended purposes.
Simply put: Would you allow employees to upload company secrets to an unvetted third-party system?
Then why allow them to feed sensitive corporate data into AI models without proper security measures?
The Workforce Shift: AI Will Change Jobs, Whether We Are Ready or Not
There is growing concern about AI replacing jobs, and while this transition won’t happen overnight, it is already reshaping industries.
· Companies are quietly using AI to increase efficiency, often resulting in workforce reductions.
· AI-powered automation is scaling faster than hiring can keep up.
· The economic shift driven by AI is inevitable—but how we prepare for it is not.
With the baby boomer workforce retiring, the U.S. and other countries face a critical labor shortage in key industries. AI will fill these gaps—not as a complete replacement for human labor, but as a necessary augmentation.
Instead of debating whether AI will replace workers, we should be proactively developing AI governance and policies to:
✔ Ensure AI is used responsibly and has capabilities and plans if it is not.
✔ Develop reskilling programs for displaced workers.
✔ Implement AI security controls to prevent misuse.
✔ Create and fund Anti AI capabilities alongside but not in the AI programs
Ignoring these challenges won’t prevent them from happening—it will only leave us unprepared for when they do.
A Problem We Must Solve Together
The AI revolution is here, and security cannot be an afterthought. We must:
✔ Adopt Zero Trust principles for AI, treating it as an untrusted entity by default.
✔ Implement real-time monitoring to detect and mitigate AI-based threats.
✔ Invest in AI security at the same scale as AI development.
This is not just an issue for tech companies—it is a global challenge that requires collaboration between governments, industry leaders, and security professionals.
AI is one of the most transformative technologies of our time. Whether it becomes a force for progress or a major security risk depends on the decisions we make today.
If we work together, we can harness AI’s potential while ensuring it remains safe,
Comments