Studying privacy, leakage, adversarial risk, and governance constraints that shape AI systems used in regulated or security-sensitive environments.
Current thesis
High-stakes AI deployment is mainly an engineering and governance problem. Model quality matters, but the decisive questions are about threat models, access boundaries, logging, rollback, data stewardship, and the human ability to notice and contain failure.
2026 perspective
In 2026, the serious question is not whether an AI feature can ship. It is whether it can fail safely, be audited under pressure, and remain governable across vendors, updates, and adversarial use.
Human factors lens
Security controls only work when operators can tell what state the system is in, what the safe next action is, and who owns the next decision. Human-factors engineering is part of the defense surface.
Guidance from CISA, NSA, and partner agencies on deploying AI securely, first released on April 15, 2024, is still being operationalized in real systems, while the international Guidelines for Secure AI System Development keep pressure on teams to treat the full lifecycle as part of the attack surface. NIST's 2025 adversarial machine learning taxonomy further sharpens the threat vocabulary around model evasion, extraction, and poisoning. The practical lesson is straightforward: security cannot be bolted onto a model endpoint after procurement. It has to be designed through architecture, operations, and user-facing defaults from the start.
Default settings, permissions, and data paths should assume non-expert operators and common attacker behavior.
Reassess risks at design, procurement, deployment, maintenance, and retirement rather than only during launch.
Keep logs, versioning, and evidence retention in forms incident responders and compliance teams can actually use.
Design for partial compromise, rollback, isolation, and fail-safe degradation instead of assuming the model will stay well behaved.
Probe prompt injection, data poisoning, extraction, model evasion, and tool misuse under realistic attack paths.
Test whether models, logs, and retrieval layers expose sensitive data directly or through inference.
Measure detection latency, containment speed, rollback quality, and evidence availability during incidents.
Check whether controls, documentation, and review points satisfy the actual regulatory or institutional workflow.
Joint CISA, NSA, FBI, and partner guidance published on April 15, 2024 and still highly relevant for deployment threat modeling and controls.
International lifecycle guidance that keeps supply chain, maintenance, and decommissioning inside the security conversation.
A 2025 taxonomy that helps teams reason more precisely about attack classes and failure surfaces in AI systems.
A current navigation point for U.S. guidance on securing and using AI systems in operational environments.