The use and reliance on AI is the biggest single growth area in technology. But AI is enormously energy-intensive and requires a new quality of data center.
The demand is fueling rapid growth in AI data center builds. The danger is that those building this new type of data center, at speed, do not readily understand the difference between traditional data centers and AI data centers – and the result is leaving the new AI data centers open to a new scale of risk.
Traditional data centers are primarily data processing warehouses serving a known clientele. AI data centers are more akin to high power data compute factories serving a larger and unknown clientele. Traditional data centers can comprise a series of independent servers, an AI data center must function as a single engine capable of massive parallel processing to handle a much greater computational demand. AI data centers simply cannot be built in the same way as traditional data centers.
Lava Labs has examined and now reports (PDF) on the security needs of AI data centers (The Top 10 Data Center and AI Infrastructure Security Risks) and concludes they are being built faster than they are being secured. Both traditional data centers and new AI data centers carry largely similar risks; but AI changes their exploitability and blast radius: “Systems originally designed for trusted operators are now supporting high-value, multi-tenant workloads from unrelated customers,” it notes.
The Lava Labs report lists the top ten AI data center and infrastructure security risks, naming them ‘Forge’ (because the purpose is to ‘harden the metal beneath the model’).
- Forge 01: firmware and hardware integrity compromise
- Forge 02: network and interconnect vulnerabilities
- Forge 03: unsafe multi‑tenant isolation and resource reuse
- Forge 04: insecure out‑of‑band management plane
- Forge 05: AI infrastructure supply chain compromise
- Forge 06: insecure facility and data center management systems
- Forge 07: insecure data and artifact handling
- Forge 08: certification gaps and provider transparency failures
- Forge 09: insecure operational infrastructure services
- Forge 10: vendor embargo gaps and patch velocity failures
The sequencing of these risks is primarily based on severity. Risks 01 to 05 operate below the operating system, are difficult to detect, and have a cluster-wide blast radius. Risks 06 to 09 are generally easier to detect and recover from. Risk 10 is the easiest to detect and remediate; and is the least likely to cause catastrophic tenant compromise.

The risks arise because the nature of AI breaks the basic trust model of traditional data centers. For 03, 07, and 08. AI introduces unrelated commercial tenants, high‑value workloads, and GPU nodes that are reassigned between customers.
For 01, 06 and 10, new hardware realities from the dense GPU clusters require complex firmware stacks, have extreme thermal sensitivity, and a larger blast radius for facility failures.
For 02, the required high performance fabrics such as InfiniBand, RoCE, RDMA, and NVLink are often unencrypted, poorly monitored, and highly privileged. Weak fabric isolation can expose paths to discovery, abuse, or lateral movement.
In 04 and 09, an operational concentration of privilege can result from a heavy reliance on BMC automation, Redfish/IPMI, firmware pipelines, and orchestration systems.
For 05 and 10, a scarcity of GPU processors often means that new AI data centers opt for processors that are less suitable, with weaker isolation that can lead to more likely supply chain compromise.
The functional purpose of Lava Labs analysis and report is threefold: to expose the unique risks of AI data centers; to prioritize the most severe risks, thus effectively providing a triage sequence; and to provide example attack scenarios and practical mitigations for those risks.
The moral from the Lava Labs analysis is, yes, you will need a new data center to feed your AI; but, no, you cannot use your existing data center model as a design blueprint.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay

Related: Trump’s New AI Plan Leans Heavily on Silicon Valley Industry Ideas
Related: Pentagon Paid Out $290,000 for Vulnerabilities in Air Force Data Center
Related: Intel TDX Connect Bridges the CPU-GPU Security Gap
https://www.securityweek.com/ai-data-centers-are-being-built-faster-than-they-can-be-secured/


