Skip to main content

Knowledge Hub

New page title image

Beyond the Hype: What It Takes to Secure AI

5 min read
Beyond the Hype: What It Takes to Secure AI
Image Source: GovWare 2025

AI is reshaping our world and looks set to rewrite the face of cybersecurity. Attackers are already using AI agents for reconnaissance, automating attacks across multiple threat vectors simultaneously. To stay ahead, defenders must rethink how they can protect organisations against these clear and present threats.

But first, how do we define trust in AI-powered systems? And how do we ensure that internal systems, including the infrastructure running often opaque AI models, haven’t been surreptitiously compromised? At GovWare 2025, industry leaders tackled these questions head-on.
 

Trust in AI Systems

As AI becomes embedded in critical systems, the industry is also embracing Zero Trust – "never trust, always verify." But how do you continuously verify a system designed to learn and adapt on its own? This tension was one of several topics explored by Vignesa Moorthy, CEO of ViewQwest, and Alexander Yap, Partner and Co-Head of FinTech Practice at Allen & Gledhill LLP, during their panel discussion.

A technologist who has expanded from connectivity to also delivering ICT and AI solutions, Moorthy highlighted how AI enables ViewQwest to better protect its systems: “We use AI to look at the network, especially when we are providing connectivity on a nationwide basis or across the region. What has been a game changer for us is the ability to use AI to process a massive amount of events. We are using that compute to help us process things at scale.”

But who carries accountability when AI makes a wrong decision? Yap observed that while providers of AI tools are often legally liable, contracts are typically negotiated to spread or disclaim responsibility, especially with complex statistical AI tools. He said: “There is legal liability on the provider, but whether the provider actually takes on all that liability depends on the terms that were negotiated… There may be some level of explainability in these tools, but things can still get complicated because so much of it is based on statistics.”

For Moorthy, not all AI decisions should be autonomous – some require human approval.

“Every action taken by an AI agent needs validation, or at least an explainable trail of why the action was taken… For anything critical, we still need a human to evaluate that decision… Until we have sufficient trust in the platform, we keep a human in the loop.”
Vignesa Moorthy, CEO, ViewQwest
 

Securing the Infrastructure Beneath

Beyond the question of human oversight, there's another critical concern: securing the infrastructure that runs AI workloads. In his presentation “Securing Kubernetes in the AI Era,” Anthony Burke, APJC CTO at Isovalent, talked about how Kubernetes has become a de facto solution for AI loads. He attributes this to how Kubernetes offers AI teams automation capabilities, a scheduler, access to GPUs and resources for training, and the ability to easily scale.

“We have seen [Kubernetes] evolve from a container scheduler for modern applications that gives consistency across on premises, bare metal, virtual machines and clouds, to now becoming a prime target for AI and machine learning workloads,” said Burke. He pointed to Nvidia's acquisition of Kubernetes-native platform Run:ai, and how Kubernetes is used to deliver AI-centric features at Amazon Web Services and CoreWeave, among others.

The problem? Kubernetes was never built with a deep security focus at its core. It's something Burke, who is widely recognised for his work designing large-scale data centre and network virtualisation architectures, has clearly spent a lot of time thinking about. He encouraged attendees to leverage Extended Berkeley Packet Filter, or eBPF, an open-source technology that enables developers to safely and efficiently extend capabilities at the Linux kernel level without having to modify kernel code.

Because AI workloads can scale and change extremely quickly, kernel-level automation through eBPF is needed to apply firewalls, enforce policies, and track new workloads in real-time. As Burke put it: “I cannot be having a human doing this. My [AI] environment needs to respond with a predetermined set of desirable behaviours.”
 

The Supply Chain Vulnerability

Finally, despite increasing attention focused on the cyber supply chain, one might reasonably conclude that the situation has grown worse given recent shocking disclosures of massive breaches stemming from supply chain-related compromises.

Noting how once-rare espionage techniques are becoming far more common, Wes Dobry, VP of Solution Engineering at Eclypsium, explained that the types of attackers organisations face today are not the same as before. Nation-state-sponsored groups are also targeting private organisations now, not just governments. Crucially, as governments adopt AI in more areas, if the underlying firmware of these components is compromised, the integrity of the AI models running on them cannot be guaranteed.

What can organisations do? Dobry offered a few suggestions. First, demand full transparency from suppliers on software, firmware, and hardware bills of materials, including understanding the third, fourth and even fifth-party suppliers behind every device. Second, continuously monitor devices for vulnerabilities and anomalies. Finally, patch aggressively and replace end-of-life devices that cannot be secured.

In a nutshell, organisations need to think about validating the hardware they use multiple times throughout its entire lifespan. Dobry said: “We don’t know anymore that the vendors we use haven’t been infiltrated or had threat actors in their environment for a year or even longer.”

“From a corporate perspective, we have to check it when we get it, check it again when we build it, check it again before services are provisioned… I want to make sure any changes that occur in software or hardware are notated, understood, and verified ongoing throughout the life of that device.”

As AI rapidly reshapes both attack and defence, the path ahead is impossible to predict. If there's one certainty, it's that success will demand vigilance at every level, from protecting the infrastructure running AI to rigorous supply chain verification. The organisations that thrive won't just be those adopting AI; they'll be the ones building the safeguards required to trust it. And this means keeping humans in the loop for crucial decisions.

 

View All Articles
Loading
GW26_Early Bird Popup

SAVE on GovWare 2026 Passes!

Enjoy Early Bird rates from now until 31 July 2026
20% off Full Conference Passes
30% off group bookings of 3 or more

Secure Your Pass