What is secure-by-design-AI?

secure-by-design AI (noun)

A development methodology for AI systems that treats security as a foundational design principle rather than an add-on feature.

As organizations embed artificial intelligence across their operations, many are discovering that traditional IT security approaches fall short. AI systems introduce entirely new potential hazards — including model theft, prompt injection, data poisoning, and hallucinations — that can’t simply be patched over after the fact.

To address these AI risks, MIT Sloan senior lecturer and principal research scientist Keri Pearlson and Nelson Novaes Neto, an MIT Sloan research affiliate and CTO of Brazil-based C6 Bank, developed a framework for secure-by-design AI. Their approach condenses hundreds of technical considerations into 10 strategic questions that can help executives identify risks and align AI initiatives with business priorities, ethical standards, and cybersecurity requirements — before systems are too far along to be secured effectively.

When C6 applied the framework, it surfaced 19 critical design considerations and led the digital bank to develop a four-part platform architecture that separates experimental AI efforts from production-grade systems that interface directly with customers. The exercise also helped C6’s legal and compliance teams draft an AI-specific manual outlining expectations and regulatory risks.

The framework doesn’t eliminate all AI risk, but it provides a practical foundation for better questions, clearer decisions, and more resilient designs. “The most powerful thing about these 10 questions is that they force you to think ahead,” Pearlson said.

See the 10 questions at 'This new framework helps companies build secure AI systems'