Secure by Design
Learn more 
Blog
In today’s landscape where Cloud and AI are becoming the very fabric of digital innovation, security has transcended from its traditional role as an add-on or checklist item into a fundamental component integrated into every phase. Security acts as the specification, a critical gate within the CI/CD pipeline, and a vital runtime safeguard. It’s an intrinsic part of every system, ranging from a public REST API serving millions to the specialized GPU cluster training tomorrow's autonomous agents.
This article outlines the modern security paradigm we at Protect AI have adopted and championed. We translate core tenets such as Secure by Design, Zero Trust, and Defense in Depth from abstract ideals into practical automated guardrails that we are continuously developing and refining. For us, this framework is key to actively enforcing security at each stage of the development lifecycle ensuring that as we continue to innovate, security provides an uncompromised automated assurance.
At the core of our approach are three fundamental pillars that underpin every security control we implement:
- Secure by Design: Build security in every stage of the software development lifecycle.
- Zero Trust: “Never trust, always verify” across users, apps, networks and processes.
- Defense in Depth: Include layered controls so no single miss is fatal.
These pillars are operationalized through a unified framework of guardrails that we meticulously integrate with our engineering practices. This framework integrates machine-enforced security checks and validations into every phase of the software development lifecycle (SDLC) ensuring continuous security assurance.
|
SDLC Phase |
Purpose of Guardrails |
Pillars |
|
Plan |
Create a safe architecture and threat model before code |
Secure By Design |
|
Code |
Trust every commit |
Secure By Design, Zero Trust |
|
Build |
Ensure a trusted build, attestable artifacts, and a model software bill of materials (SBOM) |
Secure By Design |
|
Test |
Break it first, measure blast radius |
Secure By Design, Defense in Depth |
|
Deploy |
Ship only policy-compliant workloads |
Secure by Design, Zero Trust |
|
Operate |
Run least-privilege, immutable infrastructure |
Zero Trust, Defense in Depth |
|
Monitor |
Detect drift and feed lessons back to the Plan phase |
Secure by Design, Zero Trust, Defense in Depth |
Implementing Guardrails across the SDLC
Plan | Architecture Review & Threat Modeling
During the "Plan" phase, threat modeling is performed before implementation followed by a comprehensive security review prior to general availability. This process covers reviewing network flows, data flows, identities, AI model provenance, memory-safe language choices, secure defaults, and the overall blast radius.
Code | Trustworthy Commits
During the “Code” phase, we focus on ensuring every commit is trustworthy, aligning with Secure by Design and Zero Trust principles. Automated guardrails proactively verify code integrity, enforce secure practices, and prevent vulnerabilities.
|
Guardrail |
Implementation |
|
Signed commits |
Version Control System blocks unsigned pushes |
|
Two-person merge |
Branch protection enforces duty segregation |
|
Secrets lint |
Local Hook + Server Scan |
|
Pinned CI dependency |
Workflows reference immutable digests |
|
Commit-signature policy |
Only signed commits reach production branches |
Build | Attestable Artifacts
In the “Build” phase, our guardrails are dedicated to producing trusted/attestable artifacts and model SBOMs, aligning to Secure By Design principles. Automated guardrails verify each artifact's security, component validation, and build process, ensuring software supply chain integrity and transparency.
|
Guardrail |
Implementation |
|
Minimal base images |
Signed images pinned to immutable digest verified before pull/run |
|
Static scanning |
SAST, Secret, SCA, Infrastructure-as-code with hard fail gates |
|
SBOM for every model |
SPDX/CycloneDX |
|
Artifact signing |
Images and SBOMs cryptographically signed |
Figure 1: The Build guardrail incorporating static and model scans within the CI pipeline.
Test | Break It Before Attackers Do
In the “Test" phase, the goal is rigorous, multi-layered testing from unit testing to AI behaviors with the goal to identify and mitigate system weaknesses.
|
Layer |
Guardrail |
|
Unit/API |
Security unit tests and fuzzing |
|
Infrastructure |
Infrastructure-as-code smoke tests in sandbox |
|
Cluster |
Policy-as-code suite blocks privileged/non-compliant specs |
|
AI Behaviour |
Deploy | GitOps + Policy-as-Code
Guardrails within the “Deploy” phase use GitOps practice and policy-as-code to ship only policy-compliant workloads. This is accomplished through automated enforcement at deployment.
|
Guardrail |
Implementation |
|
Declarative State Reconciliation (GitOps) |
The deployment tool continuously reconciles declarative states to each cluster |
|
Kubernetes Admission Control |
Verifies image signatures and SBOM, Rejects workloads that violate pod-security context or network-segmentation policy |
|
Trusted Registry & Signature Verification |
Containers are pulled only from trusted registries with verified signatures at pull time |
Operate | Runtime Least-Privilege
In the “Operate” phase, the goal is to enforce least privilege during runtime.
