Technology Overview

The AI technology stack for commerce — foundational models, agentic AI, LLMs, privacy & security, investment costs, and what comes next — based on Book Part 5 of the AI Best Practices for Commerce reference.

Section 5 of 863% complete

Privacy & Security

Foundational principles for responsible AI systems

Security Threat Landscape

Security in AI environments encompasses traditional software threats and novel attacks specific to the statistical properties of machine learning. Adversarial examples remain one of the most widely recognized threats. These attacks manipulate inputs so subtly that humans cannot detect any difference, yet the model’s output changes dramatically. This exposes the fragility of decision boundaries within trained models. For systems deployed in critical domains—autonomous navigation, medical diagnostics, access control, or content moderation—adversarial vulnerabilities can translate into real-world harm.

Data poisoning represents a more insidious threat. When attackers introduce corrupted or malicious data into the training or fine-tuning pipeline, they can manipulate the resulting model’s behavior. These manipulations often remain dormant until triggered by a specific input pattern. A poisoned model may respond correctly in most situations but behave unpredictably or maliciously when encountering certain triggers. Detecting such backdoors in large-scale models is extremely challenging, especially when multiple organizations or datasets contribute to the training process. Moreover, AI systems that incorporate user feedback as part of continuous learning must design robust safeguards to prevent attackers from gradually steering the model toward harmful behavior.

Generative AI systems introduce a new class of attack vectors. Prompt injection manipulates the model through crafted input that overrides or subverts initial system instructions. This can lead to the disclosure of hidden context, execution of unintended operations, or exposure of sensitive information stored within the model’s internal state or integrated tools. Indirect prompt injection extends this threat beyond the user: Malicious instructions embedded in external content such as web pages or documents can deceive the model into treating them as legitimate directives. When models act as autonomous agents, capable of performing online searches, writing files, invoking APIs, or modifying resources, these vulnerabilities create a pathway from crafted text to real-world system impact.

Model extraction attacks target the intellectual property embedded in proprietary AI systems. Through repeated queries, attackers can approximate the model’s logic, creating a surrogate that mimics its behavior. This threatens competitive advantage, weakens protection against adversarial examples, and can even reveal characteristics of the underlying training data. Organizations that deploy proprietary AI behind APIs must therefore design rate limits, output obfuscation strategies, and behavioral monitoring tools that detect unusual patterns indicative of extraction attempts.

Shadow AI introduces organizational risks that are harder to detect but equally dangerous. Employees who use external AI platforms without governance controls may inadvertently upload sensitive documents, proprietary strategies, customer details, or internal emails. This creates uncontrolled data flows that bypass security policies, making audits and incident response extremely difficult. Organizations must manage not only the technology but also the human behaviors that shape AI adoption, ensuring that enthusiasm for experimentation does not compromise safety.

Together, these threats highlight the need for specialized security engineering practices tailored to AI, including adversarial testing, model hardening, access control for training data, and ongoing behavioral audits during deployment.

AI Security Threat Map
AI Security Threat Map
AI Security Threat Map
Model Attacks
  • Adversarial examples: subtle input manipulation causes boundary misclassification
  • Data poisoning: corrupted training data creates hidden backdoors
  • Model extraction: surrogate model creation via repeated queries (IP theft)
Generative AI Attacks
  • Prompt injection: crafted input overrides system instructions
  • Indirect injection: malicious instructions in web pages or documents
  • For agents: text → real-world system impact (files, emails, APIs)
Defenses
  • Secure training pipeline with data validation
  • API hardening: rate limits, output obfuscation, behavioral monitoring
  • Adversarial testing before and during deployment
  • Anomaly detection on usage patterns
🌐
Source: AI Best Practices for Commerce, Section 5.5
Share

Last updated: March 12, 2026