---
id: "action-harden-underlying-architecture"
type: "action-item"
source_timestamps: ["\\\"§ Research", "Methodology", "and Findings\\\"", "§ 1. AI Infrastructure is the Real Attack Surface"]
tags: ["infrastructure", "zero-trust"]
related: ["concept-ai-infrastructure-attack-surface", "framework-four-imperatives-ai-security"]
action: "Extend zero-trust principles to AI infrastructure, including GPUs, TPUs, drivers, and firmware."
outcome: "Mitigation of system-level exploits that bypass application-layer defenses."
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Harden the Underlying AI Architecture

**Action:** Extend **zero-trust** principles to AI infrastructure — GPUs, TPUs, drivers, and firmware.
**Expected outcome:** Mitigation of system-level exploits that bypass application-layer defenses.

Shift security focus from patching at the application surface to hardening the underlying architecture. Build **dedicated security teams for AI infrastructure** and extend zero-trust to the *full* AI stack. This is Imperative 1 of the [[framework-four-imperatives-ai-security]], grounded in [[concept-ai-infrastructure-attack-surface]].