|
Area |
Guardrail |
|
Container Security |
Containers run as non-privileged users with read-only root File System, read-only ConfigMaps, Seccomp and AppArmor profiles |
|
Network Security |
Default-deny policy, layered segmentation, pod-level allow-lists |
|
Credential Management |
Short-lived tokens issued by identity broker, avoid static secrets on disk |
|
LLM/Agent Runtime |
Each agent runs in its own pod with syscall allow-list and scoped/context based identity |
Monitor | Feedback Loop
During the “Monitor” phase, we establish a vital feedback loop with SOC and automation to identify drifts, take actions, feed lessons back to the Plan phase, reinforcing all security pillars. This cycle aims for an adaptive security posture that is responsive to evolving threats.
|
Signal |
Action |
|
GitOps drift |
Revert and SOC alert |
|
Container runtime anomaly |
Alert/Kill pod, take forensic snapshot |
|
New CVE in SBOM |
Trigger fast-patch build with merge review |
|
Prompt anomaly/Jailbreak |
Log prompt/response pair, alert SOC |
Beyond the SDLC
Zero Trust Anchors
We align to the Zero Trust pillar by establishing robust controls across key anchors of our environment. These anchors (Users, Machines, Workloads, Network, Processes, and Infrastructure) are secured with essential controls embodying the "never trust, always verify" principle. Trust chain is established through Identity system that is grounded in “Root of Trust” ensuring comprehensive trust evaluation.
|
Anchor |
Controls |
|
Users |
SSO and MFA, short-lived tokens, quarterly access review |
|
Machines |
Secure boot through trusted host provisioning, PKI |
|
Workloads |
Signed images and model artifacts,LLM output sanitization, image scanning, runtime sensor |
|
Network |
mTLS, tier segmentation, egress allow-lists/network gateway |
|
Infrastructure |
Identity-aware network plane, micro-segmented subnets, default-deny policy |
|
Team Processes |
Security review and sign off, SBOM publication, table tops/incident drills |
Defense in Depth Onion
Complementing Zero Trust, our Defense in Depth strategy materializes as a layered security model often visualized as an onion. Each concentric layer is designed to fortify the ones it encloses. This ensures that even if an attacker bypasses one control such as a WAF at the perimeter or injects a rogue AI prompt deeper inside, they must still overcome multiple independent barriers.
- Perimeter and Identity: Web app firewall/CDN, DDoS shield, TLS 1.3 + HSTS, MFA-backed IdP/IAM
- Network Isolation: VPC/subnet tiers, default-deny security groups and Kubernetes net policies, service-to-service mTLS
- Workload and Application Control: Signed distroless/alpine images, read-only File System, Seccomp/AppArmor, runtime sensor, AuthZ, input validation, content security policy
- Data/Model Protection: Encryption at rest and in transit, dynamic secrets and key vaults, integrity monitoring
Figure 2: The Defense in Depth Onion illustrating layered security controls.
Seamless Expansion to Hyperscale
A critical aspect of our security framework is its ability to scale effectively. As systems expand, our core security pillars are designed for hyperscale environments, ensuring that security remains robust and manageable.
|
Pillar |
Hyperscale Shift |
Immutable Truth |
|
Secure by Design |
Guardrails shipped as reusable blueprints injected into every repository/cluster |
Security is still baked-in Plan → Build → Deploy |
|
Zero Trust |
Federated identity/policy engines answer “who/what/why” at edge scale |
Every call still authenticated and authorized with provable intent |
|
Defense in Depth |
Fleet-wide chaos tests ensure blast radius stays local |
Layers stay the same; only the proof of isolation scales |
Guiding Principles and Lessons Learned at Protect AI
As a company, our journey in pioneering AI security while iteratively building our comprehensive guardrail system has taught us several valuable lessons:
- Embrace pragmatic progress: Prioritize pragmatic, incremental security enhancements over unattainable perfection as systems continue to evolve.
- Build on foundational controls: Implement fundamental controls like signed commits, secure base images, and default-deny networking first, then iteratively expand.
- Design helpful guardrails: Create developer-friendly security gates with clear feedback to encourage adoption, not workarounds.
- Collaborate to overcome challenges: Partner deeply with Infrastructure and Product teams to co-create effective, engineering-friendly solutions for integration and workflow.
- Drive systemic improvements: Focus on addressing root causes of issues, not just one-off fixes, to build lasting resilience.
- Establish a feedback loop: Continuously refine security designs using operational learnings and incident data (Monitor → Plan).
- Scale with reusable blueprints: Template controls into reusable blueprints and federated policies to scale security with system growth.
This holistic and evolving approach to security is our launchpad, empowering Protect AI to innovate with unwavering confidence and deliver a future of Secure by Design products for our customers.
