Securing AI at the Endpoint

On-device AI has huge benefits. But it also comes with cyber risk. Let's talk about how to position your organization securely to take advantage of AI innovation at the endpoint.

The attack surface of on-device AI

Emerging technologies often come with cybersecurity challenges due to their novelty. On-device AI is no exception. The key to mitigating risk, as always, is to shed light on the unknown. Before we can talk about what security we need to minimize the attack surface, it helps to talk about whatwe are securing and why. Think about this like a system of pipes in a commercial building. These pipes carry water, gas, etc. for a variety of use cases. If the matter flowing through the pipes is contaminated or interrupted, it can't do its job. If the pipes carrying the matter are damaged or corrupted, they can't do their job. Bringing it back to AI at the endpoint:

• The pipes are your infrastructure - your PCs, your corporate networks. The how and whereyou work.
• The contents flowing through the "pipes" are the data, apps and models that fuel various AI use cases. The assets and resourcesyou need to do your work.

Cyber adversaries target both. They may steal IP to hold for ransom or poison data or models to impact operations. In any case, the consequences can be severe, leading to financial and reputational damage and/or triggering regulatory reviews.

Security risks of AI at the endpoint

Now, we'll talk about methods attackers might use to access both targets:

• Device compromise. Endpoint devices are frequent targets in cyberattacks. Supply chain attacks-like tampering with circuitry or firmware-can introduce risk before devices even reach organizations. Imagine the pending disaster of an investment firm receiving a brand-new shipment of PCs with counterfeit components.

• Identity compromise.Stolen or compromised credentials are a growing threat vector. Attackers using valid credentials can infiltrate networks and stay undetected for months, putting sensitive models and data at risk. With Generative AI (GenAI) now enhancing phishing techniques, these breaches remain costly and difficult to contain.

• Insider threat. Recent research shows, compared to other vectors, malicious insider attacksresulted in the highest costs, averaging USD 4.99 millionper attack. Keep in mind, insider attacks can happen across the hardware supply chain, software supply chain and model supply chain.

What mitigates the risk of on-device AI and how Dell helps

None of these attack targets or methods are fundamentally new. As always, focus on keeping your fleet secure and resilient. Layering on countermeasures can help reduce the attack surface and shed light on any suspicious behavior immediately.

A zero trust mindset will mitigate risk across your fleet. These principles-never trust, always verify and monitor continuously- help keep you ahead of attackers.

Adopt a zero trust mindset and implement multiple layers of defense to mitigate the risk of a breach.

Adopt a zero trust mindset and implement multiple layers of defense to mitigate the risk of a breach.

With that framework in mind, reassess your infrastructure… especially systems and processes that interact with AI. What countermeasures minimize the risk of device compromise, identity compromise and insider threat?

Foundational security for on-device AI workloads

"Below-the-OS" security protects the AI devices you work on. We can break this into two parts:

• Defend your fleet with devices that aresecure by design- i.e., they were developed with secure design principles and in a secure supply chain.
• Defend your fleet with devices that have built-in security. Secure AI PCs include layers of embedded protection that provide visibility - down to the BIOS - right out of the box.

That's how our technologists devise and design the security of our commercial AI PCs. Secure design, robust supply chain controls and optional supply chain assurance help ensure PCs are secure from first boot. Built-in hardware and firmware security keeps the PC protected from tampering and unauthorized access while in-use.

"Above-the-OS" security protects access to AI models. Defend the data and models that you work with and corporate networks you work in with software security. It is essential to protect machine learning security operations and monitor network traffic of deployed AI workloads. Dell's partner solutions, e.g., CrowdStrike Falcon XDR and Absolute Secure Access, apply zero trust principles to safeguard AI model supply chains. With granular access controls like role-based permissions, organizations can prevent unauthorized access and protect sensitive assets.

All of this together - above and below the OS - is Security for AI.

Secure the use of AI both above and below the OS with Dell Trusted Workspace.

Secure AI at the Endpoint with Dell Trusted Workspace

AI holds immense promise, though many businesses lack the readiness to fully leverage it.

An analysis of millions of devices revealed a PC population unable to absorb new AI capabilities broadly. Source: 2025 Absolute Resilience Risk Index.

Dell can help bring it all together. Develop and deploy AI models on a secure foundation with Dell Trusted Workspace. Upgrade to Dell Pro or Dell Pro Max to unlock security benefits and defend AI workloads with the world's most secure commercial AI PCs.*

Contact: Reach out to Dell's security specialists.

*Based on Dell internal analysis, October 2024 (Intel) and March 2025 (AMD). Applicable to PCs on Intel and AMD processors. Not all features available with all PCs. Additional purchase required for some features. Intel-based PCs validated by Principled Technologies. A comparison of security features, April 2024.