Skip to content

The Zero Trust AI Governance Framework

The rapid pace of AI development has generated excitement about its transformative potential. However, concerns have also emerged around the responsible deployment of these powerful technologies. As debate continues on AI governance, stakeholders aim to strike the right balance between enabling innovation and ensuring accountability.

Calls for Increased Oversight

Accountable Tech, the Electronic Privacy Information Center (EPIC), and AI Now state that reliance on voluntary self-regulation from AI developers has proven insufficient thus far. They point to flawed systems being rushed to market, while industry leader warnings of existential risk ring hollow given quiet lobbying against meaningful accountability measures.

These organizations have drafted a Zero Trust AI Governance Framework aiming to address these concerns through increased oversight and corporate accountability of AI systems and development.

What Does the Framework Call For?

The framework puts forward three core principles:

  1. Enforcing existing laws vigorously, including consumer protection, anti-trust, liability, and anti-discrimination laws.
  2. Establishing clear, enforceable rules that prohibit certain uses of AI like emotion recognition and predictive policing. Calls for limiting data collection and sharing are also included.
  3. Requiring companies to prove their AI systems are not harmful through documented risks assessments, testing protocols, monitoring, and independent audits to detect flaws, bias, and misuse.

How AI Poses New Security Challenges

AI poses various risks in the realm of enterprise security. Some of the top AI-cyber attacks and threats include:

  • AI-Powered Malware: Malware that harnesses AI to self-modify and dodge detection in changing environments.
  • Advanced Persistent Threats (APTs): These prolonged assaults use AI to bypass detection while zeroing in on distinct targets.
  • Deepfake Attacks: AI-generated synthetic media is used to impersonate individuals for fraud or disinformation.
  • DDoS Attacks: Threat actors can employ DDoS attacks that leverage AI to pinpoint and exploit weak links in networks, amplifying the extent and severity of breaches.
  • Phishing: Through machine learning and natural language processing, attackers design persuasive phishing emails to ensnare unsuspecting users.

Applying Zero Trust to AI Governance

Organizations can help limit AI risks by leveraging key zero trust principles including:

  • Least-Privilege Access: Applying least-privilege access controls could help restrict data access and prevent unauthorized aggregation of training data sets that raise privacy concerns.
  • Continuous Verification: Implementing continuous verification of users and devices could mitigate risks of deception attempts or social engineering by AI systems.
  • Segmenting Access: Monitoring all activity and segmenting environments into separate trust zones could aid oversight and make auditing easier to catch flaws, biases or misuse.
  • Strong Authentication: Mandating multi-factor authentication at a minimum helps ensure users engaging with AI systems are properly authenticated first. Passwordless methods offer even great security for user authentication.

Closing Thoughts:

As AI systems continue to advance and proliferate, organizations must take steps to ensure these powerful technologies are deployed securely and responsibly. Additionally, by adopting zero trust principles, enterprises can mitigate many of the risks outlined in the Zero Trust AI Governance framework while bolstering their security posture.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit, and follow us on Twitter and LinkedIn.。



Click one of our contacts below to chat on WhatsApp