A security engineer from a traditional software background argues that AI security concerns are exaggerated — "as long as we validate inputs and outputs and keep the API secured, the model itself is not an attack surface."
Write a response that explains, using concrete examples, three ways in which the model itself is an attack surface that input/output validation alone cannot protect against. For each:
- Name the attack class
- Describe a specific scenario (with the actual input and impact)
- Explain why input/output filtering specifically fails to catch it
- Reference the underlying property of AI systems that creates the vulnerability (non-determinism, emergent behavior, training data memorization, etc.)
Conclude with a short paragraph framing the right mental model for how AI security extends — rather than replaces — traditional security.