AI changes both what you need to protect and how you protect it. Traditional, perimeter-centric security was designed for predictable, deterministic systems and on-premises networks. AI and GenAI work very differently:

• AI is data-centric: GenAI analyzes and generates content based on large volumes of data. That makes the quality, classification, lineage, and protection of your data central to security, not just an IT hygiene task.
• Traffic is encrypted and dynamic: AI traffic is often encrypted and highly dynamic, so classic tools like firewalls, IDS/IPS, and network DLP—built to spot static patterns—have limited visibility and effectiveness.
• Attackers are already using AI: Adversaries are using AI to increase the volume and quality of phishing, scams, and other attacks, and they are actively targeting AI applications as new entry points.

Because of this, organizations are moving to a Zero Trust approach that is:

• Asset- and data-centric: Protects data and applications wherever they live—cloud, AI services, mobile devices, or on-premises—rather than relying on a single network perimeter.
• Based on three core principles:
  • Verify explicitly: Use all relevant signals (identity, device, location, behavior) before granting access.
  • Use least privilege access: Apply just-in-time and just-enough-access, with adaptive, risk-based policies.
  • Assume breach: Design as if attackers can compromise any identity, device, or app, and limit blast radius.

In practice, rethinking security for AI means:

• Integrating security experts into AI solution design from the start, rather than bolting controls on later.
• Prioritizing data classification, labeling, and encryption so AI systems can enforce access correctly.
• Updating security controls and policies to account for AI’s non-deterministic behavior and new usage patterns.
• Evaluating AI-powered security capabilities to help analysts investigate incidents, summarize impact, and automate repetitive work.

AI can significantly advance your business, but without this shift in strategy, it also increases the risk of data leaks, compliance issues, and reputational damage. Zero Trust provides a practical way to adapt your security posture to how AI actually operates.

Zero Trust and AI reinforce each other. AI thrives in the kind of controlled, data-aware environment that Zero Trust creates, and AI can in turn help accelerate Zero Trust adoption.

Here’s how Zero Trust helps secure AI in practical terms:

1. Moves from network-centric to asset- and data-centric security
   Traditional perimeter defenses can’t reliably protect AI workloads because AI:
   • Runs across cloud services, SaaS, PaaS, mobile, and on-premises environments.
   • Relies on encrypted, dynamic traffic that doesn’t match static signatures.
   Zero Trust focuses on protecting the data and applications themselves with controls like classification, encryption, and adaptive access, regardless of where they reside.
2. Improves access decisions for AI systems
   Zero Trust applies its core principles directly to AI:
   • Verify explicitly: AI apps check user identity, device health, and context before returning sensitive results.
   • Least privilege: Users and services get only the access they need to specific datasets or AI capabilities.
   • Assume breach: Designs limit what an attacker can do even if they compromise an account or component.
   This is critical when AI can surface sensitive content (for example, salaries or confidential projects) based on underlying documents.
3. Strengthens data governance for AI
   GenAI amplifies existing data issues. If data is poorly classified or unlabeled, AI can make sensitive information easier to discover for people who should not see it. Zero Trust encourages you to:
   • Define and apply a formal data classification strategy.
   • Use labels, access controls, and retention policies that AI applications can understand and enforce.
   • Align AI behavior with your identity model and permissions, so AI respects who is allowed to see what.
4. Uses AI to accelerate Zero Trust implementation
   AI can help you operationalize Zero Trust faster by:
   • Automating data discovery and classification across large data estates.
   • Guiding analysts through incident response, summarizing attacks, and generating investigation reports.
   • Generating scripts and automation to reduce repetitive manual work (with secure-by-design review).
   • Identifying unusual data movement patterns that may indicate insider risk or exfiltration.

For organizations adopting AI at scale, Zero Trust provides a structured way to align security with business risk, protect high-value data, and keep AI initiatives productive without exposing the organization to unnecessary security and compliance issues.

AI security follows a shared responsibility model, similar to cloud security. Both your organization and your AI provider have distinct roles, and understanding this split is key to planning investments and controls.

Think of AI security across three layers:

• AI platform: The underlying infrastructure and AI services (for example, Azure AI, the models behind Copilot).
• AI application: The software and integrations you build or configure to use generative AI productively and securely.
• AI usage: How people in your organization actually use AI—what data they provide, what they generate, and how they share it.

The division of responsibility shifts depending on the deployment model:

IaaS (Infrastructure as a Service – “build your own model”)

• The provider (e.g., Microsoft) secures the infrastructure (compute, storage, networking).
• Your organization is responsible for securing models, data, and applications you build on top, including:
  • Model configuration, training data governance, and tuning.
  • Application security, plugins, and integrations.
  • Identity, access, and data protection.

PaaS (Platform as a Service – Azure AI and similar)

• The provider offers AI capabilities with many embedded controls and safety features.
• You focus on securing the custom application and its usage:
  • Designing safe prompts, workflows, and business logic.
  • Controlling which data sources the AI can access.
  • Managing user access, monitoring, and governance.

SaaS (Software as a Service – managed AI like Copilot)

• The provider manages the service, software, and most platform-level security.
• Your organization still owns:
• AI usage: User training, acceptable use policies, and how people interact with the tool.
• Data security and governance: What data you connect, how it’s labeled, and who has access.
• Identity and access: Ensuring accounts, roles, and permissions are configured correctly.

To operationalize this model, it helps to focus on three control areas:

• Data access controls: Use APIs, ACLs, and labeling to govern which data AI can see and how it’s used.
• Application controls: Define how applications interact with models and data, including plugins and integrations.
• AI model controls: Ensure models are configured and monitored to prevent unintended disclosures and misuse.

By mapping responsibilities clearly across these layers and models, you can plan where to invest in people, processes, and technology—and avoid gaps where both you and the provider assume the other party is handling a critical security function.