{"id":58243,"date":"2025-03-04T18:00:00","date_gmt":"2025-03-04T18:00:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/securing-generative-ai-models-on-azure-ai-foundry\/"},"modified":"2025-03-04T18:00:00","modified_gmt":"2025-03-04T18:00:00","slug":"securing-generative-ai-models-on-azure-ai-foundry","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/securing-generative-ai-models-on-azure-ai-foundry\/","title":{"rendered":"Securing generative AI models on Azure AI Foundry"},"content":{"rendered":"
<\/div>\n

New generative AI models with a broad range of capabilities are emerging every week. In this world of rapid innovation, when choosing the models to integrate into your AI system, it is crucial to make a thoughtful risk assessment that ensures a balance between leveraging new advancements and maintaining robust security. At Microsoft, we are focusing on making our AI development platform a secure and trustworthy place where you can explore and innovate with confidence. <\/p>\n

Here we\u2019ll talk about one key part of that: how we secure the models and the runtime environment itself. How do we protect against a bad model compromising your AI system, your larger cloud estate, or even Microsoft\u2019s own infrastructure?  <\/p>\n

How Microsoft protects data and software in AI systems<\/h2>\n

But before we set off on that, let me set to rest one very common misconception about how data is used in AI systems. Microsoft does not<\/em> use customer data to train shared models, nor does it share your logs or content with model providers. Our AI products and platforms are part of our standard product offerings, subject to the same terms and trust boundaries you\u2019ve come to expect from Microsoft, and your model inputs and outputs are considered customer content and handled with the same protection as your documents and email messages. Our AI platform offerings (Azure AI Foundry<\/a> and Azure OpenAI Service<\/a>) are 100% hosted by Microsoft on its own servers, with no runtime connections to the model providers. We do offer some features, such as model fine-tuning, that allow you to use your data to create better models for your own use\u2014but these are your<\/em> models that stay in your tenant. <\/p>\n

So, turning to model security: the first thing to remember is that models are just software, running in Azure Virtual Machines<\/a> (VM) and accessed through an API; they don\u2019t have any magic powers to break out of that VM, any more than any other software you might run in a VM. Azure is already quite defended against software running in a VM attempting to attack Microsoft\u2019s infrastructure\u2014bad actors try to do that every day, not needing AI for it, and AI Foundry inherits all of those protections. This is a \u201czero-trust\u201d architecture: Azure services do not assume that things running on Azure are safe! <\/p>\n

Now, it is<\/em> possible to conceal malware inside an AI model. This could pose a danger to you in the same way that malware in any other open- or closed-source software might. To mitigate this risk, for our highest-visibility models we scan and test them before release: <\/p>\n