Blog Authors:
Tom Curry, Senior Security Consultant, Office of the CISO
Anton Chuvakin, Senior Staff Security Consultant, Office of the CISO
When Google introduced the Secure AI Framework (SAIF) in 2023, we shared a technology-agnostic, conceptual guide for securing complex AI systems.
Since then, customers have asked us for more detailed guidance on how SAIF should be implemented in practice. To address this, we are thrilled to release our latest technical paper: "Implementing Secure AI Framework Controls in Google Cloud." This isn't a high-level policy document, it is a technical roadmap. It takes each of the controls identified in SAIF across six domains (Data, Infrastructure, Model, Application, Assurance and Governance), mapping each control to specific, actionable steps you can implement today in Google Cloud.
Moving from "Theory" to "Practice"
Securing AI isn't about reinventing the wheel; it's about adapting proven security principles to a new lifecycle. In this paper, we break down the Shared Responsibility Model for AI, clearly distinguishing between the protections you inherit from Google’s secure-by-default infrastructure and the specific controls you can configure.
Here are a few key takeaways from the guide that might change how you think about securing your AI stack:
- Data governance is the foundation: You might think the model is the core asset, but it starts with the data. Our guide details how to use features like Sensitive Data Protection and BigQuery differential privacy to identify and take action on sensitive personal information and privacy risks within your training data, guarding against privacy leaks at the source.
- The infrastructure reality check: Your models are only as secure as the infrastructure they run on. We show you how to apply features like IAM, VPC Service Controls, and Confidential Computing to create a hardened environment for your model weights, helping to protect them from exfiltration and tampering.
- Model defense - the new application security: Traditional security practices still apply, but new approaches are needed to safely use foundation models. We dive into Model Armor, a dedicated security layer for AI models that can filter malicious inputs (like jailbreak attempts) and sanitize outputs to guard against sensitive data disclosure.
- Agentic AI ups the ante: As we move from chatbots to autonomous agents that can take action, the risk profile changes. This paper includes new guidance on securing agentic AI, covering agent permissions, user authorization, and observability.
Build Boldly, Build Securely
The transition from simply "building AI" to "building secure, trustworthy AI" is a critical differentiator. It’s not just about risk reduction; it’s about having the confidence to innovate faster. Crucially, this paper goes beyond technical controls for the AI design, build and deployment phases. Assurance and governance measures provide a 360° approach, with guidance on implementing risk and vulnerability management, threat detection, incident response, policies, and education. All supported by Google Cloud.
Whether you are a developer building your first agent, a security engineer hardening a production environment, or a security leader looking to deepen your understanding, this paper provides the "how-to" for securing the AI frontier.
Access the full report here to learn how to deploy full lifecycle security controls within your AI applications in Google Cloud.