Failure Pattern
AI models trust the data and requests they receive without verifying the identity of the workload producing them.
What We See in the Field
A compromised node sends poisoned data or manipulates feature pipelines. AI models ingest malicious input because the source appears legitimate.
Underlying Causes
No identity layer in data pipelines
Overprivileged ingestion jobs
Blind trust in upstream systems
Static credentials reused
Lack of session verification
Trust-Native Network Resolution
DTL enforces identity at the data pipeline boundary. Models accept input only from workloads with verified TrustKeys, reducing poisoning risk.
Broken Trust Assumption
The attacks that exposed this failure pattern were not stealthy break-ins. They were trusted operations.
During incidents such as SolarWinds, Capital One, and Okta, malicious activity was carried out using valid identities and approved execution paths. Certificates were valid. Tokens were accepted. Sessions were authenticated. From the system’s point of view, nothing appeared wrong.
This is the risk of trust inferred from credentials, location, or prior authentication.