AI Security: Shift from Models to System-Level Defense

AI security needs a fundamental shift from focusing on models to securing entire systems. That's according to new research. Here's the thing: traditional security methods are falling short because AI agents behave more like operating environments than simple software. Enterprises cannot secure these agents by just making the underlying models more robust. Instead, security controls must be enforced at the system level around them. The paper argues that AI agents should be treated as fundamentally untrusted systems, similar to how an operating system treats a process. Researchers warn that prompt-level defenses alone are not enough once agents access enterprise tools or execution environments. They propose five principles from systems security, including "least privilege" and "secure information flow," which were violated in real-world AI agent attacks they analyzed. The bottom line: simply adding more machine-learning guardrails is not a true defense, because these guard models often share the same weaknesses as the agents they monitor.