Zero-trust principles: verify explicitly, use least privilege, assume breach. For AI systems: every model inference request authenticated+authorized, no implicit trust based on network location. API security: OAuth2 + PKCE, short-lived tokens, scope minimization. Audit logging: immutable append-only logs for all AI decisions. Data classification: PII/PCI/PHI handling in RAG pipelines. Threat model: prompt injection, training data poisoning, model extraction, membership inference. NIST AI RMF...
- security
- zero-trust
- enterprise