Jun 4
/
Latest News
ETSI Releases New Security Specification for AI Computing Platforms
ETSI has published TS 104 033, a new technical specification that sets out security requirements for AI computing platforms used in data centers and edge environments.
The standard establishes a comprehensive security framework covering the functions, components, interfaces, and services needed to protect AI models, datasets, training processes, and inference workloads.
Scott Cadzow, Chair of the ETSI Technical Committee on Securing AI, said the release builds on earlier framework work and represents a major step toward defining concrete, actionable requirements for the platforms that host AI systems. AI computing platforms provide the compute, storage, networking, and software needed to support AI workloads throughout their lifecycle, often incorporating specialized accelerators such as GPUs and NPUs.
The specification organizes its requirements around identity and access control, data protection, integrity protection, auditing, incident response, and resilience. It reinforces the principle of least privilege, prohibits remote access to root‑level accounts, and requires secure boot mechanisms to ensure system components have not been tampered with. Platforms must protect data in transit and at rest, support backup and recovery, and safeguard configuration information needed for system restoration.
TS 104 033 also addresses risks unique to AI environments. AI models and datasets must remain protected while stored, transmitted, and processed. Shared accelerators must enforce isolation between users and workloads. Platforms should detect attacks targeting inference processes, securely store AI‑related logs for auditing and forensics, and support recovery of training activities after failures or cyberattacks. The goal is to maintain service availability and ensure trustworthy AI operations even under abnormal conditions.
The specification also defines security services that protect AI assets throughout their lifecycle, including encryption, integrity verification, tenant‑specific key management, hardware‑bound decryption, and isolation of accelerator resources. These services help preserve the confidentiality, integrity, availability, and traceability of AI systems.
Inference attack detection is included to identify attempts to extract sensitive information or compromise models, while training recovery capabilities reduce the risk of lost work. Model Bill of Materials support provides verifiable records of model development and training history to aid auditing and forensic investigations.
To enable these protections, the framework outlines mechanisms for establishing confidential computing environments for AI workloads and securing communication between them. These include encryption and decryption of AI assets, confidential execution environments, isolation of accelerator resources, detection of inference‑targeted attacks, protection of AI‑related logs from tampering, and proof functions that verify the integrity and authenticity of model‑related information.
The new specification is intended to serve as a foundation for secure AI operations as organizations increasingly deploy AI systems across both centralized and distributed computing environments.
The standard establishes a comprehensive security framework covering the functions, components, interfaces, and services needed to protect AI models, datasets, training processes, and inference workloads.
Scott Cadzow, Chair of the ETSI Technical Committee on Securing AI, said the release builds on earlier framework work and represents a major step toward defining concrete, actionable requirements for the platforms that host AI systems. AI computing platforms provide the compute, storage, networking, and software needed to support AI workloads throughout their lifecycle, often incorporating specialized accelerators such as GPUs and NPUs.
The specification organizes its requirements around identity and access control, data protection, integrity protection, auditing, incident response, and resilience. It reinforces the principle of least privilege, prohibits remote access to root‑level accounts, and requires secure boot mechanisms to ensure system components have not been tampered with. Platforms must protect data in transit and at rest, support backup and recovery, and safeguard configuration information needed for system restoration.
TS 104 033 also addresses risks unique to AI environments. AI models and datasets must remain protected while stored, transmitted, and processed. Shared accelerators must enforce isolation between users and workloads. Platforms should detect attacks targeting inference processes, securely store AI‑related logs for auditing and forensics, and support recovery of training activities after failures or cyberattacks. The goal is to maintain service availability and ensure trustworthy AI operations even under abnormal conditions.
The specification also defines security services that protect AI assets throughout their lifecycle, including encryption, integrity verification, tenant‑specific key management, hardware‑bound decryption, and isolation of accelerator resources. These services help preserve the confidentiality, integrity, availability, and traceability of AI systems.
Inference attack detection is included to identify attempts to extract sensitive information or compromise models, while training recovery capabilities reduce the risk of lost work. Model Bill of Materials support provides verifiable records of model development and training history to aid auditing and forensic investigations.
To enable these protections, the framework outlines mechanisms for establishing confidential computing environments for AI workloads and securing communication between them. These include encryption and decryption of AI assets, confidential execution environments, isolation of accelerator resources, detection of inference‑targeted attacks, protection of AI‑related logs from tampering, and proof functions that verify the integrity and authenticity of model‑related information.
The new specification is intended to serve as a foundation for secure AI operations as organizations increasingly deploy AI systems across both centralized and distributed computing environments.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.