Securing AI at Its Core: Why Protection Must Start at the Silicon Level

As AI systems become more pervasive and powerful, they also become more vulnerable.

Software-based security measures such as application firewalls, intrusion detection, and patch management are important for protecting AI systems — but they are not enough. These solutions cannot fully address the risks introduced by modern AI architectures and the distributed workloads they support.

That’s why a hardware-based approach to security is also required. The strategy and related solutions, which complement software features, begin at the silicon level and embed security from the ground up.

In addition to technical threats, organizations face mounting regulatory pressures. Global and industry-specific standards now emphasize lifecycle security, data privacy, ethical AI deployment, and security-by-design principles. These pressures amplify the need for comprehensive AI security measures that cover both hardware and software layers.

Securing AI systems is not limited to software or cloud layers. It requires a holistic approach spanning edge devices, accelerators, data pipelines, and the underlying silicon supporting them. Key priorities include:

• Integrity and confidentiality of models and datasets
• Protection of user data during collection, transmission, and processing
• Secure communication between sensors, accelerators, and inference engines
• Hardware-based secure boot and runtime anti-tampering
• Cryptographic isolation of workloads

AI systems also require mechanisms to authenticate devices, manage keys securely, and enforce access control across distributed environments. These capabilities must be designed into the hardware, starting with systems-on-chip (SoCs) and chiplets, to ensure trustworthiness and resilience against evolving threats. This way, hardware security is the foundation of a secure system, providing fundamental trust and physical protection for AI systems.

Quantum computing introduces a new and disruptive dynamic to the security landscape. Widely used algorithms such as RSA and ECC will eventually be rendered vulnerable by large-scale, cryptographically-capable quantum computers. While the full impact of quantum threats may still be years away, the risks are already present.

“Harvest now, decrypt later” attacks are actively occurring, where encrypted data is collected today with the intent to decrypt it once quantum capabilities become available. Another type of attack, with potentially even more impact, is “trust now, forge later.” Through these attacks, signatures or certificates that are considered secure today could be forged in the future using quantum computers, undermining current authentication methods.

Fortunately, post-quantum cryptography (PQC) solutions are now available to help safeguard today’s systems against tomorrow’s quantum threats. These solutions leverage NIST-standardized cryptographic algorithms for key encapsulation and digital signatures. And they should be deployed along with other quantum-safe symmetric and hash cryptographic algorithms as well as entropy sources (TRNGs, PUFs).