SH
SHELL
AI Powered Learning Portal
Module 2 Lesson 1: AI System Components
·AI Security

Module 2 Lesson 1: AI System Components

Deconstruct the components of modern AI systems, from data layers to infrastructure, to understand the critical pieces that require security monitoring.

ai-architectureinfrastructuredatamodels

Module 2 Lesson 1: AI System Components

To defend a system, you must first understand its shape. AI systems are not monolithic; they are complex pipelines of data, models, and tools. We categorize these into five primary layers.

graph TD
    subgraph "Infrastructure Layer 5"
    I[Cloud / Kubernetes / GPU]
    end

    subgraph "Tools Layer 4"
    T[APIs / Plugins / Sandboxes]
    end

    subgraph "Interface Layer 3"
    P[Prompts / System Messages / Context]
    end

    subgraph "Model Layer 2"
    M[Weights / Inference Engine / LLM]
    end

    subgraph "Data Layer 1"
    D[Vector DBs / SQL / Training Sets]
    end

    D --> M
    M --> P
    P --> T
    T --> I

Layer 1: Data & Storage (The Knowledge)

  • Components: Vector databases (Chroma, Pinecone, Weaviate), Document stores (S3, SQL), and Training datasets.
  • Role: This layer provides the "source of truth" and long-term memory for the AI.
  • Primary Risk: If an attacker can modify a document in your S3 bucket, they can "poison" the AI's retrieved context (RAG).

Layer 2: The Model Layer (The Brain)

  • Components: Model weights (e.g., Safetensors), Inference engines (Ollama, vLLM, CUDA), and Orchestration frameworks.
  • Role: Processes inputs and generates mathematical predictions.
  • Primary Risk: Direct manipulation of model weights or "Parameter Tampering" where an attacker changes the behavior of the brain itself.

Layer 3: The Prompt & Context (The Interface)

  • Components: System messages (instructions), User inputs, Context windows, and Few-shot examples.
  • Role: Defines the boundaries, personality, and immediate tasks for the model.
  • Primary Risk: The inability of the model to distinguish between developer instructions (System) and attacker input (User).

Layer 4: Tools & Interconnects (The Hands)

  • Components: API connectors, Search plugins, and Code execution sandboxes (Python interpreters).
  • Role: Allows the AI to act in the digital world (e.g., "Send an email" or "Check the database").
  • Primary Risk: Over-privileged tools that allow an AI to perform dangerous actions if manipulated by a prompt injection.

Layer 5: Infrastructure (The Foundation)

  • Components: GPU clusters, Kubernetes, API Gateways, and Cloud IAM.
  • Role: The compute and network environment hosting all other layers.
  • Primary Risk: Standard cloud vulnerabilities like "Internal API Exposure" or "Container Escape" where an attacker jumps from the AI sandbox to the host server.

Exercise: Inventory Check

  1. Look at a popular AI framework like LangChain or LlamaIndex. Identify one component for each of the 5 layers.
  2. Which layer do you think is the hardest to secure with traditional firewall rules? Why?
  3. If an attacker gains access to the Data Layer, can they affect the behavior of the Model Layer? Explain how.
  4. Research: What is "Inference Latency" and how could an attacker use it to perform a Denial of Service (DoS) attack on the Infrastructure layer?

Summary

Modern AI is modular. By breaking the system into these five components, we can apply specific security controls to each layer rather than trying to secure the "entire AI" as a single entity.

Next Lesson: The invisible walls: Trust boundaries in AI systems.

Previous LessonModule 1 Lesson 5: Real-World AI Security Failures
Next LessonModule 2 Lesson 2: Trust Boundaries in AI Systems

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn