TL;DR: AI workloads running on HPC break assumptions built into deterministic security overlays, leaving gaps in monitoring, memory handling, supply-chain assurance, and runtime integrity checks, according to SentinelOne and cited research. The result is not just a scaling problem, but a governance failure: security controls designed for predictable compute cannot fully govern dynamic AI execution.
NHIMG editorial — based on content published by SentinelOne: AI workloads expose the gaps in HPC security overlays
By the numbers:
- Research across 41 studies found attack success rates exceeding 60 percent from manipulation of 100 to 500 training samples.
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems, according to the 2026 Infrastructure Identity Survey.
Questions worth separating out
Q: How should security teams govern AI workloads running on HPC systems?
A: Security teams should govern AI workloads as continuously changing execution environments, not as static batch jobs.
Q: Why do AI workloads break traditional HPC security assumptions?
A: AI workloads break traditional HPC assumptions because they can change behaviour during execution, rely on mutable model artifacts, and consume trusted supply-chain inputs that remain legitimate while carrying malicious intent.
Q: What do security teams get wrong about AI supply chain risk?
A: Many teams focus on signed code and forget that AI systems also depend on training data, checkpoints, and model weights.
Practitioner guidance
- Separate AI security monitoring from the workload itself Reserve dedicated CPU resources for behavioral monitoring so the protection layer cannot be starved, delayed, or filtered by the workload it watches.
- Extend provenance checks from software to model artifacts Track training data, intermediate checkpoints, and deployed weights as governed artifacts with clear ownership and integrity controls.
- Baseline normal AI behavior before enforcing detection Define expected CPU, GPU, memory, and network patterns for approved training and inference jobs, then alert on departures from those profiles.
What's in the full article
SentinelOne's full article covers the operational detail this post intentionally leaves for the source:
- Technical examples of the AI supply chain attacks against LiteLLM, Axios, and CPU-Z.
- The specific runtime monitoring architecture proposed for AI workloads on HPC systems.
- Discussion of behavioral AI detections and kernel-level monitoring considerations.
- The article's citations and research references on poisoning, side channels, and inference compromise.
👉 Read SentinelOne's analysis of AI workloads, HPC security gaps, and supply chain attacks →
AI workloads on HPC: what existing security controls miss?
Explore further
AI workloads expose an identity governance gap, not just an HPC tuning problem. The issue is not that existing controls are weak in general, but that they were designed for predictable execution rather than adaptive systems. Once a workload can accept updates, invoke automation, or change behaviour at runtime, the governance model has to account for machine identity, delegated access, and continuous trust. Practitioners should treat AI workload governance as a cross-domain identity problem rather than a pure infrastructure issue.
A few things that frame the scale:
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when AI workloads introduce corrupted outputs or unsafe actions?
A: Accountability sits with the teams that approve the workload, own the data and model lineage, and control the credentials that let automation publish, deploy, or update artifacts. In practice, that means platform owners, IAM teams, and model governance leads share responsibility for the trust chain, not just the security team.
👉 Read our full editorial: AI workloads expose the gaps in HPC security overlays