Is It the Model or the Harness? | Episode 54

In this episode of BHIS Presents: AI Security Ops, the team tackles a foundational question in modern AI security:Is the real risk in the model… or in the harness around it?For years, most conversations have focused on model behavior — prompt injection, refusals, alignment, and safety controls. But as AI systems evolve into full agents with tools, memory, and execution capabilities, the focus is shifting.Increasingly, the real security boundary isn’t the model itself — it’s the harness: the code, integrations, permissions, and workflows that give AI systems real-world power.And that shift has massive implications for how we think about AI risk.We dig into:• What “model vs. harness” actually means in practical terms• Why defenders often blame the model for issues caused by the harness• How agent architectures expand the attack surface beyond prompts• The role of tools, memory, and execution in modern AI systems• Why prompt injection is often a harness design failure• How real-world AI exploits increasingly target integrations, not models• The limits of model-level safety and refusal behavior• Why harness design is becoming the new security perimeter• How AI agents move from “text generators” to “action-takers”• What defenders should focus on when securing AI systemsThis episode explores a critical shift in AI security: the model might generate the response — but the harness determines the impact.⸻📚 Key Concepts & TopicsModel vs Harness• Model = core AI (weights, training, inference)• Harness = surrounding system (tools, APIs, execution layers)• Separation of generation vs. actionAI Security Risks• Prompt injection vs. system-level vulnerabilities• Misplaced trust in model-level protections• Expanding attack surface through integrationsAgent Architectures• Tool use, memory, and multi-step reasoning• Code execution and external system access• Transition from passive models to active agentsDefensive Strategy• Securing the harness as the primary control layer• Limiting permissions and external integrations• Designing safe execution environments for AIAI Safety vs Security• Refusal behavior and alignment limitations• Why safety ≠ security in agent systems• Need for defense-in-depth beyond the model#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #AIAgents #InfoSec #BHIS #AppSec #aiarchitecture ----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: AI Security Ops & Episode Setup (00:26) - The Core Question: Model vs Harness (02:08) - Defining the Model: What It Actually Does (05:02) - Defining the Harness: Tools, Code & Capabilities (06:56) - Why Security Is Shifting Toward the Harness (13:05) - Being Secure and Being useful (16:20) - AI Agents, Tooling & Expanding Attack Surface Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.