Protect proprietary or unreleased AI mod…

BackHardware limitations on data center network connections

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Hardware limitations on data center network connections

Gipiskis (2024)|LLM classified

Mitigation Taxonomy

1AI System

1.2Non-Model

1.2.4Security Infrastructure

Cryptographic protections, access controls, and hardware security.

Also in Non-Model

1.2.1 Guardrails & Filtering1.2.2 Runtime Environment1.2.3 Monitoring & Detection1.2.5 Provenance & Watermarking

Definitionp. 44

Hardware-enforced bandwidth limitations on data center network connections can protect AI model weights from unauthorized access or exfiltration, by limiting the speed of model weight access on the connections between data centers and the outside world. Such limitations can be put in place in multiple ways, for example by only constructing connections with a specific bandwidth. The output rate on all data channels can be set low enough that copying the weights is possible in principle (e.g., to enable regular backups), but would take so long that an unauthorized exfiltration of the weights could be detected and prevented. Such rate-limiting is only effective if it applies to all output connections for all storage locations on which the weights of the model are stored [139].

LLM Classification Details

Reasoning

Hardware network isolation restricts data center connectivity, containing model execution environment.

Code: 1.2.2Version: v0.6Classified: Feb 6, 2026

Part of

Cybersecurity

Other mitigations from Gipiskis (2024) (112)

Model development

2.4 Engineering & Development

Lifecycle:Build and Use ModelActor:DeveloperAIRM:Unable to classify

Model development > Data-related

1.1 Model

Lifecycle:Collect and Process DataActor:Unable to classifyAIRM:Unable to classify

Model evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > General evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > Benchmarking

3.2.1 Benchmarks & Evaluation

Lifecycle:Other (outside lifecycle)Actor:DeveloperAIRM:Measure

Model evaluations > Red teaming

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

View all 112 mitigations from this source →

Source Document

Risk Sources and Risk Management Measures in Support of Standards for General-Purpose AI Systems

Gipiškis, Rokas; San Joaquin, Ayrton; Chin, Ze Shen; Regenfuß, Adrian; Gil, Ariel; Holtman, Koen (2024)

Organizations and governments that develop, deploy, use, and govern AI must coordinate on effective risk mitigation. However, the landscape of AI risk mitigation frameworks is fragmented, uses inconsistent terminology, and has gaps in coverage. This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AI risk mitigations and provide a common frame of reference. The Taxonomy was developed through a rapid evidence scan of 13 AI risk mitigation frameworks published between 2023-2025, which were extracted into a living database of 831 distinct AI risk mitigations.

View source DOI: 10.48550/arXiv.2410.23472

Classification

AI Lifecycle Stage

Other (stage not listed)

Applies to a lifecycle stage not captured by the standard categories

Responsible Actor

Infrastructure Provider

Entity providing compute, platforms, or tooling for AI systems

NIST AI RMF Function

Manage

Prioritising, responding to, and mitigating AI risks

Risk Domains

Primary

2.2 AI system security vulnerabilities and attacks

Other

4.2 Cyberattacks, weapon development or use, and mass harm