A curated collection of security patterns, architectures, and topologies for AI and ML systems—practical, implementation-oriented guidance designed to help teams build secure, resilient AI applications.
As AI systems become increasingly autonomous and widespread, traditional security approaches often fall short. This repository provides practical security blueprints specifically designed for:
- Autonomous AI agents that make decisions and take actions
- Multi-agent systems requiring secure coordination
- LLM-powered applications with unique threat models
- Hybrid AI/traditional architectures with complex security boundaries
- ML pipelines and training infrastructure requiring protection
This repository includes:
- Security Patterns - Reusable solutions to common AI security problems
- Secure Topologies - Reference architectures for AI system deployment
- Implementation Guides - Step-by-step guidance for securing AI systems
- Educational Resources - Learning materials for AI security practitioners
| Pattern | Category | Version | Last Updated | Description |
|---|---|---|---|---|
| Ephemeral Agent Credentialing | IAM for AI Systems | v1.1 | 2025-11-26 | Secure authentication and authorization for short-lived AI agents using unique identities and task-scoped credentials |
Coming soon - Reference architectures for deploying AI systems securely
Coming soon - Step-by-step guides for implementing AI security controls
Coming soon - Learning materials and documentation for AI security practitioners
Note
Blueprints in this repository are under active development and community review. They represent emerging practices rather than established standards. Review carefully and adapt to your specific context.
Navigate to patterns/<pattern-name>/ to explore security patterns. Each pattern directory contains:
- README.md - Overview and latest version link
- versions/ - All pattern versions with change history
- Pattern document with:
- Problem statement and context
- Detailed solution architecture
- Implementation guidance
- Threat model and limitations
- References and related work
We welcome contributions from security practitioners, researchers, and engineers!
Ways to contribute:
- 📝 Propose a new pattern using the pattern template
- ✏️ Improve existing patterns
- 🔍 Review patterns and provide technical feedback
- 🐛 Report issues or suggest improvements
See CONTRIBUTING.md for detailed guidelines, including:
- Pattern template with required frontmatter
- Review process and checklist
- Versioning conventions
- How to get credit as a reviewer
- Read the blueprint - Understand the problem, solution, and tradeoffs
- Review the threat model - Ensure it matches your security requirements
- Check the implementation guide - Assess feasibility for your stack
- Adapt to your context - Blueprints are templates, not rigid rules
- Share feedback - Open an issue with your experience
Blueprints in this repository follow these principles:
- Implementation-oriented - Actionable guidance, not just theory
- Explicit about tradeoffs - Clear about what is and isn't addressed
- Threat-model driven - Specific about attacks defended against
- Production-informed - Based on real-world experience and proven technologies
- Versioned and evolving - Updated as practices mature
AI-Security-Blueprints/
├── patterns/
│ └── <pattern-name>/
│ ├── README.md # Pattern overview
│ └── versions/
│ ├── v1.0.md # Version history
│ └── v1.1.md # Latest version
├── .github/
│ └── ISSUE_TEMPLATE/ # Issue templates
├── CONTRIBUTING.md # Contribution guidelines
├── PATTERN_TEMPLATE.md # Template for new patterns
├── CHANGELOG.md # Repository change log
├── LICENSE # CC BY-SA 4.0
├── SECURITY.md # Security policy
└── README.md # This file
- Pattern filenames are versioned (e.g.,
v1.1.md) - Changes are made via pull requests
- Version history is maintained within each pattern
- CHANGELOG.md tracks repository-level changes
Blueprints in this repository may be at different maturity levels:
- Draft - Initial proposal, seeking feedback
- Under Review - Community review in progress
- Stable - Reviewed and validated, recommended for adoption
- Deprecated - Superseded by newer approaches
Important
Blueprint maturity indicates community review status, not production readiness for your specific use case. Always perform your own security assessment.
- OWASP Top 10 for LLM Applications
- NIST AI Risk Management Framework
- Cloud Security Alliance - AI Security
- SPIFFE/SPIRE Documentation
Unless otherwise stated, all patterns are licensed under CC BY-SA 4.0.
You are free to:
- Share - Copy and redistribute the material
- Adapt - Remix, transform, and build upon the material
Under the following terms:
- Attribution - Give appropriate credit
- ShareAlike - Distribute contributions under the same license
- Issues: Use GitHub Issues for bugs, questions, or pattern proposals
- Discussions: Share implementation experiences and ask questions
- Security: Report security concerns via SECURITY.md
Built by the community, for the community. Help us make AI systems more secure. Contribute today.