Steven Stuart logo

Emerging Technologies

📖 2 min read

Artificial Intelligence Security

AI systems introduce new attack surfaces that traditional security controls were not designed to protect against.

AI/ML Security Challenges

CISA and international partners released joint guidance on AI Data Security best practices in May 2025, highlighting critical risks across the AI lifecycle.

Key Security Concerns:

  • Data Poisoning: Malicious training data injection
  • Model Inversion: Extracting training data from models
  • Adversarial Examples: Inputs designed to fool AI systems
  • Prompt Injection: Manipulating AI system inputs
  • Model Theft: Unauthorized model replication

AI Security Best Practices

  • Secure AI Development: Security-by-design principles
  • Data Protection: Training data classification and access controls
  • Model Validation: Adversarial testing and validation
  • Runtime Protection: Input validation and output filtering
  • Monitoring: AI system behavior analysis

Cloud Security

Shared Responsibility Model

Cloud Provider Responsibilities

  • Physical security
  • Infrastructure security
  • Platform services security
  • Hypervisor and networking

Security OF the cloud

Customer Responsibilities

  • Data encryption and classification
  • Identity and access management
  • Application security
  • Network controls and firewall rules
  • Operating system and patches

Security IN the cloud

Misunderstanding Shared Responsibility Causes Breaches

Many cloud security breaches occur because organizations assume the cloud provider is responsible for all security. Understanding exactly where provider responsibility ends and customer responsibility begins is critical.

Cloud Security Challenges

  • Visibility: Limited insight into cloud infrastructure
  • Compliance: Meeting regulatory requirements in cloud
  • Data Location: Geographic and jurisdictional considerations
  • Identity Management: Federated identity and access management
  • Configuration: Secure cloud service configuration

Cloud Security Tools

  • Cloud Security Posture Management (CSPM): Configuration assessment
  • Cloud Workload Protection Platform (CWPP): Runtime workload security
  • Cloud Access Security Broker (CASB): Data protection and compliance
  • Container Security: Image scanning, runtime protection
  • Serverless Security: Function-level security controls

Internet of Things (IoT) Security

IoT Security Challenges

IoT Devices Are Often Security Weak Points

IoT devices frequently ship with default credentials, lack secure update mechanisms, and remain deployed for years without patches. These devices can become entry points for attackers to compromise entire networks.

  • Device Constraints: Limited processing power and memory
  • Update Management: Difficult firmware patching
  • Default Credentials: Weak or unchanged default passwords
  • Network Exposure: Direct internet connectivity
  • Device Lifecycle: Long deployment periods with minimal maintenance

NIST IoT Security Framework

NIST continues to develop IoT cybersecurity guidance, with foundational activities including:

  • Device Identification: Asset inventory and management
  • Device Configuration: Secure initial setup
  • Data Protection: Encryption and access controls
  • Interface Security: Secure communications
  • Software Updates: Secure update mechanisms
  • Cybersecurity State Awareness: Monitoring and logging

Blockchain and Distributed Systems

Smart Contract Security (OWASP Smart Contract Top 10 2025)

  1. Access Control Vulnerabilities: Poorly implemented permissions
  2. Arithmetic Issues: Integer overflow/underflow
  3. Unchecked External Calls: Reentrancy attacks
  4. Lack of Input Validation: Unvalidated user inputs
  5. Reentrancy Attacks: Callback exploitation
  6. Gas Limit Vulnerabilities: Resource exhaustion
  7. Weak Randomness: Predictable random number generation
  8. Privacy Issues: On-chain data exposure
  9. Logic Issues: Smart contract business logic flaws
  10. Denial of Service: Contract unavailability attacks

Blockchain Security Considerations

  • Consensus Mechanisms: Proof-of-Work vs. Proof-of-Stake security
  • Key Management: Private key security and recovery
  • Smart Contract Auditing: Code review and formal verification
  • Network Security: Node protection and communication security

Quantum Computing Implications

Post-Quantum Cryptography

  • Timeline: NIST standardization in progress
  • Impact: Current encryption algorithms vulnerable
  • Migration Strategy: Hybrid classical-quantum resistant systems
  • Standards:
    • NIST SP 800-208: Recommendation for Stateful Hash-Based Signature Schemes
    • NIST SP 800-232: Ascon-Based Lightweight Cryptography (released 2025)

Quantum-Safe Algorithms

  • Key Exchange: CRYSTALS-Kyber
  • Digital Signatures: CRYSTALS-Dilithium, FALCON, SPHINCS+
  • Hash-Based Signatures: XMSS, LMS
  • Implementation: Gradual transition and testing

Found this guide helpful? Share it with your team:

Share on LinkedIn