AI-as-a-Service security — model isolation + prompt-injection + AIBOM
AI-as-a-Service (per-API-call inference, fine-tuning offerings, RAG-as-a-service) has unique threats: tenant-prompt isolation, prompt-injection, training-data contamination, AIBOM transparency.
Top security risks
Prompt injection
Customer A's adversarial prompt modifies behavior for Customer B in shared-state systems.
Training-data contamination
Customer prompts/responses leak into your next fine-tune by mistake.
Cross-tenant prompt leakage
Shared model state lets one tenant's prompts or responses surface in another tenant's session.
Service-account key leakage
Customer's API key leaked → LLMjacking attack on your inference budget.
Regulatory context
Securie focuses on the security-engineering surface: tenant-isolated inference, prompt-injection defense, training-data opt-in, and per-tenant spend caps verified on every change.
Checklist
- Tenant-isolated inference (no shared model state)
- Prompt-injection defense (Llama Guard 4)
- AIBOM published per /legal/ai-bill-of-materials
- Training-data opt-in only
- Per-tenant LLM spend caps
Buyers ask for AIBOM (CycloneDX 1.6), training-data practice, prompt-injection defense, and model-card documentation. Show a verifiable security posture for each.