An AI/ML pipeline is the full chain that turns data into model behaviour, from ingestion and preprocessing through training, deployment, inference, and retraining. In practice, it is not a single system but a set of linked stages whose combined trust boundaries determine security and governance outcomes.
Expanded Definition
An AI/ML pipeline is the operational chain that moves data through collection, cleaning, feature engineering, training, evaluation, deployment, inference, and retraining. In NHI security, the pipeline matters because each stage can introduce a distinct trust boundary, identity layer, and secrets exposure point.
Definitions vary across vendors on whether the pipeline includes only model development or also surrounding orchestration, CI/CD, and runtime monitoring. NHI Management Group treats the broader interpretation as the security-relevant one, because service accounts, API keys, tokens, and model artifacts often cross boundaries as the pipeline moves from experimentation to production. That makes the pipeline a governance object, not just an engineering workflow.
For a standards-oriented view of how security outcomes should be managed across the full lifecycle, the NIST Cybersecurity Framework 2.0 is a useful reference point for mapping control objectives across development and operations. The most common misapplication is treating the pipeline as a single build job, which occurs when teams ignore data provenance, inherited permissions, and retraining paths.
Examples and Use Cases
Implementing an AI/ML pipeline rigorously often introduces coordination overhead, requiring organisations to weigh faster model delivery against tighter controls on data, secrets, and deployment permissions.
- A data science team trains a fraud model in a notebook environment, but production deployment is blocked until the model registry, approval flow, and service identity are all reviewed.
- A retrieval-augmented generation system ingests internal documents, and the pipeline must verify that document permissions do not leak into embeddings or downstream inference.
- A MLOps platform uses short-lived credentials for model training jobs, reducing standing access while still allowing automated access to object storage and registries.
- An organisation investigates secret exposure after reviewing the Guide to the Secret Sprawl Challenge, then adds secret scanning to pipeline checkpoints.
- Teams harden CI/CD integration after seeing how the CI/CD pipeline exploitation case study shows attackers abusing build trust to reach model artifacts and credentials.
Industry guidance on secure development and runtime controls aligns with NIST Cybersecurity Framework 2.0, especially where pipeline automation depends on identity-bound access to data stores and inference services.
Why It Matters in NHI Security
The AI/ML pipeline is where NHI risk becomes concrete because credentials, service identities, and automation tokens are needed at multiple stages, often across different systems. When those identities are over-privileged, long-lived, or copied into scripts, the pipeline becomes an attack path rather than a delivery mechanism.
This is not theoretical. NHIMG research in LLMjacking: How Attackers Hijack AI Using Compromised NHIs shows that when AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes. The same research documented cases where AI-related exposure included more than one million sensitive records, illustrating how quickly pipeline compromise can scale into model, data, and secret compromise. Related reporting in the DeepSeek breach also shows how training data and exposed infrastructure can amplify the blast radius.
For practitioners, the lesson is that pipeline controls must cover identity, secrets, and artifact handling together, not as separate reviews. Organisations typically encounter the consequences only after a leaked token, poisoned dataset, or compromised build agent forces an incident response investigation, at which point the AI/ML pipeline becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Pipeline stages often fail through secret exposure and overprivileged machine identities. |
| NIST CSF 2.0 | PR.AC-4 | Pipeline access must reflect least privilege across build, train, deploy, and infer stages. |
| NIST Zero Trust (SP 800-207) | Zero trust treats every pipeline hop as untrusted until explicitly authorized. |
Inventory pipeline secrets, rotate exposed credentials, and bind each job to least-privilege NHI access.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
