Partner POV | AI Security is an Architectural Decision

Article written and contributed by: Fortinet

As AI adoption accelerates, organizations face a critical architectural decision: extend existing security controls—identity, policy enforcement, observability and data governance—to cover AI systems, or secure AI as a separate layer. The choice will determine whether AI introduces resilience or instability.

What began as experimentation with public generative AI (GenAI) tools has evolved into something foundational. Many enterprises have begun building private large language model (LLM) environments, integrating AI into core applications and deploying agentic systems that retrieve data, interact with APIs and initiate workflows across business systems. As a result, AI is no longer peripheral. Instead, it is becoming part of the infrastructure.

That shift requires a different security mindset.

The most common mistake is treating AI as a standalone application stack with separate controls. In reality, AI workloads depend on and influence identity systems, network policies, data governance, API enforcement and operational workflows. Securing AI effectively requires embedding governance, traffic inspection and policy enforcement at every control point across the architecture.

AI expands the attack surface in layers

AI risk is not confined to a single control point. It emerges across layers.

• At the interface layer, public GenAI tools and user prompts create exposure through shadow AI use and poorly governed workflows.
• At the knowledge layer, private LLM infrastructure—training data, vector databases, retrieval pipelines, and model logic—falls under enterprise responsibility. Once AI operates within enterprise systems, the organization assumes full responsibility for its integrity and protection.
• At the action layer, agentic AI introduces autonomy. Agents retrieve data, transfer information across systems, call APIs, and trigger automated processes, often at machine speed.

These layers are not independent. Risk compounds as autonomy increases. The central challenge is not visibility in isolation but coordinated enforcement across the full stack.

The sequencing problem

How organizations adopt AI is just as important as what they deploy.

While some begin with controlled use of GenAI, establish governance for private LLM infrastructure and introduce agentic autonomy only after developing policy and segmentation frameworks, others move directly from experimentation to automation, deploying agents before architectural guardrails are fully in place.

Industry forecasts indicate that many of these agent-first initiatives will be redesigned or abandoned—not because the underlying technology fails, but because governance was not integrated early. When autonomy outpaces architecture, organizations eventually face regulatory, security or cost constraints that force redesign.

This is not a technical limitation. It's a sequencing issue. Governance needs to scale before autonomy.

Runtime Is where AI risk materializes

Development-time controls and pre-deployment testing are insufficient to prevent attacks on production AI. Once AI models are in production, new threats emerge, such as prompt injection, model manipulation, API abuse and cross-system data exfiltration during inference.

Private LLMs face additional runtime risks, such as training data poisoning and model extraction. Agentic systems increase the potential impact by authenticating users, invoking enterprise APIs and interacting directly with business systems. That's why AI security requires continuous controls over users, agents, the network and applications during operations. 

In practice, this means AI needs to be protected across the network, with policy enforced simultaneously at the firewall, API gateway and SIEM with zero-trust network access (ZTNA).

Convergence as the enabler

The broader implication is architectural.

Organizations with fragmented networking and security stacks will struggle to manage AI securely. When policy enforcement, telemetry, identity controls and API inspection are spread across disconnected systems, AI creates security gaps and new vulnerabilities.

Secure networking convergence offers an alternative approach. A unified operating system foundation, a shared policy framework and a coordinated telemetry model enable consistent enforcement across edge, cloud and data center environments. AI workloads should follow the same discipline as any other critical system.

As the Fortinet platform has evolved, AI visibility, runtime guardrails and agentic controls have been integrated into the converged foundation rather than developed as separate systems. The principle is simple: innovation should enhance the architecture, not divide it.

Governing agentic systems

Agentic AI represents the most consequential shift. These systems do more than generate insights. They take action by retrieving information, analyzing data and interacting with APIs. Their decisions can also spread instantly across the entire managed environment.

That level of authority requires visibility into how agents communicate, the context of their identity and how their actions align with enterprise policies. At a minimum, automation must remain accountable to governance frameworks, meaning agent systems should operate within established boundaries and not exceed them, and their actions must be logged, explainable and auditable.

Preparing for what comes next

AI adoption will continue to expand. As more companies move their AI experiments into full production, AI infrastructure will grow in response to regulatory pressure and data residency concerns. Consequently, agentic systems will become more mature.

The organizations that succeed will not be those that rush to deploy isolated solutions, but those that choose a robust architectural framework with AI security embedded within it. As AI becomes part of your production environment, it must be governed as part of your architecture rather than as a separate component.