Back to Feed
Cloud SecurityJul 16, 2026

AI Data Centers Are Being Built Faster Than They Can Be Secured

AI data centers built faster than secured, introducing ten new infrastructure security risks.

Summary

Lava Labs reports that AI data centers are being constructed at pace without adequate security measures, introducing risks fundamentally different from traditional data centers. The organization has identified the 'Forge' framework—ten prioritized security risks ranging from firmware integrity and multi-tenant isolation to supply chain compromise and patch velocity gaps. These risks arise because AI's computational demands and multi-tenant model break the trust assumptions underlying legacy data center security designs.

Full text

The use and reliance on AI is the biggest single growth area in technology. But AI is enormously energy-intensive and requires a new quality of data center. The demand is fueling rapid growth in AI data center builds. The danger is that those building this new type of data center, at speed, do not readily understand the difference between traditional data centers and AI data centers – and the result is leaving the new AI data centers open to a new scale of risk. Traditional data centers are primarily data processing warehouses serving a known clientele. AI data centers are more akin to high power data compute factories serving a larger and unknown clientele. Traditional data centers can comprise a series of independent servers, an AI data center must function as a single engine capable of massive parallel processing to handle a much greater computational demand. AI data centers simply cannot be built in the same way as traditional data centers. Lava Labs has examined and now reports (PDF) on the security needs of AI data centers (The Top 10 Data Center and AI Infrastructure Security Risks) and concludes they are being built faster than they are being secured. Both traditional data centers and new AI data centers carry largely similar risks; but AI changes their exploitability and blast radius: “Systems originally designed for trusted operators are now supporting high-value, multi-tenant workloads from unrelated customers,” it notes. The Lava Labs report lists the top ten AI data center and infrastructure security risks, naming them ‘Forge’ (because the purpose is to ‘harden the metal beneath the model’). Forge 01: firmware and hardware integrity compromise Forge 02: network and interconnect vulnerabilities Forge 03: unsafe multi‑tenant isolation and resource reuse Forge 04: insecure out‑of‑band management plane Forge 05: AI infrastructure supply chain compromise Forge 06: insecure facility and data center management systems Forge 07: insecure data and artifact handling Forge 08: certification gaps and provider transparency failures Forge 09: insecure operational infrastructure services Forge 10: vendor embargo gaps and patch velocity failures The sequencing of these risks is primarily based on severity. Risks 01 to 05 operate below the operating system, are difficult to detect, and have a cluster-wide blast radius. Risks 06 to 09 are generally easier to detect and recover from. Risk 10 is the easiest to detect and remediate; and is the least likely to cause catastrophic tenant compromise. FORGE IDs are ordered by severity, from highest to lowest. The matrix groups each risk by domain and shows its likelihood, impact, and detection difficulty. The risks arise because the nature of AI breaks the basic trust model of traditional data centers. For 03, 07, and 08. AI introduces unrelated commercial tenants, high‑value workloads, and GPU nodes that are reassigned between customers. For 01, 06 and 10, new hardware realities from the dense GPU clusters require complex firmware stacks, have extreme thermal sensitivity, and a larger blast radius for facility failures. Advertisement. Scroll to continue reading. For 02, the required high performance fabrics such as InfiniBand, RoCE, RDMA, and NVLink are often unencrypted, poorly monitored, and highly privileged. Weak fabric isolation can expose paths to discovery, abuse, or lateral movement. In 04 and 09, an operational concentration of privilege can result from a heavy reliance on BMC automation, Redfish/IPMI, firmware pipelines, and orchestration systems. For 05 and 10, a scarcity of GPU processors often means that new AI data centers opt for processors that are less suitable, with weaker isolation that can lead to more likely supply chain compromise. The functional purpose of Lava Labs analysis and report is threefold: to expose the unique risks of AI data centers; to prioritize the most severe risks, thus effectively providing a triage sequence; and to provide example attack scenarios and practical mitigations for those risks. The moral from the Lava Labs analysis is, yes, you will need a new data center to feed your AI; but, no, you cannot use your existing data center model as a design blueprint. Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay Related: Trump’s New AI Plan Leans Heavily on Silicon Valley Industry Ideas Related: Pentagon Paid Out $290,000 for Vulnerabilities in Air Force Data Center Related: Intel TDX Connect Bridges the CPU-GPU Security Gap Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Kevin Townsend Windows Bind Link Attacks Can Hide Malware From EDR ToolsHacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to RedemptionUK Government Rolls Out Agentic AI Defense Plan Alongside Industry PledgeCISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original ThinkerDecades-Old Bash Tricks Expose AI Coding Agents to Supply Chain AttacksHacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreatNew Enterprise-Ready MCP Specification Brings New Security ChallengesExclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk Latest News Two Scattered Spider Hackers Sentenced to Jail in UK‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process KillingOak Emerges From Stealth Mode With $60 Million in FundingSplunk, Zoom Patch Critical VulnerabilitiesF5 Patches Multiple NGINX, BIG-IP VulnerabilitiesChina’s Top Cybersecurity Firms Hit by Mounting Military Procurement BansOld UEFI Shims Expose Systems to Secure Boot BypassNightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveN-able has appointed Russell Rosa as Chief Revenue Officer.Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.F5 has appointed Cathy Peterman as Chief People Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfar

Entities

Lava Labs (vendor)InfiniBand (technology)RoCE (technology)RDMA (technology)NVLink (technology)Redfish/IPMI (technology)