We Rushed to Build the AI Future – Now We Have to Defend It

Digital platforms are no stranger to security threats from all manner of sources.  We have firewalls, anti-phishing techniques, virus protection, and more.  It’s always a challenge to stay ahead of the game, but the game itself has established rules and norms.  We know what to expect, and even when there is a breach there is usually a predictable reason once the investigation is conducted.

The problem is, our technology evolution is moving so quickly that we are developing new applications, new use cases, even new infrastructure far faster than we can stop and brainstorm where the weaknesses might be.  The most common, and painful, way to find a weakness is when a bad actor exploits it.  This is not the right way to do business, but because of the quickly evolving manner in which we gather, analyze, and utilize data, we simply can’t afford to wait for an attack to learn where our weaknesses might be.

This is especially true with AI applications.  Simply put, these are some of the most revolutionary and potent pieces of technology ever created.  They are also some of the easiest to manipulate, steal, and extract value from, which can ruin an entire business model in a single day.  Why is that?

Let’s break down what an AI application is and how it’s made.  This can show us two interesting things.  First, it can highlight where bad actors can treat it like a stolen car, take it to a digital chop shop, and sell it for parts.  Second, it can show that where there are weak spots in the process, if they are treated correctly, we can find monetization avenues.  We can also see that with Web3, both protecting and monetizing AI pipelines is possible.  In fact, platforms like iExec are already beginning to show promise in this area.

AI Pipeline Under Threat

The first step to protecting these AI pipelines is to understand where they are most vulnerable, and unfortunately there are a number of spots that can be attacked.  

It starts with the data.  Being able to have the right data necessary to train an AI tool is absolutely critical, and often takes significant resources to obtain it.  Either a team has to collect it themselves across a wide range of inputs, or they have to purchase the data from a third party broker.  In either case, the data itself is extremely valuable, and being able to see the data can also gain key insights into how the platform will use its AI, how the AI architecture is structured, and how the AI might perform.  All of these are major competitive advantages, and for another party to have this insight is dangerous for the team building it.  The data simply must be protected, at all costs.

The threats don’t end there, however.  After a team collects the right data, they need to build an AI model that will use it and generate value.  This model must be built, then trained and tested with the data.  This is an iterative process the team will conduct to learn and improve the final model.  This process takes significant processing power, and labor, and the last thing the team wants is for someone else to poach off of this work.  However, if a team outsources this work to a provider that isn’t completely trustworthy (and these models often require huge resources to provide processing power), that provider could easily copy either the model, the inference, or the training results.  This is the real value of the AI project’s development, and would ruin the team’s unique value to their customers.  Finally, if a team is working with a provider, that provider could poach the results of a customer query.  Knowing that information could allow the poacher to steal customers, but also learn more about what customers are requesting (and what they are willing to pay for).  This is yet another advantage gone if that knowledge is compromised.

Protecting The Pipeline

As mentioned above, Web3 has a lot to offer an AI pipeline under threat.  Although it might not seem like it at first, Web3 and AI can work hand in hand quite well.  The key is with TEEs (Trusted Execution Environments), working in a decentralized space, and this is why platforms like iExec are leading in this area.  The data and model can both be encrypted from examination, but by using a TEE within a Web3 environment, the model can be operated on chain and transparently to its owner without anyone, including the processing provider, from seeing it.  Once the results of a query to an AI model are encrypted as well, only the customer who paid for the query (and the model owner) can benefit.

The iExec platform has a number of use cases showing how this process works, with one of the simplest showing how an AI image generator could be completely protected.  This currently isn’t the case with any of the large AI image generators, with much of the information available to others.  Even if you built your own AI image generator, whatever platform was running the model could have a significant advantage as they could see the data, model, and both inputs and outputs.  It wouldn’t take much for the provider to essentially copy the work and create their own.  If hosted on a secure platform, an AI image generator could be well protected.  This use case shows how this type of product protects user input queries through a TEE, which can’t be accessed.  

Other features can help streamline and monetize the process.  The DataProtector feature is designed to wrap up the data as a digital asset in order to both protect it from viewing or extraction by an unauthorized party, and as a digital asset allow it to be monetized if desired.  In terms of building/launching the use case app, the iApp Generator will take the protected pipeline and more easily convert it into a functional app, all within the security of the TEE.  In terms of ramping up higher levels of processing, firms like iExec offer powerful GPU usage in the form of Intel TDX, allowing users to operate the GPUs within the TEE.  For critical communication both during the development process and well beyond it, users can use a specialized Web3Mail tool that allows fully protected communication between Ethereum account holders (even without knowing their email address).  This ensures that both the pipeline itself, along with communication around it, are fully protected. 

Using all of these tools in concert, the TEE processes the AI image generation, and the result is encrypted but also stored on a decentralized network, which fully secures the end result for the user alone.  This creates a product that is not only secure, but is tamper-proof and censorship-resistant, which covers a great many threats.  

Trusted AI goes beyond securing data. Models must be tamper-proof.https://t.co/87iSNFYMMC

— iExec RLC (@iEx_ec) April 18, 2025

Looking Ahead

What’s the result of all this?  If well-protected using a Web3 infrastructure and well built TEEs, AI pipelines can be secured at every step.  This is a big deal because it allows monetization at each step without threat of poachers stealing the value.  A team could monetize the data itself, the model, the processing of the algorithm, or the outputs.  This builds many different options, and does so in an environment that has long been considered unsafe for easy-to-steal AI projects.  It shows that teams large and small can develop AI without having to own all the data, processing resources for development, and the platform to host the released product.  The AI pipeline is safe, protecting those who own it and who have put so much effort into building these innovative products.