Defense in Depth

What this means in practice

Layers may include network security, application security, data encryption, access controls, model integrity monitoring, input validation, output filtering, and audit logging. For organizations deploying AI, defense in depth is essential because AI systems have diverse attack surfaces and no single security control can protect against all threats. In COMPEL, defense in depth is a core principle of the AI Security Architecture framework in Module 3.3, Article 5, and is assessed as part of the Technology pillar maturity evaluation during the Calibrate stage.

Why it matters

AI systems have diverse attack surfaces, and no single security control can protect against all threats. Defense in depth ensures that if any single layer is breached, other layers continue to provide protection. Organizations that rely on a single security mechanism face catastrophic exposure when that mechanism fails, while layered defenses provide resilience against the evolving threat landscape targeting AI systems.

How COMPEL uses it

Defense in depth is a core principle of the AI Security Architecture framework in Module 3.3, Article 5. During Calibrate, COMPEL assesses existing security layers under the Technology pillar. The Model stage designs layered defenses including network security, access controls, model integrity monitoring, and audit logging. The Produce stage implements these layers, and the Evaluate stage tests their effectiveness through security assessments.

Related Terms

Other glossary terms mentioned in this entry's definition and context.

• AI Security Architecture
• Calibrate Stage
• Evaluate Stage
• Model Stage
• Produce Stage
• Resilience