Securing AI in 2025: A Risk-Based Approach to AI Controls and Governance

Artificial intelligence (AI) is a cutting-edge tool transforming the way organizations enhance efficiency, decision-making, and cybersecurity. But with every new technological advancement comes new risks. To address these risks, organizations must adopt comprehensive controls to ensure the secure implementation of AI.

And while security controls like access restrictions, data protections, and inference monitoring are vital to safeguarding against unauthorized access, data manipulation, and adversarial attacks, they are not enough. Organizations must also implement governance, compliance, and risk-based decision-making to ensure AI is deployed responsibly.

This blog summarizes the SANS Draft Critical AI Security Guidelines v1.1 outlines how enterprises can securely and effectively implement AI using a risk-based approach.

Why Your Organization Needs AI Security Controls

As organizations increasingly adopt AI, they face a growing set of risks beyond traditional security threats. While technical controls like access restrictions, data protections, and inference monitoring are critical, they are insufficient on their own. Organizations must also integrate governance, compliance, and risk management to ensure they are capable of facing the challenges AI poses, such as:

• Unauthorized Access and Model Tampering: Without strict access controls, adversaries can alter output and trustworthiness of AI models.
• Data Poisoning and Integrity Risks: AI models are only as reliable as their training data. This is why weak data access controls can introduce vulnerabilities.
• Adversarial Manipulation: Prompt injection attacks and model poisoning can alter AI behavior.
• Regulatory Compliance Challenges: New and evolving regulations require that organizations enforce governance and transparency.

Governance frameworks, compliance strategies, and risk management methodologies must complement AI security controls for organizations to successfully deploy AI solutions.

The Six AI Security Control Categories

The SANS report identifies six key control categories organizations must focus on to mitigate risks and ensure secure AI deployment:

1. Access Controls

Access controls protect AI systems from unauthorized access. AI models must be protected using strict access controls, including:

• Least Privilege: Restrict user, API, and systems access based on necessity to minimize the risk of unauthorized modifications.
• Zero Trust: Continuously verify all interactions with AI models to ensure applications and endpoints are secure.
• API Monitoring: Detect and limit unusual API usage patterns to prevent abuse.

2. Data Protections

AI relies on vast amounts of operational and training data. The security of this data must be a top priority for organizations to safely deploy AI. Measures include:

• Data Integrity: Prevent modifications that could bias or corrupt model outputs.
• Separating Sensitive Data: Avoid training AI models with highly confidential or personal information unless explicitly necessary.
• Protecting AI Prompts: Unauthorized access to prompts can expose business intelligence and decision-making strategies.

3. Deployment Strategies

Organizations must consider the security implications of where and how they deploy AI, including:

• Local vs. Cloud-Hosted Models: On-premises hosting provides greater control but requires significant computing resources.
• Integrated Development Environments (IDEs): AI coding assistants can expose API keys, algorithms, and internal datasets.
• Retrieval-Augmented Generation (RAG) Security: Protecting vector databases against unauthorized data alterations.

4. Inference Security

In an inference attack, adversaries manipulate AI output by injecting deceptive input. To safeguard against these attacks, organizations should:

• Implement guardrails by defining response policies for AI outputs.
• Filter and validate prompts to mitigate prompt injection attacks.
• Prevent backdoor exploits by ensuring AI models don’t contain hidden behaviors that adversaries can trigger.

5. Continuous Monitoring

Once an organization securely deploys AI, continuous monitoring and adjusting of the model is a must. To detect anomalies in AI models, the report recommends that organizations implement:

• Inference Refusal Tracking: Ensure models refuse inappropriate queries while maintaining accuracy.
• Model Drift Detection: Monitor changes in model behavior to detect unauthorized alterations.
• Logging Prompts and Outputs: Maintain audit trails for sensitive AI-generated decisions.

6. Governance, Risk, and Compliance (GRC)

The secure deployment of AI requires that organizations use a structured approach and comply with data protection and privacy regulations. To do this, organizations should:

• Implement AI Risk Management Frameworks: Align AI security using standards like NIST’s AI Risk Management Framework (RMF) and MITRE ATLAS^TM.
• Maintain an AI Bill of Materials (AIBOM): Document AI supply chain dependencies to ensure transparency.
• Use Model Registries: Track the AI model lifecycles for version control and risk assessment.

Taking a Risk-Based Approach

To balance security, efficiency, and compliance, organizations must use a risk-based approach while gradually adopting/implementing AI models. This measured implementation calls for organizations to deploy AI in less critical environments first to ensure adequate safeguards are in place before expanding its use. To do this, organizations can:

• Implement AI Incrementally: Deploy AI in non-critical systems first, then expand as security controls mature.
• Adopt Enterprise AI Policies: Establish centralized AI governance boards to oversee security, ethics, and compliance.
• Develop an AI Incident Response Plan: Prepare for security breaches to ensure rapid mitigation.

Secure AI Implementation is a Continuous Process

As AI is increasingly adopted, security will inevitably become more complex and require that organizations continuously adapt their security strategies. The SANS Draft Critical AI Security Guidelines v1.1 is built on three bedrock principals: robust security controls, governance and compliance, and a risk-based approach.

By using a gradual and proactive approach to AI implementation, organizations can harness AI’s full potential securely while minimizing risk. This strategy demands a continuous approach to AI security, taking into account both the speed of AI adoption and the evolution of its technology. AI is an ongoing challenge that demands an organization’s continued vigilance as it continues to alter and affect today’s cyber threat landscape.

Join the Conversation: Help Shape AI Security

We invite you to review the full SANS Draft Critical AI Security Guidelines v1.1, and stay tuned for how you can submit feedback when public comments open!