AI needs Security from the Start
The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) contributes its expertise to the new Bitkom paper “From Principles to Practice.” The article by Syrko Kulas and Philippe Krajsic demonstrates that trustworthy AI cannot be achieved through isolated measures. Rather, generative and agent-based systems require a holistic approach, as risks arise throughout the entire lifecycle and change dynamically.
The Cyberagentur is represented with a technical article in the new Bitkom paper “From Principles to Practice: Implementing Trustworthy & Responsible AI in the dimensions Security, Explainability, Fairness.” Syrko Kulas and Philippe Krajsic, research officers in the Key Technologies Department at the Cyberagentur, contributed content to the “Security” chapter. The white paper provides practical guidelines for companies and is aimed at decision-makers, developers, and those responsible for governance and compliance. It demonstrates how regulatory requirements can be translated into concrete measures and how AI systems can be operated securely, fairly, transparently, and sustainably.
The Cyberagentur’s contribution: AI systems create new vulnerabilities throughout their entire lifecycle—from manipulated training data and insecure supply chains to attacks during operation. Particularly critical are prompt injections and jailbreaks, as well as risks such as data poisoning, data leaks, and model extraction, exacerbated by external data sources and APIs. These threats can only be effectively mitigated through holistic security strategies, continuous monitoring, and centralized governance.
“With every new capability of AI, not only does its utility grow, but so does its attack surface: security must therefore be just as dynamic as the systems themselves and be approached holistically,” says Syrko Kulas, research officer in the Key Technologies Department at the Cyberagentur. “Agent-based AI systems, in particular, must be regarded as security-critical systems from the outset because they can not only issue recommendations but also trigger operational actions.”
A key priority is the shift from isolated protective measures to a systemic security architecture. Individual tools are not enough—what is needed are integrated concepts based on zero-trust principles, minimal access rights, continuous monitoring, and clear escalation mechanisms.
“AI security is not a feature you check once and then tick off the list. It is an ongoing monitoring task throughout the entire lifecycle of a system,” says Philippe Krajsic, research officer in the Key Technologies Department at the Cyberagentur. “It is crucial not to view risks in isolation, but to understand their interactions within the overall system.”
The Bitkom paper classifies security as one of three central dimensions of trustworthy AI, alongside explainability and fairness. For the Cyberagentur, the security perspective is a fundamental prerequisite: Only if AI systems are protected against targeted manipulation, data falsification, model misuse, and uncontrolled system effects can they be reliably deployed in business, government, and security-related applications.
With its contribution, the Cyberagentur underscores its role at the intersection of security research, technology foresight, and digital sovereignty—and the importance of secure AI as a strategic prerequisite for the future.