Episode Details

In this episode of BHIS Presents: AI Security Ops, the team tackles a foundational question in modern AI security:

Is the real risk in the model… or in the harness around it?

For years, most conversations have focused on model behavior — prompt injection, refusals, alignment, and safety controls. But as AI systems evolve into full agents with tools, memory, and execution capabilities, the focus is shifting.

Increasingly, the real security boundary isn’t the model itself — it’s the harness: the code, integrations, permissions, and workflows that give AI systems real-world power.

And that shift has massive implications for how we think about AI risk.

We dig into:
• What “model vs. harness” actually means in practical terms
• Why defenders often blame the model for issues caused by the harness
• How agent architectures expand the attack surface beyond prompts
• The role of tools, memory, and execution in modern AI systems
• Why prompt injection is often a harness design failure
• How real-world AI exploits increasingly target integrations, not models
• The limits of model-level safety and refusal behavior
• Why harness design is becoming the new security perimeter
• How AI agents move from “text generators” to “action-takers”
• What defenders should focus on when securing AI systems

This episode explores a critical shift in AI security: the model might generate the response — but the harness determines the impact.

⸻

📚 Key Concepts & Topics

Model vs Harness
• Model = core AI (weights, training, inference)
• Harness = surrounding system (tools, APIs, execution layers)
• Separation of generation vs. action

AI Security Risks
• Prompt injection vs. system-level vulnerabilities
• Misplaced trust in model-level protections
• Expanding attack surface through integrations

Agent Architectures
• Tool use, memory, and multi-step reasoning
• Code execution and external system access
• Transition from passive models to active agents

Defensive Strategy
• Securing the harness as the primary control layer
• Limiting permissions and external integrations
• Designing safe execution environments for AI

AI Safety vs Security
• Refusal behavior and alignment limitations
• Why safety ≠ security in agent systems
• Need for defense-in-depth beyond the model

#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #AIAgents #InfoSec #BHIS #AppSec #aiarchitecture

----------------------------------------------------------------------------------------------
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

• (00:00) - Intro: AI Security Ops & Episode Setup
• (00:26) - The Core Question: Model vs Harness
• (02:08) - Defining the Model: What It Actually Does
• (05:02) - Defining the Harness: Tools, Code & Capabilities
• (06:56) - Why Security Is Shifting Toward the Harness
• (13:05) - Being Secure and Being useful
• (16:20) - AI Agents, Tooling & Expanding Attack Surface