Secure-by-Design AI: Protecting MLOps in the Microsoft Cloud with Martin Dimovski [MVP-MCT]

In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, MCT, cloud security expert, and community leader Martin Dimovski to explore one of the most important topics in modern enterprise IT: securing AI workloads and MLOps environments inside the Microsoft Cloud. Together, they dive deep into secure-by-design architecture, AI security risks, DevSecOps, Prompt Injection attacks, identity protection, Microsoft Defender, GitHub Advanced Security, and the future of AI-driven cyber threats. Martin shares his personal journey from IT support engineer into cloud security and AI security architecture, explaining how years of experience in infrastructure, Azure, DevOps, and Microsoft technologies ultimately pushed him toward cybersecurity and AI governance. The discussion highlights why AI security is no longer optional and why organizations that move too fast without proper security foundations could face major problems in the coming years.

WHY AI SECURITY MATTERS NOW MORE THAN EVER

One of the strongest themes throughout this episode is the speed at which organizations are deploying AI systems without fully understanding the security implications behind them. Martin explains that many companies are currently:

• Deploying AI solutions rapidly
• Experimenting with LLM integrations
• Building AI agents
• Creating cloud-native AI workloads
• Using open-source AI models
• Integrating APIs into production environments

But at the same time, organizations often forget the security fundamentals that should protect these environments. The conversation explores how AI introduces completely new attack surfaces while simultaneously amplifying existing security problems.

WHAT “SECURE-BY-DESIGN” REALLY MEANS

A major focus of the episode is understanding the concept of secure-by-design architecture. Martin explains that security should never be added after development is complete. Instead, security conversations must begin at the very first design phase of any application or AI project. The discussion covers:

• Threat modeling
• Architectural reviews
• Identity security
• Authentication planning
• Secure pipelines
• Infrastructure protection
• Secure APIs
• Data governance

Martin shares why collaboration between developers, architects, DevOps engineers, and security teams is absolutely essential for building resilient AI systems. One of the key takeaways:
Security teams should not become blockers for innovation — they should become partners in building secure systems.

UNDERSTANDING MLOPS & DEVSECOPS

For listeners newer to AI infrastructure topics, Martin breaks down the differences between:

• DevOps
• DevSecOps
• MLOps
• Secure AI pipelines

The episode explains how machine learning operations combine infrastructure, automation, data engineering, model deployment, and monitoring into one continuous operational process. Martin also highlights why traditional security approaches are no longer enough once organizations start integrating:

• Large Language Models
• AI agents
• Cloud AI services
• AI APIs
• AI orchestration pipelines

The discussion shows how modern security must now cover not only infrastructure and applications, but also models, prompts, training data, inference pipelines, and AI-generated outputs.

THE REAL DANGER OF PROMPT INJECTION

One of the most fascinating parts of the episode is Martin’s explanation of Prompt Injection attacks. Using simple real-world analogies, Martin explains how attackers manipulate Large Language Models by overriding or bypassing original system instructions. The conversation explores:

• Direct Prompt Injection
• Indirect Prompt Injection
• AI manipulation
• LLM instruction abuse
• Malicious prompts
• Unsafe AI agents
• Context hijacking
• Data extraction risks

Martin explains why prompt injection is becoming one of the most discussed attack vectors in AI security today and why organizations need to start thinking about AI trust boundaries immediately.

THE HIDDEN RISK OF OPEN-SOURCE MODELS

Another major topic is the increasing use of publicly available AI models. Martin shares concerns around:

• Downloading unverified models
• Compromised Hugging Face repositories
• Malicious AI packages
• Unsafe dependencies
• Supply-chain attacks
• API key exposure
• Secret leakage
• Public model poisoning

The discussion highlights how organizations may unknowingly introduce compromised models directly into production environments. This section serves as a major warning for companies rushing into AI adoption without proper governance and validation processes.

WHY IDENTITY SECURITY IS EVERYTHING

Identity and access management become another core theme throughout the episode. Martin strongly emphasizes the importance of:

• Microsoft Entra ID
• Privileged Identity Management
• Just-In-Time access
• Least privilege
• Identity governance
• Access reviews
• Role separation
• Conditional Access

One of the strongest lessons from the conversation is that attackers often do not need to break systems — they simply abuse existing permissions and weak access configurations. Martin explains why organizations should avoid giving permanent privileged access and instead embrace short-lived administrative permissions wherever possible.

MICROSOFT DEFENDER & AI SECURITY

The episode also dives deeply into the Microsoft security ecosystem and how Microsoft Defender is evolving to protect AI workloads. Martin discusses:

• Microsoft Defender for Cloud
• Defender XDR
• AI workload monitoring
• Real-time scanning
• Azure AI Foundry protection
• Threat visibility
• Security telemetry
• Cloud-native protection

According to Martin, Microsoft Defender is becoming one of the most powerful unified security platforms for organizations heavily invested in Microsoft technologies. 

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365–6704921/support.