Published May 1, 2026 | Version v1

Zero Trust Segmentation for Cloud-Native and AI Service Architectures: An Intelligent Policy Enforcement Framework to Minimize Lateral Movement

Authors/Creators

Description

Cloud-native architectures break the concept of a perimeter, making lateral movement a focus of concern for distributed enterprise systems. AI services add to the attack surface via east-west traffic. As every workload, every pipeline, and every model-serving endpoint is a potential attack pivot point, layering zero-trust segmentation controls across identity, network, workload, and data planes provides a complementary strategy that restricts lateral movement in modern cloud-native and AI environments. The paper proposes a micro-segmentation model, disassociating policy decision and policy enforcement components in the context of securing data flow networks. The proposed model leverages workload identity, explicit allow-listing of communication patterns, anda service mesh to achieve micro-segmentation. Another AI-specific segmentation model addresses the introduction of the LLM tool chain‚ vector databases‚ and agentic services into a system's trust boundaries. This model adopts operational governance‚ evidence generation‚ and alignment with the NIST SP 800-207 and AI Risk Management Framework as early design requirements for the implementation and operation of zero trust segmentation in regulated and critical services contexts. It allows security architects and platform leaders to implement solutions through structured evidence generation.

Files

document (43).pdf

Files (383.6 kB)

Name Size Download all
md5:37b64ddc1c1e7da1f3b6af2f025c4a82
383.6 kB Preview Download