I've spent decades watching the cybersecurity landscape evolve, from the early days of viruses that slowly spread via the floppy disk “sneaker-net,” to today's ultra-fast moving, sophisticated AI-powered threats. One thing has remained constant: waiting until something goes wrong or trying to bolt security on late in the process is ineffective. Reactive security measures alone are insufficient. Building security in from the very beginning not only leads to better security outcomes for products and systems, when implemented with optimization and automation in mind it can actually speed up implementation and release cycles.
That’s why Protect AI is proud to be a signatory to CISA's Secure by Design pledge, joining a growing coalition of technology leaders committed to building security into products from the ground up.
Despite best efforts by forward thinking security experts, the reality is that in the drive to innovation, many companies adopt and build new solutions without taking security into account up front. The result is that rather than being a reinforcing thread woven deeply throughout the system, security is an afterthought that gets patched on very late in the process—often in response to incidents or vulnerabilities. This approach has led to a costly cycle of patch management, incident response, and customer anxiety. As we develop increasingly powerful AI systems, we simply cannot afford to maintain this reactive stance.
The statistics tell a sobering story. In 2024, the average cost of a data breach reached $4.88 million. As attackers adopt AI and automation in their attack toolkits, the total cost of breaches is most likely to increase. But response numbers may not capture the full picture: the lost customer trust, regulatory scrutiny, and operational disruptions that follow security incidents can have lasting impacts on businesses and their stakeholders, too.
As an AI security company, we face unique challenges. Our system development processes are in line to process vast amounts of customer data. Our solutions are depended on by customers to provide security benchmarks and level sets. For example, our model scanning tool, Guardian, is used by customers to scan, understand, and govern the security posture of first and third party models. If Guardian fails to identify malicious code, it could affect a customer’s model integrity, decision making processes, and their fundamental trust in AI systems.
Secure by Design principles align with our vision for responsible development. By committing to these principles, we're pledging to:
Those all sound like great principles, but putting them into place takes careful planning and practice.
To make our commitment to the pledge real, we’re implementing Secure by Design principles in the following ways:
To meet this principle we take a variety of actions to ensure that the burden of security does not fall solely on the customer. While all security is a shared responsibility between customers and providers, this principle guides us to take accountability for the part of the burden that we can bear rather than pushing it onto the customer. Some of the ways we meet this principle in practice include:
Building secure products is important, but if customers don’t have insight into what that looks like in practice, they are not empowered to understand the risk profile of the software they are adopting. We take accountability for security via the following actions:
We also support transparency with an open door policy for customers to ask us about our product security standards and by using continuous monitoring and reporting tools that customers can use to check our current status at any time via our trust portal.
Building with a Secure by Design mindset requires support from the very top. The security principles are Protect AI, start at the top with our C-Suite and Board of Directors. And to make sure we maintain this principle in practice we take the following actions:
While regulatory compliance is important, our commitment to Secure by Design goes beyond checking boxes. We're fundamentally rethinking how we approach security in AI development. This means:
The AI industry stands at a crossroads. As we develop increasingly powerful systems, our responsibility to build them securely grows exponentially. The CISA Secure by Design pledge provides a framework for meeting this responsibility, but its success depends on widespread adoption and genuine commitment from technology leaders.
Security by Design should be the foundation upon which we build the future of AI.
Together, we can create a more secure and trustworthy AI ecosystem that benefits everyone.
This pledge isn't just about protecting our systems or our company's reputation. It's about ensuring that as AI becomes more integrated into critical systems and daily life, we can trust it to operate safely and securely. That's a future worth building, and it starts with designing security in from the beginning.