---
id: "claim-infrastructure-over-application"
type: "claim"
source_timestamps: ["\\\"§ Research", "Methodology", "and Findings\\\"", "§ 1. AI Infrastructure is the Real Attack Surface"]
tags: ["infrastructure", "paradigm-shift"]
related: ["concept-ai-infrastructure-attack-surface", "contrarian-application-security-insufficient", "quote-infrastructure-supply-chain-problem"]
confidence: "high"
testable: true
speakers: ["Hugo Huang"]
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# AI security is primarily an infrastructure and supply-chain problem, not an application problem

**Claim (confidence: high, testable):** Application safeguards are insufficient on their own — the true vulnerabilities of enterprise AI reside at the *foundation* of the stack (hardware, drivers, firmware, and supply chains). Patching at the application surface fails if the underlying architecture is compromised.

**Evidence in the source.** The conclusion rests on a two-pronged methodology: (1) empirical red-teaming — recreating enterprise AI deployments and testing them against poisoned data, compromised drivers, and related attacks; and (2) a survey of **500 executives** run with [[entity-google-d2|Google]] and [[entity-idc|IDC]]. See the anchoring concept [[concept-ai-infrastructure-attack-surface]] and the crystallizing quote [[quote-infrastructure-supply-chain-problem]]. The strongest form of the claim is the contrarian [[contrarian-application-security-insufficient]].

**Enrichment — where to hedge.** External grounding supports the *principle* that compromised infrastructure undermines applications, but pushes back on the *ranking*: the flagship [[concept-echoleak|EchoLeak]] case shows AI-layer logic and data scoping can be catastrophically vulnerable even when infrastructure is sound. A balanced expert treats AI security as **multi-layered** (infra + AI logic + data governance + identity); elevating infrastructure and supply chain to *primary* may under-state application- and data-layer responsibilities.
